Forum OpenACS Q&A: Response to Security: Hacker sends Viruses
Disconnecting your network connection as soon as possible is what I would suggest if it's not already been done, but first issue a "netstat -a|less" and look for suspicious connections established.
You might also want to review the log files in /var/log.
Check /root/.bash-history as well...
If the abuser has gained root access really all you can do is blow out the entire RedHat installation and do a fresh install/restore. This time preferably behind some kind of firewall.