Background:
We scanned the system and the Malware Detection SW did not find any thing it 
could identify.   It took most of the night to finish a couple T bye size 
disks.
It flagged one file in a users directory as suspect but when we examined it 
was a lot C code for data reduction.
The users & app files were on another disk.  It was unplugged and we reloaded 
5.10 and that caused a little bit of problem.   Undocumented as to what it 
was.   Reloaded 5.5 and then upgraded it to 5.10 - worked.  
It has been a pain to get the analysis and cad programs that needed special 
libs to function back on line.
Our book keeping was inadequate and we had to resort to the braille method.
One we reloaded the box and plugged the user disk and data disks back in 
things are starting to function pretty well.
One thing we did was to put all application tar files on a directory on 
separate disk from the OS.  Now we have a copy of "var"   In hindsight we 
should have put /usr/local on a separate disk along with /opt.

Not being able to find a finger print sort of left us very gun shy about what 
we allow in plant.
Since this was an open server and it grew like a bad weed and we knew it was 
going to happen but never in a bad dream would we have guessed what it was 
doing.   We will never know what it sent or received.

Thank for the advice and expert help.
This problem took a lot of time to fix and recover data.
Everything on this box was saved on "CrashPlan" -  I think we need to dump 
data in back up and start over.   Back up may have the same problem and you 
get it back when you restore files.  

Larry Linder