Virus propagates to shared folders on servers, how to remove? Disguised as font file (myo.avi, movs)?

We had a trojan infect our business servers back in march. The malicious part was detected and removed by antivirus softwares such as AVG, Malwarebytes (tried a few). Now, it creates 5 files in every shared folder on the system. One is an .ink file, a malicious .fon file, myo.avi, movs folder, and one other file. If they get deleted, the reappear in about 20 minutes. How can this be removed successfully? Antivirus scans detects nothing. What processes are being used to create this. This is a business network so its kind of a big deal to get fixed :)