SUPER STRANGE!! All my passwords got changed! E-mail, system, router, etc...

Hi All,

I'm really terrified by this:

1. Two of my frequently checked email accounts suddenly told me my password was incorrect. I was able to recover the Yahoo! one, but I failed to recover the hotmail one;

2. Although I suspected one person might know my password and most likely has changed it, my other passwords also got changed! Especially my WINDOWS LOGIN PASSWORD!! He wouldn't be able to know my windows password - even he knows, he cannot change it!

3. I updated my virus definition, did a full scan with Norton Antivirus 2005, it found nothing.


So can anybody tell me how to reset my windows password? If possible, could you plz give me a direct web address to download the software needed?

Thanks a million!
Who is Participating?
InteractiveMindConnect With a Mentor Commented:
Hey Bruce.

What a bitch this is. lol.. I'm going to assume that you're on Windows XP ... ?

> So can anybody tell me how to reset my windows password?
There's a few ways.. Easiest way though, if your Administrator account hasn't had it's password changed, then you can boot up into Safe Mode, log into the "Administrator" account, then open Command Prompt (start -> run -> "cmd" -> ok), then run this command:

   net user yourUserName yourNewPassword

So, if youre user name is "Bruce", and you wish to change the password to "password123", then you'd run this command:

   net user Bruce password123

Then reboot, and try the new password.

Also, download and run "Ad-Aware" and "SpySweeper":

   Ad-Aware Personal:

These will hopefully locate and remove any keyloggers/trojans which are creating this vulnerability. Also, do you have a firewall installed?

fixnixConnect With a Mentor Commented:
Not sure what environment you're in, but for example if it's a LAN and your buddy/attacker is elsewhere on the same LAN, he may have simply run a sniffer and grabbed all your passwords that were sent in plain text (like yahoo mail by default doesn't use https to log gotta click the "Sign in Securely" link first).  Also, depending on firewall and update policies used at you location, it may be quite trivial for a user elsewhere on the same LAN (or VPN'd in) to shoot a few malicious packets to your machine and get a SYSTEM shell, basically making him God on your box able to change anything and everything.  Even if you're "fully patched" there are still loads of unpatched IE exploits that could have been used if you were socially engineered into viewing a malicious website or in some cases even just previewing a message in Outlook or Outlook Express that could lead to complete compromise of your box.  Even on a single computer home setup on dialup much of the above is still possible.

What kind of access do you currently have on the machine?  What security measures are in place?

You could run netstat -a from a command line and see what ports are open, have connections, and where you are connected to....although if you've been r00ted by someone stealthy enough, they easily could have replaced netstat and other system binaries by now that are written to hide their access.  You could download utilities from like pstools, process explorer, autoruns, etc..and just start poking around seeing what's running, what's connected to what, what is getting fired up at startup, etc.  Also see's windows process explanations....he does a great job explaining what is what in services.msc and what can safely be disabled.

There are several single-floppy linux distros that are in many cases able to blank out the admin pass if it is your personal computer or you have permission from the boss on a work computer.  They are easily found via google and I've had good success with them 20 or so times...but did run in to one box that it didn't work on.
rossfingalConnect With a Mentor Commented:

Just to make sure you haven't been "Rootkitted" - try these (free):

{Rootkit Revealer}

F-Secure Blacklight Rootkit revealer

Run them and see if there's something "hiding" (hopefully - not!)

Good luck!
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!


Sorry, but I have to nitpick one word in your post...  "sure"

Your suggestion is definately an excellent one and should certainly be done....but running them won't make you "sure" there is no'll just make sure you *most likely* haven't been rootkitted ;)

There is no such thing as 100% secure...and no such thing as being 100% sure a compromised box has been 100% cleaned up.  I'm sure you already know that and I know I'm just being anal...I don't mean this as an insult or personal attack by any means...but therms like sure, certain, always, never, complete, etc throw up a red flag in my brain that I haven't matured enough to just let slide without pointing them out.  

Typically, the more scared a user is, the more cautious they tend to be going forward...which often results in more security-conscious users which is good for everyone on the internet (except for the script-kiddies).  Right or wrong, that is how I justify being such a nitpicker propogating my intense paranoia to the casual users that just had their first wake-up call haha (referring to the original poster, not RF).


vip2000Author Commented:
InteractiveMind, thanks for telling me how to reset system password.

The rootkit revealer did not find anything that's hiding.

Spysweeper found 1 adware and 4 cookies, which I think they are only used to remember my preference settings. I don't


I'm using Windows firewall and everything is up-to-date with Microsoft Online Update.

What do I do now?
vip2000Author Commented:
Oh by the way, as I tried to create a new password on hotmail, the information (zip code) I entered was incorrect. I think that person somehow changed it. Anybody knows how to get that back?

Thank all of you who helped and tried to help. I appreciate it.

InteractiveMindConnect With a Mentor Commented:
> What do I do now?
Firstly, get a better firewall than the XP one - the XP firewall truly is rubbish.
I thus recommend that you don't give out any personal information or type any important passwords until you've got a decent firewall installed. I recommend:

   ZoneAlarm  ->  ->  for personal use
   Sygate Personal  ->  ->  for network use

> Anybody knows how to get that back?
Try emailing Microsoft Hotmail services, explain the situation, and ask them if there's anyway which you can re-gain access to your account.

Usually however, in these cases, only payed customers to Hotmail can easily get their accounts back.

What I would personally recommend, is that you just create a new Hotmail account; I can also recommend you getting a GMail account while you're at it :)  If you email me (see my profile), I'll invite you to join GMail, where you can get over 2000MB storage, POP3 access, etc.. It's great.  :-)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.