We have an older Windows 2003 server that runs SQL Server 2000. Recently AVG detected a virus and between AVG and Malware Bytes quite a few files were detected, quarantined, and deleted.
These programs are no longer detecting new threats but periodically, once a day or so, remote desktop gets disabled and we cannot get the console login screen to display. A power down and restart gets the login screen back. Afterwards a user account named "china" and occasionally one called "administror" has been created and the firewall port for remote desktop and SQL Server access have been disabled. A fresh scan typically finds no threats. I manually delete the two bogus accounts and things appear to be fine although obviously they are not.
The OS has all the service packs and updates that are available. I realize Server 2003 is past end-of-life. Is it just not viable any longer since it doesn't get updates?
Suggestions on how to track down the problem further and get rid of it are most welcome.