I find that when you do an upgrade, any hacked binaries get overwritten, mergemaster should point out any diffs. I discovered that telnetd had been deleted by the hacker, on the 3 machines concerned, I can't think why, perhaps the bot binary intercepts port 23? I will run it up on an isolated...