A server has been hacked.
Now "nbtstat -s" displays connections that should not be there.
I believe these connections must come from server and out because firewall only allow incoming connections on port 80 (not 139)
nbstat -s display info like this
FILESERVER NOT-LOCAL-NAME <20> 0B 0B
FILESERVER FOREIGN-NAME <20> 0B 0B
How can I find and remove what makes these connections?
Must I reinstall NT to get rid of them, or are there any other options?