We have a server that may still be infected with a virus. I have scanned with bitdefender (online), trend micro (online), avg, sophos, and kaspersky. All looks good except when i do a packet capture, my server seems to be sending something out to ip 220.127.116.11 (some where in china with lookup tool). It connects via random ports from my server to port 8080 on 18.104.22.168. I have disabled all my anti-viruses. Still it appears. What else can i do?
Some random ports are
4326, 3995, 3996, etc.