Hi Thrash,
This is definitely not something VMWare related. I would be very careful re-enabling that account as it sounds as if something (or someone) is trying to bruteforce the password on that account - thus, every couple of minutes you have to re-enable it. Do you have any log file/event manager (Splunk, Solarwinds LEM, ect?) that you can keep an eye on to track what's going on with that account?
This probably isn't the message board to get much help with this issue but as I said, this sounds like a potentially compromised account.