Hello,
I've seen several Windows 2000 computer, a few Windows 2000 server getting
their administrator account password changed.
I've recently experienced this (2000 Server). I've also had alerts from
Zone Alarm as Explorer trys to acces the internet and hijacking of my
browser home page.
User claims that they did not change the password and confirms that they're
using the correct password. Norton AV Corporate, with latest definition
detects nothing.
I changed nothing. First I realised was when ASP stopped working on
server. After a lot of hunting, I discovered the pw alteration and fixed
things by synchronising the passwords using synciwam.vbs as instructed
on a microsoft knowledge base article (297989). I'm no expert so may
well be bodging things...
Does anyone know what kind of virus / trojan that does this?
I suspected some kind of trojan or adware but found nothing with AVG,
adaware, Spybot, or the clutch of others I downloaded for the task
(though I stopped the browser hijacking). However, when i updated AVG
(14th may) it found a file called origin~1.exe in Program files/Internet
Explorer and sent it to the vault identified as Downloader.Small.5.AP
I'm still unsure that I'm clean, as opening a desktop window still
ocassionally instigates explorer trying to access the internet. I'd
appreciate any further info anyone may have on this...
