Link to home
Start Free TrialLog in
Avatar of crp0499
crp0499Flag for United States of America

asked on

Have I been hacked?

so, all weekend, I've been using RDP to access this remote server.  my settings (domainname\username and password) are saved so that when I hit connect, I log right in.

when I log in, I get the local physical host, and i go to hyper-v to manage my virtual server.

so, this morning, I can't log in.  my local username/password combo, the one I've been using all weekend, doesn't work.

when my local tech attempts to log in, he only has two usernames to choose from.  one is administrator and the other if office$

the office$ is unknown to me.

so, I think I've been hacked.  the password for administrator would not have been difficult to guess.

so, I'm going to boot with the NT crack utility, reset the local administrator password, and then try again.



Avatar of locomotiveDigital

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of crp0499


When you RDP to 65.65.xx.xx, my public IP, you hit a physical host.  A dell T710 to be exact.  

It's the local UN/PW on that physical host that has been hacked I think.

From there, you can load hyper-v and see the on VM I have on there.

at present, the local VM is good to go.

there is nothing on the local box at all so it seems that if my UN/PW has been changed, it was just a nusiance thing since the router config is unchanged.