SUPER STRANGE!! All my passwords got changed! E-mail, system, router, etc...

Posted on 2005-04-15
Last Modified: 2013-11-16
Hi All,

I'm really terrified by this:

1. Two of my frequently checked email accounts suddenly told me my password was incorrect. I was able to recover the Yahoo! one, but I failed to recover the hotmail one;

2. Although I suspected one person might know my password and most likely has changed it, my other passwords also got changed! Especially my WINDOWS LOGIN PASSWORD!! He wouldn't be able to know my windows password - even he knows, he cannot change it!

3. I updated my virus definition, did a full scan with Norton Antivirus 2005, it found nothing.


So can anybody tell me how to reset my windows password? If possible, could you plz give me a direct web address to download the software needed?

Thanks a million!
Question by:vip2000
    LVL 25

    Accepted Solution

    Hey Bruce.

    What a bitch this is. lol.. I'm going to assume that you're on Windows XP ... ?

    > So can anybody tell me how to reset my windows password?
    There's a few ways.. Easiest way though, if your Administrator account hasn't had it's password changed, then you can boot up into Safe Mode, log into the "Administrator" account, then open Command Prompt (start -> run -> "cmd" -> ok), then run this command:

       net user yourUserName yourNewPassword

    So, if youre user name is "Bruce", and you wish to change the password to "password123", then you'd run this command:

       net user Bruce password123

    Then reboot, and try the new password.

    Also, download and run "Ad-Aware" and "SpySweeper":

       Ad-Aware Personal:

    These will hopefully locate and remove any keyloggers/trojans which are creating this vulnerability. Also, do you have a firewall installed?

    LVL 9

    Assisted Solution

    Not sure what environment you're in, but for example if it's a LAN and your buddy/attacker is elsewhere on the same LAN, he may have simply run a sniffer and grabbed all your passwords that were sent in plain text (like yahoo mail by default doesn't use https to log gotta click the "Sign in Securely" link first).  Also, depending on firewall and update policies used at you location, it may be quite trivial for a user elsewhere on the same LAN (or VPN'd in) to shoot a few malicious packets to your machine and get a SYSTEM shell, basically making him God on your box able to change anything and everything.  Even if you're "fully patched" there are still loads of unpatched IE exploits that could have been used if you were socially engineered into viewing a malicious website or in some cases even just previewing a message in Outlook or Outlook Express that could lead to complete compromise of your box.  Even on a single computer home setup on dialup much of the above is still possible.

    What kind of access do you currently have on the machine?  What security measures are in place?

    You could run netstat -a from a command line and see what ports are open, have connections, and where you are connected to....although if you've been r00ted by someone stealthy enough, they easily could have replaced netstat and other system binaries by now that are written to hide their access.  You could download utilities from like pstools, process explorer, autoruns, etc..and just start poking around seeing what's running, what's connected to what, what is getting fired up at startup, etc.  Also see's windows process explanations....he does a great job explaining what is what in services.msc and what can safely be disabled.

    There are several single-floppy linux distros that are in many cases able to blank out the admin pass if it is your personal computer or you have permission from the boss on a work computer.  They are easily found via google and I've had good success with them 20 or so times...but did run in to one box that it didn't work on.
    LVL 12

    Assisted Solution


    Just to make sure you haven't been "Rootkitted" - try these (free):

    {Rootkit Revealer}

    F-Secure Blacklight Rootkit revealer

    Run them and see if there's something "hiding" (hopefully - not!)

    Good luck!
    LVL 9

    Expert Comment


    Sorry, but I have to nitpick one word in your post...  "sure"

    Your suggestion is definately an excellent one and should certainly be done....but running them won't make you "sure" there is no'll just make sure you *most likely* haven't been rootkitted ;)

    There is no such thing as 100% secure...and no such thing as being 100% sure a compromised box has been 100% cleaned up.  I'm sure you already know that and I know I'm just being anal...I don't mean this as an insult or personal attack by any means...but therms like sure, certain, always, never, complete, etc throw up a red flag in my brain that I haven't matured enough to just let slide without pointing them out.  

    Typically, the more scared a user is, the more cautious they tend to be going forward...which often results in more security-conscious users which is good for everyone on the internet (except for the script-kiddies).  Right or wrong, that is how I justify being such a nitpicker propogating my intense paranoia to the casual users that just had their first wake-up call haha (referring to the original poster, not RF).


    LVL 12

    Expert Comment


    Author Comment

    InteractiveMind, thanks for telling me how to reset system password.

    The rootkit revealer did not find anything that's hiding.

    Spysweeper found 1 adware and 4 cookies, which I think they are only used to remember my preference settings. I don't


    I'm using Windows firewall and everything is up-to-date with Microsoft Online Update.

    What do I do now?

    Author Comment

    Oh by the way, as I tried to create a new password on hotmail, the information (zip code) I entered was incorrect. I think that person somehow changed it. Anybody knows how to get that back?

    Thank all of you who helped and tried to help. I appreciate it.

    LVL 25

    Assisted Solution

    > What do I do now?
    Firstly, get a better firewall than the XP one - the XP firewall truly is rubbish.
    I thus recommend that you don't give out any personal information or type any important passwords until you've got a decent firewall installed. I recommend:

       ZoneAlarm  ->  ->  for personal use
       Sygate Personal  ->  ->  for network use

    > Anybody knows how to get that back?
    Try emailing Microsoft Hotmail services, explain the situation, and ask them if there's anyway which you can re-gain access to your account.

    Usually however, in these cases, only payed customers to Hotmail can easily get their accounts back.

    What I would personally recommend, is that you just create a new Hotmail account; I can also recommend you getting a GMail account while you're at it :)  If you email me (see my profile), I'll invite you to join GMail, where you can get over 2000MB storage, POP3 access, etc.. It's great.  :-)


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now