Help, proxy server issue

[Ecco]

Guys,

Something on my machine is hitting the proxy server where i work and causing my account on the network to get locked out all the time.

I thought it might be virus, did a full scan, nothing picked up. I now installed Ad-Aware and am doing a full scan with that. So far, its clean.

How can i try and find out what is doing this? Any tools i can use?

 

[s0lar]

take a TCP trace to ferret it out.

on PC use wireshark, OS X use little snitch, Linux use tcpdump.

 

[rurapente]

you didnt type your credentials in to any app that needed internet access? is everything that shuold be working working? Its usually a case of something with automated logon having the wrong credentials for you and re-trying the whole time.

 

[Ecco]

take a TCP trace to ferret it out.

Dont know what that means. Sorry man, not that technically inclined, can you explain it in simpler terms.

 

[Ecco]

you didnt type your credentials in to any app that needed internet access? is everything that shuold be working working? Its usually a case of something with automated logon having the wrong credentials for you and re-trying the whole time.

Everything that should be working is working.

I may have type the credentials somewhere that is trying to login automatically, just dont know what that is. I want to try an figure out what is doing this, so i can switch it off, or update the credentials.

 

[sjm]

Find out what URL it's trying to get to & google that URL. That should hopefully tell you what it is

 

[Ecco]

Find out what URL it's trying to get to & google that URL. That should hopefully tell you what it is

Using wireshark (not really sure how just messing around) i see IE is trying to connect to urs.microsoft.com and its not authenticating through the proxy.

I think this mite be the issue. I have left IE closed and so far so good.

 

[rurapente]

did your domain account expire? have you logged out and back in since?

 

[Ecco]

did your domain account expire? have you logged out and back in since?

Yup it expired. Have changed it, and logged back in and out.

 

[w1z4rd]

Install netlimiter, see whats causing it.

 

[PsyWulf]

Using wireshark (not really sure how just messing around) i see IE is trying to connect to urs.microsoft.com and its not authenticating through the proxy.

I think this mite be the issue. I have left IE closed and so far so good.

https://phishingfilter.microsoft.com/faq.aspx

It's the URL for ie7's phishing filter check,seems it can account for 100's of hits per browser session

 

[thisgeek]

The biggest culprit for this is on our network is Adobe Updater. The damn software steals credentials, and then never changes it, thus locking out your account when you change your password. Do the lockouts usually occur after reading a PDF or running some other Adobe app that you've noticed?

When the lockouts are occurring, check if you have a process running called Updater.exe, or might be AdobeUpdater.exe - I forget exactly.

Simple way to get rid of this is to kill the process, then go to C:\Program Files\Common files\Adobe and then delete the Updater* folder. Might be Updater5 or Updater6, depending on the version of Adobe products you have. Updater5 is notoriously bad though.