i need some help getting rid of a virus on a server 2008 R2 x64 domain controller/file server.
im using symantec endpoint protection small business 2013.
symantec finds and removes/quaratines the file, but it keeps coming back. as a test, i disconnected the internet, deleted the infected file and it did not reappear. as soon as i plugged the internet back in, the file reappeared.
the file names show as xskd.exe, cjxnd.exe, vmeil.exe
ive tried numerous other programs, such as malwarebytes, tdsskiller, sep support tool, etc.
i used process explorer to try and get more info on the infected files, but it will not see or find the infected files listed above.
the other workstations in the enviroment have endpoint 2013 installed as well and do not show this infection. on the server, the c:\ appears clean, just the d:\ is showing the infections.
the windows firewall is enabled and the router's built-in firewall is active as well.
any thoughts or suggestions on how to get this removed will be greatly appreaciated!