Tuesday, April 18, 2017

Windows Vista Password changed... What the?


My mom's Vista Home Premium (32 bit) password was changed. My mom said that she didn't change it and she doesn't think anyone else here did either. So.. Could this have been done remotely?


I'm running Ophcrack now, what else can we do? (I haven't tried safe mode yet.) I'm a techie and somewhat baffled. Help!


Edit:


ophcrack found empty LM but no NT hash is displayed. Entering safe mode...


Edit2:


I'm an idiot. Well sort of. Ophcrack could not crack the password which was just lowercase English letters, but for some reason, I was able to login using the orignal password in safe mode. Once in safe mode I "changed the password" back to it's original value and was then able to login in regular mode... It's time to run a virus scan.


Answer



Passwords can be changed remotely, e.g. using http://www.bo2k.com/whatis.html


If you suspect that really happened (i.e. caps lock is not pressed, the language is correct, the keyboard is OK and password was not forgotten), then it might mean your computer is compromised otherwise (e.g. have an installed rootkit), so unless you are confident you can solve that - a complete re-install might be better than simply regaining control over it.


No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...