JamesONeill
IS-IT--Management
Hello
Wonder if anyone can help me...
My domain admin account keeps getting locked out, roughly every 15 mins due to wrong password attempts being tried every 5 or so mins.
Under the event log i get this:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 539
Date: 18/09/2007
Time: 12:51:46
User: NT AUTHORITY\SYSTEM
Computer: AC7SV000166
Description:
Logon Failure:
Reason: Account locked out
User Name: ac7gen-administrator
Domain: za
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: AC7SV000166
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 3516
Transited Services: -
Source Network Address: -
Source Port: -
I have done several searches on the net and get several different explanations, most of them being Viral, but i've done virus checks and nothing comes up....
I have tried searching for the file and i find a couple but one website said not to delete them.
Does anyone know what this is and how to stop it?!
Regards
James
James O'Neill BSc (Hons) MBCS
IT Manager UK & Ireland
Saint-Gobain Ecophon Ltd
Wonder if anyone can help me...
My domain admin account keeps getting locked out, roughly every 15 mins due to wrong password attempts being tried every 5 or so mins.
Under the event log i get this:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 539
Date: 18/09/2007
Time: 12:51:46
User: NT AUTHORITY\SYSTEM
Computer: AC7SV000166
Description:
Logon Failure:
Reason: Account locked out
User Name: ac7gen-administrator
Domain: za
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: AC7SV000166
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 3516
Transited Services: -
Source Network Address: -
Source Port: -
I have done several searches on the net and get several different explanations, most of them being Viral, but i've done virus checks and nothing comes up....
I have tried searching for the file and i find a couple but one website said not to delete them.
Does anyone know what this is and how to stop it?!
Regards
James
James O'Neill BSc (Hons) MBCS
IT Manager UK & Ireland
Saint-Gobain Ecophon Ltd