We have a Windows Server 2008 that is rebooting itself on an almost daily basis. The error code in the Reliability Monitor is:
0x00000073 (0xfffffffffc0000005, 0xfffff80001af490e, 0xfffffa600
This started with a particular domain we hosted on the server, everytime the domain is accessed, the computer would reboot with the same error message as above. However, the computer is now rebooting at an almost random level.
Our support personnel are blaming the issue on a compromised server, claiming that on a particular day we had an FTP attack via brute force. However, no log information suggests the intruder got in and we only have 5 valid FTP usernames, none of which are "Administrator" or "User", the only 2 usernames used in the attack. Further, we restrict all five usernames to their home directory, so I am skeptical that an attack is the cause of the error. He also points to "unusual" log activity centered around the windows update installer that starts at odd times, but I don't see how this is related to an FTP server compromise. His information is not conclusive.
My research points to a RAM/harddrive problem, and when I run a chkdsk, it does report errors though I have stopped short of letting the system fix the errors. I need to be able to rule out that the server was compromised and then determine how to resolve the issue so that we do not have these random reboots. I am including the error log information from the Event Viewer that is present at each reboot. Unfortunately, this and the error codes referenced above is all that I have to go with.