# SAM Database error



## Carldica (Jan 29, 2007)

guys,

my company is infected with W32.downadup or Kido-virus. i had battled this virus for sometime and cannot remove it though i'd used the removal from symantec and kaspersky.

the virus always lock all of my user, if any of you have any solution, please share it with me.

also, there is an error in my event viewer <happen in all my DCs>:
eventid: 12294
The SAM database was unable to lockout the account of administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.

i'd followed the instruction here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306091

i'd ran the "repadmin /showobjmeta domainController objectDN" command, or did i by mistake miss-written the command?
i type in the CMD repadmin /showobjmeta DC1 administrator. DC1 is my primary domain server's name.

after i enter the command, it returns "DsReplicaGetInfo() failed with status 8439 (0x20f7): the distnguished name specified for this replicatoin operation is invalid"
and it happened to all the users in my domain.

any idea guys?


----------



## villex46 (Apr 15, 2009)

I have the same error. Did you get it?​
Regards


----------



## mattig89ch (Jan 1, 1970)

The most effective way I found to remove stubborn viruses is to boot into safe mode, and scan your heart out. If you know where this virus is, specifially, then you can browse into the folder and delete the files.

You may need to wipe the drive clean, put a firewall on it, and block that file/program from entering your computer.

Srry I couldn't be more helpfull in this...have you tried looking up alternate ways of getting rid of this virus?

edit:

use this to help get rid of that virus, http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=3. also, there is a patch on microsofts site to stop this virus from infecting your computers. you just have to update your computer once a month.


----------



## Carldica (Jan 29, 2007)

hi matti, 

i did that, and no luck, and then i formated and rebuild again my symantec system center, it works out, but only for a few days, bout 2 weeks, the virus is attacking again. even though i had updated my servers to SP2 and my clients to SP3. but still.....


----------



## mattig89ch (Jan 1, 1970)

The thing with this virus is that its stubborn. It replicates itself, and even updates itself automatically. Chances are very good that its all over your network.

If you can, wait till a weekend, boot all your machines (servers included) and get rid of them all at once. but remember, if your users have used removable media like flash drives, or burned disks, then your entire network will become infected again.

also, just updating them to a service pack doesn't do it. There is a security update(s) that you have to download and install. knowing microsoft, there are more then 1 update for this virus.


----------

