Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: Active Directory Account lockout
Re: Active Directory Account lockout [message #378177] Wed, 27 January 2010 04:51
Atik  is currently offline Atik
Messages: 1
Registered: January 2010
Junior Member
Eset (antivirus) has updated defination file for the same virus.

In such senerio you need to check if any machine without AV in your network
as such virus make spreading point AV less machines. so you need to have all
network devices runing with AV and updated patter file.

Watch event ID 675 on DC and check from which machine its firing, same
machine is infected with Password Guessing virus.

how it works, one machine get infected, virus tries to spread in all
machines but seats in non AV machine as AV machine alerts for virus
notification and get cleaned. than virus tries from the non av machine to
contact AD adn than start Password Guessing which start account lock issue.

"Babu VT" wrote:

> Hi,
> This is a malware attack for which even Symantec doesn't have
> solution.Recently our client network was compromised in a similar
> fashion.The account gets locked even during nights when ppl don't use
> it.Currently we are using a script which will read all locked accounts and
> unlock it.The script is run every 2mins as a scheduled task.
> Symantec and other vendors have/are publishing definition files for the
> virus, but do not yet have a removal tool for it. The symptom of the virus
> is accounts being locked within the domain.
>
> http://www.symantec.com/security_response/writeup.jsp?docid= 2008-112203-2408-99&tabid=1
>
> http://www.microsoft.com/security/portal/Entry.aspx?Name=Wor m%3aWin32%2fConficker.B
>
> Microsoft have confirmed that other customers have experienced similar
> spread today.
>
>
> "Sukhwinder Singh" <SukhwinderSingh@discussions.microsoft.com> wrote in
> message news:CDBA1546-88BB-441E-954E-E5A3B2C4B461@microsoft.com...
> > Dear All,
> >
> > We are facing the issue with Account lockout in the infrastructure. Many
> > active directory user accounts in the infrastructure are getting locked
> > without any invalid attempt. Users are not logged into the PC but account
> > is
> > locked out. It is happening for the users from particular OU and some
> > users
> > from different OU as well.
> >
> > We have tried using alockout.dll but got nothing from client machine. We
> > tried some more tolls like netwrix but nothing is helping.
> >
> > This problem started suddenly.
> >
> > Any help will be highly appreciated.
>
>
>
Previous Topic:General AD DNS question about how AD DNS functions
Next Topic:RE: Software for users to change their AD password (password self-
Goto Forum:
  


Current Time: Fri Jan 19 00:42:49 MST 2018

Total time taken to generate the page: 0.05111 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software