Sorry, missed CurrentVersion [cid:[email protected]]
From: Jimmy Tran [mailto:[email protected]] Sent: Tuesday, October 20, 2009 3:33 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain This is what I get which looks normal: [cid:[email protected]] Jimmy From: Jason Morris [mailto:[email protected]] Sent: Tuesday, October 20, 2009 1:10 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain That's because Conficker runs as the Network Services Account. :) Look under: HKLM\Software\Microsoft\Windows NT\SVCHost\NETSVCS and see if there is any gobbledygook at the bottom of the entries. That's your DLL that is running under Windows\System32. From: Jimmy Tran [mailto:[email protected]] Sent: Tuesday, October 20, 2009 3:08 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain No services running under my account when logged in as a different user. Jimmy From: Roger Wright [mailto:[email protected]] Sent: Tuesday, October 20, 2009 1:06 PM To: NT System Admin Issues Subject: Re: Constantly getting locked of 2003 domain Any services running under your account with an old password? Roger Wright ___ Sent from Tampa, FL, United States On Tue, Oct 20, 2009 at 4:00 PM, Jimmy Tran <[email protected]<mailto:[email protected]>> wrote: Every 5 minutes or so, I get lock out of our domain. I ran EventCombMT and traced it back to a specific machine. Does anyone have any suggestions on what I can do to figure out what program/service is attempting to contact the DC with an incorrect password? I've been dealing with this all morning and it is driving me crazy. Windows 2003 Domain Windows XP SP3 machine Thanks, Jimmy ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<inline: image002.png>>
<<inline: image003.png>>
