Those random letter strings at the bottom are not good. This worm usually blocks most of the anti-virus websites. See if you can get to trendmicro.com or mcafee or symantec. Or hit this link and see if you can see their logo's....
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html Can you just fdisk this machine, or is it mission critical? ________________________________________ From: Jason Morris [jmor...@mjmc.com] Sent: Tuesday, October 20, 2009 4:46 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain Sorry, missed CurrentVersion [cid:image002.png@01CA519C.8D4C8230] From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Tuesday, October 20, 2009 3:33 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain This is what I get which looks normal: [cid:image003.png@01CA519C.8D4C8230] Jimmy From: Jason Morris [mailto:jmor...@mjmc.com] Sent: Tuesday, October 20, 2009 1:10 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain That���s because Conficker runs as the Network Services Account.���� Look under: HKLM\Software\Microsoft\Windows NT\SVCHost\NETSVCS and see if there is any gobbledygook at the bottom of the entries. Th�����s your DLL that is running under Windows\System32. From: Jimmy Tran [mailto:jt...@teachtci.com] Sent: Tuesday, October 20, 2009 3:08 PM To: NT System Admin Issues Subject: RE: Constantly getting locked of 2003 domain No services running under my account when logged in as a different user. Jimmy From: Roger Wright [mailto:rhw...@gmail.com] Sent: Tuesday, October 20, 2009 1:06 PM To: NT System Admin Issues Subject: Re: Constantly getting locked of 2003 domain Any services running under your account with an old password? Roger Wright ___ Sent from Tampa, FL, United States On Tue, Oct 20, 2009 at 4:00 PM, Jimmy Tran <jt...@teachtci.com<mailto:jt...@teachtci.com>> wrote: Every 5 minutes or so, I get lock out of our domain. I ran EventCombMT and traced it back to a specific machine. Does anyone have any suggestions on what I can do to figure out what program/service is attempting to contact the DC with an incorrect password?�����ve been dealing with this all morning and it is driving me crazy. Windows 2003 Domain Windows XP SP3 machine Thanks, Jimmy ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ------------------------------------------------------------------------------------------ The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~