A vulnerability was recently discovered in RPC Interface on Windows servers,
which can be exploited by attackers to run code with Local System privileges.
You can tell your server has been hacked if:
The RPC Service is stopped
When domain applications are created, the user gets the following error in the browser: Server Application Error
The server has reached the maximum recovery limit for the application during the processing of your request.
Please contact the server administrator for assistance.
To recover WinBox from an attack:
Start the RPC service
Kill the inetinfo.exe process
From the command prompt, run: iisreset /restart
Restart hsphere by running: NET STOP HSSVC NET START HSSVC