While investigating a breakin on a freinds server I came across this pretty damn cool little utility: The RootKit Hunter
It’s a spiffly little piece of work, and it helped considerably. This server, for reasons I can’t say, couldnt be simply wiped and reloaded in a short time span… and HAD to, for a particular service that it performed, stay up for the duration of the week. This little tool helped considerably in cleaning the server out relatively well.
Still, when possible, wipe and reload after a hack attempt is the BEST choice. Cleaning is an imprecise art at best.