[Need Help Removing Trojan.0Access From a Server 2003 Terminal Server]

Hi Folks,

Long time reader first time registered and unfortunately requiring your help. I am Sys admin for a company (been doing this almost 10 years now) and I am fairly proactive in my approach and any time there has been a problem in the past I have been able to fix it myself. Yesterday about 15 minutes after close of business our Trend Micro A/V detected 2 attempted infections of Mal_Xin12 inside c:\Recyclers within randomized sub folders. Being suspicious I connected to the server remotely & checked that folder which was full of folders that are hidden & read only (read only being greyed out to me so I cannot change it). This is a server at a business and since a lot of users connect inside the office using terminal services

I Ran Malware bytes straight away and came back with the following.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.22.03

Windows Server 2003 Service Pack 2 x64 NTFS

Internet Explorer 8.0.6001.18702

-REDACTED-

22/11/2012 8:53:51 PM

mbam-log-2012-11-22 (20-53-51).txt

Scan type: Full scan (C:\|W:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 2630875

Time elapsed: 1 hour(s), 57 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\RECYCLER\S-1-5-21-2325178024-1148597956-3244452826-1165\$3d7ca3209989d09805bd02795e88b5e0\n (Trojan.0Access) -> Quarantined and deleted successfully.

(end)

I let it clean and reboot the system, I am now waiting on a second Malware bytes scan to finish but from googling this infection I am fairly worried that I will not be rid of it so easily which is why I am posting here in anticipation of ongoing problems.

Really while I wait for a second scan to complete, I just wanted to ask for some help on what to do next if the system is still infected (which I suspect it will be) and if I need to post hijack this logs etc what information will I need to redact to guarantee privacy and security of the system here while trying to fix it.

Any help people can provide will be greatly appreciated.