My server was hacked over the weekend and after disabling, the hackers account and running all the necessary checks I thought that i had got rid of him.
The problem now is that my server is rebooting, first it was every 3 hours, now it is rebooting roughly every 1 hour 45 minutes. This is worrying me as I cannot find anything on the server that may be the cause of this.
I have ran all the virus checks and system checks that I know about and nothing seems to be able to find anything.
If your server has been hacked (they actually broke in), then your best bet is to wipe the system, reinstall the operating system, install any applications which need to be installed fresh, and restore from a backup made prior to the hack.
Then secure your server, and keep it secure. Security is a way of life; there is no such thing as "one time" server hardening.
I have had a good track record of getting comprimised systems back up and running. Takes a lot of know how, but it can be done. Make sure that you go through all the services that are running on the server to make sure there aren't any ones in there that shouldn't be there. Look in the registry for any keys that shouldn't be there, etc.
It can be a tough task, but it can be done. When you have a bunch of customer sites on your server, taking them down for any more time can be a tough call.