ADVAPI Process locking out admin account

[JamesONeill]

Hello

Wonder if anyone can help me...

My domain admin account keeps getting locked out, roughly every 15 mins due to wrong password attempts being tried every 5 or so mins.

Under the event log i get this:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 539
Date: 18/09/2007
Time: 12:51:46
User: NT AUTHORITY\SYSTEM
Computer: AC7SV000166
Description:
Logon Failure:
Reason: Account locked out
User Name: ac7gen-administrator
Domain: za
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: AC7SV000166
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 3516
Transited Services: -
Source Network Address: -
Source Port: -

I have done several searches on the net and get several different explanations, most of them being Viral, but i've done virus checks and nothing comes up....

I have tried searching for the file and i find a couple but one website said not to delete them.

Does anyone know what this is and how to stop it?!

Regards
James

James O'Neill BSc (Hons) MBCS
IT Manager UK & Ireland
Saint-Gobain Ecophon Ltd

 

[RCorrigan]

Have you run MBSA on that Workstation & the DC ...... might have something to do with IIS

<Do I need A Signature or will an X do?>