We have a web server at a hosting provider, running Win2003R2 SP2 with, amongst others, IIS 6.0, SQL Server 2005, MySQL Server 5.0. For almost a year, the machine ran fine. Then, in the last few weeks, things have changed.....
The first indication of a problm is generally that a web-based search, via MS SQL, fails. Further investigation shows that most outgoing network services fail. Incoming to the server, via http, rdp, ftp are OK, outgoing ping is OK, but any outgoing attempts via http, telnet on various ports, even to localhost, fail. I haven't tested every single TCP/IP port, so I can't categorically say that every port fails - as mentioned, outgoing ping works, and outgoing DNS resolution appears to work. Have tried disabling & enabling the NIC, but so far only a system reboot has resolved the issue. This generally occurs 2 or 3 times per week, but we have had 2 incidents in a day as well. When it is working, everthing works, so I doubt whether there's a network config problem.
Could this be a network driver problem (Broadcom BCM5708C NetXtreme II), could it be an undetected virus (we're using ESET NOD32), maybe a DOS attack or a rootkit? We did find a few viruses and, as far as I can determine, these have been removed. There is a strange service, name "2jH6HjxW", description "OvdKpJAG", which runs "C:\WINDOWS\system32\svchost.exe -k iFE6mguM". Can't find any info on this service & have disabled but not removed it.
Not sure what other info may be relevant?