Both of you are still missing a basic point in the security of this server..

Just by brute-forcing an FTP password does not provide 'root' equivalency. What was the transition from FTP to root/shell access? Just uploading a file to a compromised FTP account wont provide 'root' access. There had to be some other situation that lent itself to compromising root.

At any rate, the point is moot. Penguin really needs to isolate the system, understand what went wrong and start over - following the suggestions provided thus far.