I have a virus on a server that seems to be running somewhere on the server, accessing an external ftp site and downloading more files to the server.
Common files i find are in the system32 folder:
There are more. I found a txt file called. cc1.txt that had an ftp site listed with username and password and it was getting files all.exe and 2.exe.
Anyone seen this and know how I can remove it?? I have Trend Micro Worry-free security installed, malwarebytes, spyware doctor and prevx, but none can pick it up.