window 2003 server security

Hi,

User automatic create in the webserver+ mail server daily

user name : support
administrator group user

On our server this user automatic create daily. We delete this user daily so please tell me the reason.

third party tools: which is installed (may be cause but how to prevent)
crystal report
LVL 18
Sam PanwarSr. Server AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JammyPakCommented:
It's been a while since I've used Crystal Reports, but I'd be pretty shocked if it was automatically creating administrator accounts!

Sounds to me like you have picked up a rootkit somehow - this is not a good thing...you may want to backup the data on these systems and rebuild them from scratch just to be on the safe side.

Before doing that, I would run 'HiJack this' and 'rootkit revealer' just to see if they can find what you're dealing with. The problem is as long as these systems are left running, someone can presumably be creating and logging in with accounts, and pretty much having their way with your systems.

I would also recommend putting the systems behind a firewall (HW or SW) and only allowing access in for the ports that the applications require (80, 25, etc). Also, don't ever surf the web from your servers, that's likely the source of the infection (assuming there is one)

HTH
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
r-kCommented:
Does the event log show anything?

You can see what time the user is created by looking within the "documents and settings" folder on the C: drive.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.