problem related with W32.Randef.F worm
Posted: Thu Jun 04, 2009 7:31 am
Hi
We are experimenting the error related with problems with the auth accounts. We check in the active directory, and detect all the users with the account locked. check the sucess viewer, and found the error published in this kb Microsoft document.
http://support.microsoft.com/?scid=kb%3 ... &x=10&y=19
The error appear extremly repetitive in the sucess viewer (3 times per second)
All the stations and the servers have escan AV 9.0.824.411. We do a complete scan under safe mode with MWAV in all the computers. Found some incidences related with kido and anothers virus, but nothing related with the randex or some variant.
All the accounts appear locked again a few minutes after to unlock it
We was unplug the AD server, to evaluate if the lock account continue, and the problem continue.
All the clues are related with a virus, but the virus referenced in the Microsoft KB are very old (the documentation about that virus is dated from 2004).
what another process can we do to detect if is really a virus the problem?
thanks in advance
We are experimenting the error related with problems with the auth accounts. We check in the active directory, and detect all the users with the account locked. check the sucess viewer, and found the error published in this kb Microsoft document.
http://support.microsoft.com/?scid=kb%3 ... &x=10&y=19
The error appear extremly repetitive in the sucess viewer (3 times per second)
All the stations and the servers have escan AV 9.0.824.411. We do a complete scan under safe mode with MWAV in all the computers. Found some incidences related with kido and anothers virus, but nothing related with the randex or some variant.
All the accounts appear locked again a few minutes after to unlock it
We was unplug the AD server, to evaluate if the lock account continue, and the problem continue.
All the clues are related with a virus, but the virus referenced in the Microsoft KB are very old (the documentation about that virus is dated from 2004).
what another process can we do to detect if is really a virus the problem?
thanks in advance