I have a serious issue on one old terminal server (2003).
I have recurring virus, coinminer it seems, which I don't know how it passes into the computer. It is quite isolated environment.
It creates either gfxdrv.exe or gxdrv.exe in windows\temp and coin mines.
Did anyone encountered this problem? I don't know how to get dir of it.