You have been running TripWire, and have found a malicious Trojan. You do not know what accounts have been compromised.
Research the Trojan, find out as much as you possibly can from it. Use real-time forensics to try and figure out:
What it is?
Does it have any friends?
What is it doing?
Once you have done this, and feel that you are ready, contact the teacher with your information. If he feels you are ready, you can attempt to kill the process (or processes) that are affected.
If you have successfully found and killed the trojan, reboot into Knoppix. Be sure to not enable networking as you boot into Knoppix (press F2 at the boot screen to see the options) so as to keep your system "dead" from the network.
chroot into your installation and change the password for the administrator. Also, disable all other accounts on the machine.
Disable all running services, as you do not know which (if any) have been compromised, and set up a very restrictive firewall to run at boot (one that does not allow any incoming or outgoing traffic).
Finally, archive the trojan in an encrypted file for later examiniation.
Once you have done this, you now control your system again and the repairs can begin. You do not need to perform these repairs in class.
