What should I do if I get hacked on a Windows Server?
I can't find any documentation on how to fix my Windows server if it's been hacked. I'd also like to know if there are any remediation steps I can take to ensure that it doesn't get compromised.
There is no single proven approach to remediate a compromise. The truth is they happen in vastly different ways, attack different systems, and vary in the amount of access they have to your system. The key to picking up and moving forward are limiting the compromise from causing additional damage, understand what your compromise is and how it happened, and finally rebuild. It's also never a good idea to continue using the original server you were compromised on no matter how far back your restore goes.
The article below can help as a proactive approach before a compromise happens or after the fact when your in the rebuilding process.