[v6] is generally "just" a php exploit. Whiel you may be rooted chances are you are not. If you look in ps -auxf for the nobody user, or at each user if you run phpsuexec, you should be able to find the process running.
John W, CISSP, C|EH
MS Information Security and Assurance ITEagleEye.com - Server Administration and Security Yawig.com - Managed VPS and Dedicated Servers with VIP Service