Virus - loking all domain account

[thushara]

Hello,

can any one help
we are using windows sbs 2008 and most of the cliant pc are windows 7 and some are vista.

all the domain account in the sbs are loked

the only way we can log in to the system is need to restart the server.it only last for 10 - 15 mints.

 

[cscott_it]

Sounds like you have conficker.

I would suggest doing the following:

Disable Auto-run/Auto-play from Group Policy
Disable Task Scheduler
Check the autorun.inf

I would suggest using a boot time scanner, you can download VipreRescue:
http://live.sunbeltsoftware.com/
or if you have a Kaspersky Subscription, you can just make a boot-time scanner.

Afterwards make sure that all security updates are installed on the client\server PC's after the initial infection is removed. You may need to isolate computers and do this one at a time or implement some sort of anti-virus after the inital threat is done (I would suggest using an enterprise level AV, but if you can't afford it, using Microsoft Security Essentials would probably be the second best bet).

Also, go here and look over the practices concerning the security cheat sheet:
http://zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html