Locate these file names in the server to find exploits. securenobody is also another good tool to find any suspecious files on the server. You can get the details here securenobody

.psy
c99
r57
krad3
dc.pl
randhtml.cgi
r0nin
SpIcA.php
s4.sh
makesalt
xh
fuck
plekih
y2kupdate
run-maker
psybnc
yac
r00t
brute
trybind
x496
tsig
woot-exploit
getaddr.sh
forcer
doit
wus
tryftpd
pre123
bscan
lpd1
trylpd
scanssh
nenen
scan.pl
psybnc.conf
salt.h
psybncchk
saop2.txt
dc.txt
bd.pl
A.txt
krad
bbfunc.php
emailer.php