window 2003 server security

Posted on 2006-04-25
Last Modified: 2013-12-04

User automatic create in the webserver+ mail server daily

user name : support
administrator group user

On our server this user automatic create daily. We delete this user daily so please tell me the reason.

third party tools: which is installed (may be cause but how to prevent)
crystal report
Question by:Sam Panwar
    LVL 16

    Accepted Solution

    It's been a while since I've used Crystal Reports, but I'd be pretty shocked if it was automatically creating administrator accounts!

    Sounds to me like you have picked up a rootkit somehow - this is not a good may want to backup the data on these systems and rebuild them from scratch just to be on the safe side.

    Before doing that, I would run 'HiJack this' and 'rootkit revealer' just to see if they can find what you're dealing with. The problem is as long as these systems are left running, someone can presumably be creating and logging in with accounts, and pretty much having their way with your systems.

    I would also recommend putting the systems behind a firewall (HW or SW) and only allowing access in for the ports that the applications require (80, 25, etc). Also, don't ever surf the web from your servers, that's likely the source of the infection (assuming there is one)

    LVL 32

    Expert Comment

    Does the event log show anything?

    You can see what time the user is created by looking within the "documents and settings" folder on the C: drive.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now