persistent "monit alert -- Resource limit matched localhost" emails started last few days

hello.
I have been running OMV for the last several weeks.

for the last several days I have been getting tons of email alerts with "t "monit alert -- Resource limit matched localhost" emails started last few days"
Description: cpu system usage of 95.3% matches resource limit [cpu system usage>95.0%]
and
Description: 'localhost' cpu system usage check succeeded [current cpu system usage=63.0%]

in process info I see a process from root taking up 145+ % of CPU command "echo find"
this is the only process I can see with this kind of CPU time.

server is running ok, except for the email I can not see anything wrong with it.

================================================================================
= OS/Debian information
================================================================================
Distributor ID: debian
Description: Debian GNU/Linux 7 (wheezy)
Release: 7.11
Codename: wheezy


================================================================================
= openmediavault information
================================================================================
Release: 2.2.5
Codename: Stone burner


================================================================================
================================================================================
= Locale
================================================================================
en_US.UTF-8


================================================================================
= System information
================================================================================
Linux atlas 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.7-ckt25-2~bpo70+1 (2016-04-12) x86_64 GNU/Linux


================================================================================
= Uptime
================================================================================
 09:14:45 up 11 days, 19:54,  0 users,  load average: 4.25, 5.86, 6.62

root@atlas:/# ps aux | grep "echo"
root 8389 0.0 0.0 7848 1908 pts/2 S+ 11:48 0:00 grep echo
root 11958 154 0.0 74044 5880 ? Ssl Jun19 3397:05 echo "find"

ok, but what is it ?

also my SSH service keeps going off, I have never seen things like this.

no can do, my connection just went out.
will try later when get home.
thanks

ok, I have killed the process before as ryecoaaron sugested
but almost immediately a new process with new id started with command "who"

root     22232 48.1  0.0  74472  7740 ?        Ssl  Jun22 690:45 who

the process list on OMV UI identifies the process as "bxigzbtgri"
and it is the same one that was causing issue last time just different commnad.

PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND


22232 root      20   0 74472 7740  412 S   101  0.0 691:35.18 bxigzbtgri

anyone know what this is?

yeah I figured out this already when I try to look up the file on my PC.
it screamed Malware and removed the temp folder files

I killed the process and removed the file from "/usr/bin"
I changed password for admin and root as well.

so far I do not see any unusual activity.

I don't trust it , but at the moment I can not rebuild it.
I will scan it with rkhunter though thanks .

[EDIT]
OK I have run "rkhunter" (log attached)
except for some outdated apps all looks ok.

ok, I will have to rebuild.
I got a strange process again out of nowhere.
have to wait couple of weeks though but I have shut down the server for now.

is there a way for me to preserve the config for SnapRaid and mergerfs so I do not have to redo it again?

cool.