First thing you do is pull the plug. Not shutdown or power down, just pull the plug! Remove the harddrive(s) then use a separate machine (no network connectivity!) and a live-cd to create a copy of the disk. Work on the copy to find a cure, once you found it you can cleanse out the original disk(s). Make sure any data you rescue from the infected drive(s) is thoroughly checked by the updated rootkit scanner available from the rescue cd.
Anyway, your security system is compromised, so you'd really need to rethink your strategy on that and find the source of the infection to make sure it'll never happen again. The most common cause is ignorant users or compromised updates. As said, Lenny is quite old so you really must upgrade to Squeeze now.
I also concur to have the post moved to the Security area of LQ, with much better experts then I'll ever be