VDS infected will malware. Cant make Backup. Help!

[Pnt]

I have a VDS that was infected by Malware and that is possibly being used as a bot, sending DDoS attacks. NFO reduced my bandwidth limit to 0.01 Mbps, that does not allow me to make a backup so that i can reinstall the operating system.
NFO states that as administrator of my service, i am responsable of what happens relative to it and that i am responsible for letting Malware to be installed in the VDS (something i do not have knowledge of). How can i investigate this and secure the VDS so that NFO as they say, can "lift the cap" and return the Mbps that we payed so that we can make the backup? And re install the operating system as last resource.

I speak from unknowledge.
Thank you and pardon my english.

[Edge100x]

You will need to find and remove the infection using VNC before you proceed with any other tasks. We talk more about where to start with that here: http://www.nfoservers.com/forums/viewto ... =46&t=5059

[Pnt]

You will need to find and remove the infection using VNC before you proceed with any other tasks. We talk more about where to start with that here: http://www.nfoservers.com/forums/viewto ... =46&t=5059

How can i make the backup? NFO reduced the Mbps to 0.01 and that will not let me make a backup to continue with the other points. What can i do in that case?
I cannot access to SSH or SFTP, due to the infection. I cannot reinstall the OS if i do not have the backup, it is very important.

[dukenukemz]

Is this a Windows VDS? might be a long shot but you can download Malware-Bytes anti-malware onto your machine and try running the Full scan. On desktop machines it typically catches almost everything. once the malware is removed from your PC i suggest backing up your files (if NFO will remove your bandwidth cap) and reinstall the OS on the VM.

You might want to try switching to Linux as well. More secure but it has quite a learning curve if your only good with Windows.

[soja]

He mentions SSH and SFTP, so most likely Linux.

As detailed in the guide Edge posted, check your web files first, as those are most likely the source of the problem.

[Edge100x]

Before making backups, you need to find and remove the infection. This also has to be done before a wipe.

If you just backed up your stuff, performed a wipe, and then loaded back on your files without ever finding the reason you were compromised, it is highly likely to happen again. We see that every time someone does that.