awilderbeast
asked on
Event ID 4740 all my domain accounts where locked out with the same caller Computer Name, what does this mean? am i getting attacked?!
Hi all,
every single account on my domain was just locked out with event ID 4740 and the caller computer name came from a machine in another office for all events
what is the caller computer name? the computer that made the lockout happen?
are we being attacked internally?
Thansk for a speedy response
every single account on my domain was just locked out with event ID 4740 and the caller computer name came from a machine in another office for all events
what is the caller computer name? the computer that made the lockout happen?
are we being attacked internally?
Thansk for a speedy response
ASKER
sorry it did nearly all the domain accounts
that machine has got kaspersky for business on it all our machines do :S
the caller computer name, does that mean thats the machine that caused the lockout of the accounts?
that machine has got kaspersky for business on it all our machines do :S
the caller computer name, does that mean thats the machine that caused the lockout of the accounts?
does that mean thats the machine that caused the lockout of the accounts?yep
ASKER
ok run kk on that computer
came back with the below!
thats the only machine i didnt put kaspersky on it,
running kaspersky nearly killed the machines power its that old
will have to replace it or put it back on and the user will have to cope with a slow machine!
how does kido generally get on the machine?
USB, download?
Thanks for your help
came back with the below!
thats the only machine i didnt put kaspersky on it,
running kaspersky nearly killed the machines power its that old
will have to replace it or put it back on and the user will have to cope with a slow machine!
how does kido generally get on the machine?
USB, download?
Thanks for your help
Net-Worm.Win32.Kido removing tool, Kaspersky Lab 2010
version 3.4.14 Mar 19 2010 10:17:17
scanning jobs ...
scanning processes ...
scanning threads ...
Infected thread was killed in process svchost.exe with PID 1068
Infected thread was killed in process svchost.exe with PID 1068
Infected thread was killed in process svchost.exe with PID 1068
Infected thread was killed in process svchost.exe with PID 1068
Infected thread was killed in process svchost.exe with PID 1068
Infected thread was killed in process svchost.exe with PID 1068
Infected thread was killed in process svchost.exe with PID 1068
scanning modules in svchost.exe...
Spliced function NtQueryInformationProcess fixed in ntdll.dll module of process
with PID 1068
Spliced function NetpwPathCanonicalize fixed in netapi32.dll module of process w
ith PID 1068
Spliced function NtQueryInformationProcess fixed in ntdll.dll module of process
with PID 1216
Spliced function DnsQuery_A fixed in dnsapi.dll module of process with PID 1216
Spliced function DnsQuery_UTF8 fixed in dnsapi.dll module of process with PID 12
16
Spliced function DnsQuery_W fixed in dnsapi.dll module of process with PID 1216
Spliced function Query_Main fixed in dnsapi.dll module of process with PID 1216
scanning modules in services.exe...
scanning modules in explorer.exe...
scanning C:\WINDOWS\system32 ...
C:\WINDOWS\system32\okfkhbhj.dll infected Net-Worm.Win32.Kido ...
cured
scanning C:\Program Files\Internet Explorer\ ...
scanning C:\Program Files\Movie Maker\ ...
scanning C:\Program Files\Windows Media Player\ ...
scanning C:\Program Files\Windows NT\ ...
scanning C:\Documents and Settings\AlexWilloughby.WORKS\Application Data
...
scanning C:\DOCUME~1\ALEXWI~1.WOR\LOCALS~1\Temp\ ...
scanning Flash drives ...
completed
Infected jobs: 0
Infected files: 1
Infected threads: 7
Spliced functions: 7
Cured files: 1
Fixed registry keys: 3
Press any key to continue . . .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks alot!
please check for windows update and try to use kido killer tool
http://support.kaspersky.com/kis2009/error?qid=208279973