Computer hacked - need to know how.

Alright, I left my computer locked (switch user screen) for two days, and when I returned, my brother had somehow removed the password and gained full access to my computer. The problem is that it had to be something very simple, because he doesn't even know how to configure the wireless internet. That worries me, because he may have used some virus-infested, third-party software.

He didn't crack the password, he removed it entirely, and my first guess was Remote Desktop, but I'm pretty sure that's not it. My second guess is some kind of anti-virus recovery disk, but I've never made one for my specific computer, so I don't know how that would have worked. All I need to know is if there is a simple way to remove a windows password.

Thanks,
-Peter

 

If they got access to a third party software that resets the password a from of Linux or DOS.

All of them that I know of costs money though.

Also he may have logged into the Administrator account as long as it was not password protected.

 

He wouldn't have paid, and this is the only account on the computer.

 

The Administrator does not show up in User Accounts it is a hidden account in Windows. The account is their for emergency cases.

I want you to try something though. Put your computer in the locked state. For the username type "Administrator" without the quotes and leave the password blank and see if that logs you in.

Report back your results on that.

 

If this is XP Home, the only way to log on as the administrator is to boot into safe mode. From there you can remove any passwords of any system accound you have.

If this is XP pro, you can hit CTRL + ALT + DEL (2 times) to access the logon prompt. Changing the username to: Administrator and password (default is blank, I.E. press enter). Can also gain access to said computer.

In XP pro, the administrator account can INDEED be accessed, via the usermanager applet.

I'd either password protect all accounts, or disable the built in admin account. Note disabling the built in admin account, then forgetting ones password may be a bad move.

Windows Vista automatically disables the administrator account by default.

 

Well, it's XP Home Edition, and I left it locked. I know he had to turn off the computer to do it, and for some reason he cleared the browser cache. Regardless, I need to know how one can remove the password entirely.

 

I'm reading security logs from the Windows Event viewer, and apparently he failed once and succeeded roughly 4 minutes later.

Correction: apparently that was the successful logon, however it took him much longer to crack it. The logon code for most attempts is 5, which I believe means remotely. The standard, local logon code is 2.

Edit numero dos: Logon Process Name: RASMAN

That's remote, no?

 

Remove which password? The administrator account, or your normal login account?


Just now noticed you are a new member to MajorGeeks! Welcome! There are quite a few very knowledgeable people here that are very helpful. I hope that either I or someone else can help you!

 

There's a difference between removing a password and not requring a password at the login screen. To do the later, an administrator would go start > run > type control userpasswords2 and then uncheck the box which say "users must enter a username and password."

To actually REMOVE the password, go to control panel (classic view) > user accounts > YourUserName > (I believe) Remove Password.

But as thefool and Sqeaner correctly pointed out, you first have to be logged in to do this.

May I suggest the simple solution that perhaps your brother guessed your password based on personal knowledge or saw you type it in?

 

Both - I am the administrator, and I am the only account. Security logs say that it was all done remotely. I've disabled remote assistance in Windows Firewall, should that solve it? Also, possibly related, a Windows Update that I just downloaded mentioned a security vulnerability in Remote Assistance over Networks. Coincidence? Anyway, thanks for the welcome - I'm already enjoying the support.

-Peter

 

There's no way he guessed it - it's a good password, he's never seen me type it in, he wouldn't know how (or have a chance) to install a keylogger, and he wouldn't have taken the time to actually remove the password after guessing it.

 

Safe Boot, log in as administrator, and do what MKoroStaff stated. Does not take much to do, and any fool can do it.

 

Two things:

A) He couldn't have logged in to do that.

B) The Windows Security Logs say that the logon attempts were code 5, which is a remote logon.

 

Wait - is it possible, since I'm the only account on this computer, and I'm the administrator, that there's some other "Administrator logon" that doesn't require a password?

EDIT: Oh, didn't see Squeaner's post. I'll try that.

 

This may seem like a stupid question, but how do I lock XP Home Edition other than the Switch User Screen (Windows key+L)? I mean, how do I get to a screen that lets you type your username?

 

SDHSLDBHO{SBFsfbopi[adjb[adjbnap'[dfja'tmj

When I try to "change the way users logon" in the control panel, McAfee says that the fine mshta.exe contains suspicious scripting activity and has been stopped.

I looked it up, and apparently it's a legit. Windows process. What should I do??

(Sorry for posting so many times in a row.)

 

You can't with XP Home. Most people have gone with Pro, due to easier to secure. Home is a joke and a crapshoot, when it comes to security.

 

Alright, one more question. When I get to the lock screen, it says something like "Only Name (Description) can unlock this computer."

Name says what it should - my name. But how do I change description?

 

You can't, due to it is by User that is logged in, or the Administrator.

 

OMG - I just realized that I never set an Administrator password. Pretty stupid. The problem is that on this computer I never installed Windows - it came that way. Still, a stupid mistake.

But I still don't understand all the remote logons. Either way, I've updated, disallowed programs, etc., so it shouldn't happen again.

 

Did you need to leave the computer on while you were away? If not, you could put a password in the bios as well. So that it won't boot up until that password is entered. Gives you an extra layer of protection.

 

Tools like Offline NT Password & Registry Editor (v050303) (http://home.eunet.no/~pnordahl/ntpasswd) can blank any local Windows XP account in a matter of minutes. I would have ventured to guess that your brother used a tool like the above mentioned one in order to blank out the password and then logged in remotely...as you had mentioned. But, after hearing about the passwordless Admin account, I guess that solves what actually happened.

 

No, the OP just realized that they never set an Administrator password, which allowed their brother to break into the machine.

 

Right! See the last sentence in my post!

" But, after hearing about the passwordless Admin account, I guess that solves what actually happened. "

 

Same here. Only way to put a password on the admin account for XP Home, is to do it from Safe mode, or Control Userpasswords2

 

If he has local access to the computer he can gain access to win xp...I wrote a short article here on some ways to secure your computer from local access, but when it comes down to it if he has access he can own it. http://websiteforu.com/news/2006/07/securing-your-computer-from-physical-access/