Hi Folks, Long time reader first time registered and unfortunately requiring your help. I am Sys admin for a company (been doing this almost 10 years now) and I am fairly proactive in my approach and any time there has been a problem in the past I have been able to fix it myself. Yesterday about 15 minutes after close of business our Trend Micro A/V detected 2 attempted infections of Mal_Xin12 inside c:\Recyclers within randomized sub folders. Being suspicious I connected to the server remotely & checked that folder which was full of folders that are hidden & read only (read only being greyed out to me so I cannot change it). This is a server at a business and since a lot of users connect inside the office using terminal services I Ran Malware bytes straight away and came back with the following. I let it clean and reboot the system, I am now waiting on a second Malware bytes scan to finish but from googling this infection I am fairly worried that I will not be rid of it so easily which is why I am posting here in anticipation of ongoing problems. Really while I wait for a second scan to complete, I just wanted to ask for some help on what to do next if the system is still infected (which I suspect it will be) and if I need to post hijack this logs etc what information will I need to redact to guarantee privacy and security of the system here while trying to fix it. Any help people can provide will be greatly appreciated.
