Is it possible that Trojan Horse/Virus get lockout the Domain ID?

Yes, it is possible. If a system is infected with a brute forcing worm that continuously tries to infected other systems by guessing passwords, it can lock out the account. The Clampi trojan and Conficker worm both did this as they had brute forcing capabilities

Yes it's possible

You can find logs for domain controller after enabling Auditing logs for domain level.

Domain logs we have found which system are getting locked user account.

Enable Auditing at the Domain Level

Maintaining and Monitoring Account Lockout

http://technet.microsoft.com/en-us/library/cc776964(WS.10).aspx

How many trojan viruses are able to lockout the systems id?

HI,

Many worms and hacking tools like "RDP Brute" employ a "password guess" attack. By enabling an Account Lockout policy, you can considerably lower the risk of being hacked that way.

Virus Infection Prevention Best Practices for Small and Midsize Organizations

http://technet.microsoft.com/en-us/security/jj643316.aspx

You can protect Virus attack

Security Best Practice Recommendations

http://www.symantec.com/docs/TECH91705

Best practices for responding to active threats on a network

http://www.symantec.com/docs/TECH122466

Security Response recommendations for Symantec Endpoint Protection settings

http://www.symantec.com/docs/TECH122943

Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe

http://www.symantec.com/docs/TECH98360

https://www-secure.symantec.com/connect/forums/your-system-infected-symantec-tools-help-clear-infection

Check this thread

http://www.symantec.com/connect/forums/virus-cleanup-exercise

any malware which attempts coded to attempt brute force attack on the account will cause account lockout if the threshold attempt reaches.

Hello,

Yes, Many viruses (Downadup.B, for example) attempt to spread by enumerating network shares (including the ADMIN$ shares). They will try to establish a connection as an existing user by authenticating with a predetermined list of common passwords. These attempts are likely to fail, and that could result in Active Directory placing restrictions on the user account that made repeated failed attempts.

In instances where a network experiences widespread lockout and suspects a virus, being an administrator, you should examine their network's audit logs. What resources on the network is the account attempting to access?

Auditing is an important part of a network's security, though it is a feature of Windows and Active Directory rather than of a Symantec product. 

In terms of Downadup.B, follow this article:

https://www-secure.symantec.com/connect/articles/best-practice-downadupb-and-additional-information-same

I found Microsoft Article on this Account Lockups:

Description of NTDS replication warning IDs 1083 and 1061, and SAM error ID 12294 because of an Active Directory collision

http://support.microsoft.com/kb/306091

Event ID 12294 — Account Lockout

http://technet.microsoft.com/en-us/library/cc733228(WS.10).aspx

Event ID 675 in Windows' Security Event Log may be a good way to identify the client IP address of computers which are repeatedly trying bad passowrds for Admin, etc accounts : 

http://technet.microsoft.com/en-us/library/bb742435.aspx

thanks for sharing such a knowledge base link.