A server of my friend was unplugged today by the DC due to a complaint that it is being used to brute force. We want to clean his server but we don't know where to look into? His server is based on Windows Web without control panel.
See what processes are running in memory. See what processes start up with the OS in the HKLM\Software\Microsoft\Windows\Run registry folder.
If you're not sure what you're looking for, you can ask on here, hire someone, or backup your data & reload your OS, which ever your friend finds to be the path he feels comfortable with. Reloading the OS is the lazy man's way and usually requires a fee by the DC.