Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Possible Virus on Domain controller

Updated: 21 May 2010 | 6 comments
sycogrim's picture
sycogrim
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hi there

I came into work this morning to find out that not 1 or 2 users got locked out of their windows accounts but every single user. I checked the domain controller and saw that everyone had been locked out. I unlocked them all and then not 5min later people started getting locked out again. I tried doing various different scans with Anti-Viruses including Endpoint protection and I cannot seem to find anything whatsoever. I am officially stuck. I assume it is a virus as has been going on all day.

Please may someone help me out urgently.

Thanks

discussion Filed Under:
, , , , ,
Group Ownership:
HP | Altiris, Intel | Altiris

Comments

pete_4u2002's picture
13
Jan
2010
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

looks like downadup

looks like downadup symptom.
You need to install MS08-067 patch to all the systems in the network.

http://service1.symantec.com/support/ent-security....

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

sycogrim's picture
13
Jan
2010
0 Votes 0
Login to vote
sycogrim

I thought its a possibility

I thought its a possibility that it might be that specific virus but im not sure do you reckon the patch will be able to resolve that??? and would I have to install it on every single machine that has End Point protection???

Thanks

pete_4u2002's picture
13
Jan
2010
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

yes, this is windows

yes, this is windows vulnerability, having only AV does not help in much of the cases. Becuase there would be systems in the network which might have been updated or AV is not functioning.

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

AravindKM's picture
13
Jan
2010
0 Votes 0
Login to vote
AravindKM

The 5 Steps of Virus

The 5 Steps of Virus Troubleshooting

 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

sycogrim's picture
13
Jan
2010
0 Votes 0
Login to vote
sycogrim

@pete - Well as I said I ran

@pete - Well as I said I ran 2 different anti-viruses and still did a complete network scan and full update... and still did not find anything.

@ AravindKM - What would the best possible solution be to actually locate and eradicate this virus if it is one as I cannot find anything... and either this Virus is well hidden or it is there and something just isn't right because I have to unlock people's accounts every 5min and it's frustrating.

sycogrim's picture
13
Jan
2010
1 Vote +1
Login to vote
sycogrim

Problem Solved

Hi guys

Thanks for the Assistance I managed to resolve the issue using a program called Netwrix Account Lockout Examiner. What it does is when its installed on the actual domain controller you input a locked username like Administrator for example and the program refreshes and gives you the exact location of the attacking source works like a charm. Then you just go to that machine and Scan the machine and Eradicate the virus from there with your AV.

Thanks

SOLUTION

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,065