User accounts get automatically changed
Updated: 20 Sep 2010 | 3 comments
Dear All,
In one of client organisation,in most of the windows 2000 machines,the display names of the admin account and guest account got automatically changed to "xadministrator" and "xguest" respectively.The usernames were totally different before.
We are able to login using the username "xadministrator" and "xguest" with the same password which was set for the earlier user accounts.
Version of SAV-9.X
We thought that this could be rootkit infection and did a command line scan using the win PE and Norton security scan...
But that has not given any results.
Kindly give your suggestions.
Regards,
Sathyan
discussion Filed Under:
Comments
check anu audit system on the
check anu audit system on the system from event logs to time the name was changed. You may be able to get some hint over here.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hello Sathyan, This issue
Hello Sathyan,
This issue will be caused due to W32.Sality.AE and Symantec has definitions to take care of the infection.
The worm(W32.Sality) on the network might have renamed the "Administrator" account name but when the worm is removed from the machine/network not all the damages can be rectified/recovered. We may have to replace some damaged files from a good copy. In your case it is recommend to rename the account name to the default name which would resolve the issue.
Note: Not sure if the 9.0 version SAV can take care of this. I would recommend to migrate SAV to its latest build 10.1.9.9000 else to EndPoint
Thank you,
VinodhRaj K
Dear Vinodh, Thanks for the
Dear Vinodh,
Thanks for the info.....
Regards,
sathyan
Would you like to reply?
Login or Register to post your comment.