Originally posted here by morganlefay
There is an obvious problem ...how does spyware get on a server???

the server is being used to surf the internet...to have these types of files\infections on it.

Once you get it cleaned you may want to "advise" them ..that servers should not be used to "surf the net"


MLF
I disagree with this assumption. It could have been introduced from a user clicking an email somewhere else on the network and then wormed it's way onto the server through an exploit. Ever hear of Code Red?

The best thing to do would be to find a temporary replacement, and take down the production server. Clean it, and turn it back on. Personally, I would not copy anything from the prod server to the temp server, you do have all your code in a repository somewhere, right? You do have back ups of the databases, right?