My mom's Vista Home Premium (32 bit) password was changed. My mom said that she didn't change it and she doesn't think anyone else here did either. So.. Could this have been done remotely?
I'm running Ophcrack now, what else can we do? (I haven't tried safe mode yet.) I'm a techie and somewhat baffled. Help!
Edit:
ophcrack found empty LM but no NT hash is displayed. Entering safe mode...
Edit2:
I'm an idiot. Well sort of. Ophcrack could not crack the password which was just lowercase English letters, but for some reason, I was able to login using the orignal password in safe mode. Once in safe mode I "changed the password" back to it's original value and was then able to login in regular mode... It's time to run a virus scan.
Answer
Passwords can be changed remotely, e.g. using http://www.bo2k.com/whatis.html
If you suspect that really happened (i.e. caps lock is not pressed, the language is correct, the keyboard is OK and password was not forgotten), then it might mean your computer is compromised otherwise (e.g. have an installed rootkit), so unless you are confident you can solve that - a complete re-install might be better than simply regaining control over it.
No comments:
Post a Comment