Eggdrops in general are just somthing people install.
Have alook around your logs, what user does the bot run as. Was it installed via a webshell, most common these days, did someone bruteforce a login, or just simply guess one.
Once you have figured out how they got in, then you sould patch whatever needs done, and then proceede to removing any offending files. Make sure you trace EVERYTHING that was done, in most cases its just simple wget, compile, start and leave.
If they used a proxy, check out the eggdrop logs, I can tell you from expereince 90% of the idiots that install things like that never use socks proxys on irc, even though they use webproxys.
Just have alook around, your server should have logs of everythign if you look properly, just the matter of finding out how to read them properly.
Server Management - AdminGeekZ.com Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: [email protected]