Hey all,

Trying to resolve an issue here at work. Here is the basic outline:

We are running Windows 2000 Domain in Native mode. 2 Domain Controllers, about 50 Windows 2000 PCs, Internal DNS and DHCP servers Running.

1. Noticed a very large amount of dns cached lookups on our 2000 Domain Controller directly related to porn sites.

2. During the process of troubleshooting, i cleared the cache and no more then 5 minutes later, all the same sites were back in the cache.

3. After noticing this pattern i played around for a bit and discovered that approximattly every 2 - 5 minutes the same events would happen after i cleared the cache.

4. Put up Ethereal and cleared cash, captured packets on the network untill I witnessed the same thing again. Stopped ethereal and looked for the source ip of the DNS querys.

5. The DNS querys have come from about 6 different machines so far all on the same subnet. But with further testing I think that I may find more. All machines are running Norton Corporate AV.

I do not see any spyware or anything that is installed, no weird processes running that look malicious, wondering if there is a new or old program that would cause this to happen all the time. First noticed this problem yesterday.

Anyone have any ideas?