A customer (a school) has a Server 2003 system as a domain controller. In the domain there are 8 PCs in a computer suite, 16 notebooks in a trolley, one notebook per teacher and a few other things here and there, all on XP Pro.
I was called the other day and told that there was a Windows activation problem. On arrival I found that four of the machines in the suite would not log on, claiming that there was a problem checking the Windows activation state. Of the other four, from a different vendor (Dell), two would log on but would not run apps (a message to the effect that the application was misconfigured) and the remaining two seemed OK. In addition one of the teachers' laptops (another Dell) was displaying the same symptoms as the suite Dells.
I concentrated on the systems in the suite. I rebuilt the four that would not logon (from a restore partition). There was no restore partition on the Dells and no sign of a restore CD, so I tried XP's System Restore to take them back a few weeks.
One the OS was back on the ones I restored I rejoined them to the domain, they installed the pushed software and all seemed OK.
I went back a few days later and the six were failing again. This time the non-Dells (made by RM, in fact) were failing to run apps. And the Dells had reverted to that state, too.
I reran AVG network editions scans on the server and clients, but nothing. I used a bootable Avast CD and scanned the server and a workstation - nothing found. So I rebuilt the RMs and used restore on the Dells again.
Three days later and the Dells are dying again, and the RMs are in a reboot loop.
I had wondered if it could be a rogue update, so had disabled auto-update (from WSUS), so that's not the answer.
So I can only think there's some malware on the server (I suppose it just could be the teachers continually reinfecting, but that seems unlikely). I now propose to rebuild the server, but that's not to be undertaken lightly.
Any ideas at all about what might be happening?
