Hey guys,
Here is my issue. End user opened infected attachment and ran it.
You can login to Safe Mode with Networking. When running Windows in Normal Mode as long as you do not login as a user the server will run OK. Once you login these screen will freeze (but server looks like it is running. Only cold boot will fix.
Scanned with ESET Online Scanner and it removed most of Trojan except for one exe. Scanned with Malwarebytes and no detection. Currently running another full scan with Malwarebytes and eSET. Also did a SFC.exe /scannow and no damaged files were detected.
Here is my issue. End user opened infected attachment and ran it.
You can login to Safe Mode with Networking. When running Windows in Normal Mode as long as you do not login as a user the server will run OK. Once you login these screen will freeze (but server looks like it is running. Only cold boot will fix.
Scanned with ESET Online Scanner and it removed most of Trojan except for one exe. Scanned with Malwarebytes and no detection. Currently running another full scan with Malwarebytes and eSET. Also did a SFC.exe /scannow and no damaged files were detected.