SUPER STRANGE!! All my passwords got changed! E-mail, system, router, etc...

Posted on 2005-04-15
Medium Priority
Last Modified: 2013-11-16
Hi All,

I'm really terrified by this:

1. Two of my frequently checked email accounts suddenly told me my password was incorrect. I was able to recover the Yahoo! one, but I failed to recover the hotmail one;

2. Although I suspected one person might know my password and most likely has changed it, my other passwords also got changed! Especially my WINDOWS LOGIN PASSWORD!! He wouldn't be able to know my windows password - even he knows, he cannot change it!

3. I updated my virus definition, did a full scan with Norton Antivirus 2005, it found nothing.


So can anybody tell me how to reset my windows password? If possible, could you plz give me a direct web address to download the software needed?

Thanks a million!
Question by:vip2000
  • 2
  • 2
  • 2
  • +1
LVL 25

Accepted Solution

InteractiveMind earned 680 total points
ID: 13789384
Hey Bruce.

What a bitch this is. lol.. I'm going to assume that you're on Windows XP ... ?

> So can anybody tell me how to reset my windows password?
There's a few ways.. Easiest way though, if your Administrator account hasn't had it's password changed, then you can boot up into Safe Mode, log into the "Administrator" account, then open Command Prompt (start -> run -> "cmd" -> ok), then run this command:

   net user yourUserName yourNewPassword

So, if youre user name is "Bruce", and you wish to change the password to "password123", then you'd run this command:

   net user Bruce password123

Then reboot, and try the new password.

Also, download and run "Ad-Aware" and "SpySweeper":

   Ad-Aware Personal:  http://www.lavasoftusa.com/
   SpySweeper: http://www.webroot.com/

These will hopefully locate and remove any keyloggers/trojans which are creating this vulnerability. Also, do you have a firewall installed?


Assisted Solution

fixnix earned 120 total points
ID: 13790539
Not sure what environment you're in, but for example if it's a LAN and your buddy/attacker is elsewhere on the same LAN, he may have simply run a sniffer and grabbed all your passwords that were sent in plain text (like yahoo mail by default doesn't use https to log in...you gotta click the "Sign in Securely" link first).  Also, depending on firewall and update policies used at you location, it may be quite trivial for a user elsewhere on the same LAN (or VPN'd in) to shoot a few malicious packets to your machine and get a SYSTEM shell, basically making him God on your box able to change anything and everything.  Even if you're "fully patched" there are still loads of unpatched IE exploits that could have been used if you were socially engineered into viewing a malicious website or in some cases even just previewing a message in Outlook or Outlook Express that could lead to complete compromise of your box.  Even on a single computer home setup on dialup much of the above is still possible.

What kind of access do you currently have on the machine?  What security measures are in place?

You could run netstat -a from a command line and see what ports are open, have connections, and where you are connected to....although if you've been r00ted by someone stealthy enough, they easily could have replaced netstat and other system binaries by now that are written to hide their access.  You could download utilities from www.sysinternals.com like pstools, process explorer, autoruns, etc..and just start poking around seeing what's running, what's connected to what, what is getting fired up at startup, etc.  Also see www.blackviper.com's windows process explanations....he does a great job explaining what is what in services.msc and what can safely be disabled.

There are several single-floppy linux distros that are in many cases able to blank out the admin pass if it is your personal computer or you have permission from the boss on a work computer.  They are easily found via google and I've had good success with them 20 or so times...but did run in to one box that it didn't work on.
LVL 12

Assisted Solution

rossfingal earned 200 total points
ID: 13790767

Just to make sure you haven't been "Rootkitted" - try these (free):

{Rootkit Revealer}  

F-Secure Blacklight Rootkit revealer  

Run them and see if there's something "hiding" (hopefully - not!)

Good luck!

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Expert Comment

ID: 13791016

Sorry, but I have to nitpick one word in your post...  "sure"

Your suggestion is definately an excellent one and should certainly be done....but running them won't make you "sure" there is no rootkit....it'll just make sure you *most likely* haven't been rootkitted ;)

There is no such thing as 100% secure...and no such thing as being 100% sure a compromised box has been 100% cleaned up.  I'm sure you already know that and I know I'm just being anal...I don't mean this as an insult or personal attack by any means...but therms like sure, certain, always, never, complete, etc throw up a red flag in my brain that I haven't matured enough to just let slide without pointing them out.  

Typically, the more scared a user is, the more cautious they tend to be going forward...which often results in more security-conscious users which is good for everyone on the internet (except for the script-kiddies).  Right or wrong, that is how I justify being such a nitpicker propogating my intense paranoia to the casual users that just had their first wake-up call haha (referring to the original poster, not RF).


LVL 12

Expert Comment

ID: 13791122

Author Comment

ID: 13793145
InteractiveMind, thanks for telling me how to reset system password.

The rootkit revealer did not find anything that's hiding.

Spysweeper found 1 adware and 4 cookies, which I think they are only used to remember my preference settings. I don't


I'm using Windows firewall and everything is up-to-date with Microsoft Online Update.

What do I do now?

Author Comment

ID: 13793172
Oh by the way, as I tried to create a new password on hotmail, the information (zip code) I entered was incorrect. I think that person somehow changed it. Anybody knows how to get that back?

Thank all of you who helped and tried to help. I appreciate it.

LVL 25

Assisted Solution

InteractiveMind earned 680 total points
ID: 13793578
> What do I do now?
Firstly, get a better firewall than the XP one - the XP firewall truly is rubbish.
I thus recommend that you don't give out any personal information or type any important passwords until you've got a decent firewall installed. I recommend:

   ZoneAlarm  ->  http://www.zonelabs.com/  ->  for personal use
   Sygate Personal  ->  http://www.sygate.com/  ->  for network use

> Anybody knows how to get that back?
Try emailing Microsoft Hotmail services, explain the situation, and ask them if there's anyway which you can re-gain access to your account.

Usually however, in these cases, only payed customers to Hotmail can easily get their accounts back.

What I would personally recommend, is that you just create a new Hotmail account; I can also recommend you getting a GMail account while you're at it :)  If you email me (see my profile), I'll invite you to join GMail, where you can get over 2000MB storage, POP3 access, etc.. It's great.  :-)


Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question