Win2000 Server - local admin password changed to blank

Setup:
Win2000 Server SP4
File and Printer server, not a DC
Not running Active Directory

Our sysadmin tried to reboot this server and found that he couldn't.
While investigating, he discovered some strange behaviour:
  - could not run Norton AV
  - the local admin password was blank
  - couldn't surf the internet
  - couldn't open Computer Management
  - couldn't open Services
  - couldn't execute batch files in a command window
  - couldn't run 'net stop' in command window
  - could not stop most processes in task manager. "Access denied"
  - computer would not shut down.  When he pressed the power button, a message flashed
    saying something about Remote Storage not shutting down. (message flashed too quickly to get more detail)

When he powered the computer back up, he booted into safe mode and ran a virus scan.  It came back clean.

After determining the admin password was blank, he changed the password and all is running fine now.

The questions are:  have you heard of this happening before?  What would cause this?

bkt
LVL 6
bkthompson2112Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Rob StoneConnect With a Mentor Commented:
Someone may have been taking the p**s and used the password recovery tools to mess your server up (http://home.eunet.no/~pnordahl/ntpasswd/)

Other than that I don't know
0
 
shard26Connect With a Mentor Commented:
For those of you who don't know, "taking the p**s" means messing with you.
0
 
BigC666Connect With a Mentor Commented:
sounds like they did a good job too
0
2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

 
Rob StoneCommented:
Cheers shard26 :-)
0
 
bkthompson2112Author Commented:
Thanks for your responses.

Yeah, we thought we were probably hacked, but can't determine how they got in.

Unlikely it's an insider.

I'll leave this open, hopefully get some more responses.

Thanks again,
bkt
0
 
RobertMAtkinsConnect With a Mentor Commented:
Make sure that you read and UNDERSTAND the syskey.txt at that site :)
0
All Courses

From novice to tech pro — start learning today.