Hi all,
As you probably all know I run a network of macs of varying specs - but they all run Tiger, and they all have two accounts - one as an admin (my account) and a general user account (students). Now over the last couple of months, I've noticed a few of them exhibit a very odd behaviour. When trying to log in as the user, it refuses to accept the password, even if you're 100% sure that you're typing it in correctly. After a few attempts it will flash up the hint - even then, it won't let you log in. The only way I've found to sort this is to log in as admin, reset the user password and then all is hunky dory. I posted this up on the Apple forums, and no-one really had any ideas as to what might be causing this, so I turned a blind eye to it.
Anyhoo, over the weekend my network manager paid me a visit. 5 of my machines had been behaving a little odd on the network - and between them in 24 hours had uploaded 5 gig of data to an IP address in Romania on a couple of occasions. Now unfortunately I've been unable to trace exactly what was sent, and by what program. Nothing has been installed on the machines (user accounts don't have admin rights, nor do the logs show anything up) so I'm at a loss as to what this could be. The network manager has requested that the suite is removed from the network until I can find out what is wrong, so I'm stuck. I've tried ClamXAV and that's come back clean so if there is a malicious bit of code floating about, no-one knows about it - yet...
Any thoughts/help graciously received.