problem related with W32.Randef.F worm

Post your techical queries on any product in our range of AntiVirus, AntiSpam, Content Security and Firewall Solutions sold under the brand names of eScan, MailScan, eConceal and X-Spam here. Your queries will be responded to by our expert technical team directly.

Moderators: Divesh, Gurdip Singh

problem related with W32.Randef.F worm

Postby cmora » Thu Jun 04, 2009 7:31 am

Hi

We are experimenting the error related with problems with the auth accounts. We check in the active directory, and detect all the users with the account locked. check the sucess viewer, and found the error published in this kb Microsoft document.

http://support.microsoft.com/?scid=kb%3 ... &x=10&y=19

The error appear extremly repetitive in the sucess viewer (3 times per second)

All the stations and the servers have escan AV 9.0.824.411. We do a complete scan under safe mode with MWAV in all the computers. Found some incidences related with kido and anothers virus, but nothing related with the randex or some variant.

All the accounts appear locked again a few minutes after to unlock it

We was unplug the AD server, to evaluate if the lock account continue, and the problem continue.

All the clues are related with a virus, but the virus referenced in the Microsoft KB are very old (the documentation about that virus is dated from 2004).

what another process can we do to detect if is really a virus the problem?

thanks in advance
“the imagination is more important than knowledge” Einstein
cmora
 
Posts: 32
Joined: Wed Jan 02, 2008 7:25 pm
Location: Colombia

Postby Varghese » Mon Jun 08, 2009 4:07 pm

The account lockout normally happens with the Kido virus that you encountered in your network.

Make sure you scan the whole network thoroughly with mwav in safemode and purge out all the kido incidents in the network. Also apply all the patches from Microsoft for Kido. You can also do this using eScan, from the Tools Section.
Varghese
 
Posts: 144
Joined: Sat Dec 29, 2007 11:52 am
Location: Mumbai


Return to Technical Support

Who is online

Users browsing this forum: No registered users and 13 guests

cron