MonitorWare Knowledge Base

Your first source for knowledge

Skip to content

event ID 644 locking out w2k accounts - Virus related ?

Discuss Windows Event Log events. What they mean, what they tell you about your machine's security ... and whatever questions else you have.

Moderator: alorbach

Post a reply

event ID 644 locking out w2k accounts - Virus related ?

Postby murthy on Thu Aug 07, 2003 8:00 am

Hi
Can someone confirm that if i started to get a lot of event ID 644 on a domain controller running w2k, locking out most of the active accounts, could it be due to a virus (trojan) ? We have also noticed that some of our PCs having bad/weak passwords have been the target of this particular virus called 'Backdoor.Roxy' virus. Norton's Anti-virus (update 6th aug 03) was used to scan them. Norton's does not report any virus, but its realtime scanner would pick up this virus occassionally. Accounts gets locked out at around the same time as well, which to me indicates that it could be the cause for the lockouts. Also the event ID also indicates these PCs as the source of the lockout (caller name).

Does any one have any idea how to handle this situation ?

:cry: murthy
murthy
 
Top

Postby alorbach on Mon Aug 18, 2003 10:10 am

Hi,

could you send the whole event message here?
User avatar
alorbach
Site Admin
 
Posts: 871
Joined: Thu Feb 13, 2003 11:55 am
Top

Google Ads

Post a reply

Return to Windows Events

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
phpBB SEO

Time : 0.026s | 12 Queries | GZIP : On
cron