Possible Duplicate:
My server's been hacked EMERGENCY
I am seeing strange tcp connection 149.9.1.16:ircd ans it is running perl service and that process is creating huge load on server IPV4 TCP 3u MYIP:58449 -> 149.9.1.16:ircd ESTABLISHED
can i know is this malware or any other service running and eating my server resources My os details are centos5.5
If this isn't something you are expecting then it is most likely malware. Your only real solution is to shut the system down. Get an image for later analysis. Nuke the system from orbit then restore from a known good backup - it's the only way to be sure.
That's bad - it looks like your server is a part of botnet.
If you don't know where proces runs, check some info about it ('pid' is process id):
ls -l /proc/'pid'/fd cat /proc/'pid'/cmdline
Find bad script and kill it. I guess, it's located in /tmp, /var/tmp or defined temporary directory for your webserver. It's a good chance, that script was uploaded via bad coded webpages; find it and repair.
