Preface: First of all excuse me for bringing forwarding this weird question, as it could be just me.
Situation: We have a Centos 6.5 Cloud VPS hosting our website, running mysql 5.1 and it is also used for two way replication to and from our in house mysql server.
Problem: I recently retstarted mysql for changing some buffer size, when i tried to relogin, the existing password didn't work and i was able to login for root@localost with an empty password, which raised my suspicion. When i entered in mysql DB (to see user table for permissions) I have noticed that there are more than 5k tables, named randomly and few of them have binary data in it too. I can also see in /var/lib/mysql/mysql/ all of the tables have their data files present too. I suspect having older version of OS and Mysql, our server has been hacked and hacker has injected some code and files there (i can see lots of DLLs and EXE files there, luckily its a linux server!!!). I want to get rid of these useless tables and protect my server in a safe manner, as this is live customer facing web portal. so cant try any unsafe deletion. Any help would be highly appreciated.