Net Send/Remote Shutdown/TelNet/Shutdown

Im having a problem at EDIT, and im sad to say that i keep getting hacked on the PC. I will be working then all of the sudden I get a popup giving me 3 minutes to "save my work and shutdown". It says that it is the same domain name as me and using the "god" account(DOMAIN/god). I checked and there is no "god" account on the network. The only way I know of this working is by using the shutdown command in command prompt, but that has been disabled/uninstalled. We are also using windows 2000. Maybe I can copy the file "shutdown.exe" from my winXP computer to the X's winNT computer. please help, its starting to annoy me. I still need to figure out where the person doing this to me is sitting and how they are doing this as well.

could be a hidden admin account, and you could be being shutdown using Radmin for doing naughty things?

Out of curiosity, how did you check the network accounts for an account login "god" if you don't even have rights to use shutdown?

i can access network details without being allowed to use shutdown too.

mr noob wrote: i can access network details without being allowed to use shutdown too.

And you can enumerate all domain and enterprise users, as well?

well, i too have the admin password, but when the shutdown command is sent to my computer it says the message was sent by domain(domain)/god(user), in order to stop them i copied the shutdown.exe file from my PC and put it on my flash drive and used shutdown -a to abort it. now i need a way to figure out what computer they were on so i can do it back to him hehe.

When there is a way in there is a way out. Now this might be a long shot but try something called ethereal-live. it gives you up to date statistics on the network your connected to. When you get your prank warning or whatever go to that exact time in the logs and find that sucker.