One of our SQL servers over the weekend appears to have become infected with something and is sending large amounts of data to an IP address in China.
I ran Windows Malicious Scanner and MalwareBytes and both found & clean infections however the problem still starts late at night.
I did a capture of packets and all I can pull out of it is that our server is the sending a lot of data to an IP address in China to a destination port: 7003, afs3-vlserver.
Has anyone encountered this before?