WOT - need pc help, laptop hijacked on wireless network.... Options

[scottb]

stayed at a hotel with a wireless network last week. was at the inlaws afterwards and the thing worked fine. just got home and there are 2 new accounts on the system, guest and ast.net (i think) along with my regular account. now all of them require passwords none of which accept what i recall to be my password. even tried the password from the hotel system.

went into set up and tried to reset the admin password along with user passwords without luck.

i am using windows xp and am at a loss. i cannot find my system disc so i will buy a new copy of xp and reinstall it if that will fix the problem.

what i really want is my pics and personal stuff off the thing. i can replace the other shit.

was weird that it worked for a few reboots and then started giving me grief.

what a pain in the posterior....

thanks in advance for help and suggestions.....

[Verruckt]

NOOOOOOOOOOOOOOOOO!!!!!!!!!!!!

Dont but another copy of XP!!!

You can fix this. First... Boot into "safe mode with networking". When you first boot up, you should have something at the bottom that says "boot options press F10" or something like that, then choose safe mode w/ networking. It will start minimal drivers, so it may look funny, but will be functional. Then you need to get yourself some AV software (yours can't be trusted at this point), I would suggest AVG www.grisoft.com
It's free, and if you don't like it, you can always remove it. But at least you know it will be secure. Install it and do a full scan on your system. I would also try and remove those two accounts while you are in safe mode. If you can't, and still cannot log in as administrator, I can walk you through resetting the admin password via the "back way" (IMG:http://www.914world.com/bbs2/html/emoticons/wink.gif) . But try those and let me know. XP is pretty easy to fix once it's compromised, unlike some older windoze variants.

[Joe Bob]

I think it's F8 to go to safe mode during reboot.

After it's cleaned out....

Get yourself a good firewall and/or Webroot SpySweeper. It asks you before it allows any changes of home website, browser setting or any other download....blocks any trojans and will clean out any nasty porn site style cookies....

[SirAndy]

QUOTE (scottb @ Jun 1 2005, 07:06 PM)

thanks in advance for help and suggestions.....

i've been telling people for years ...
think of wireless internet like a radio transmitter ... everybody with a receiver can listen to it ... then think of it as being 2-way ... everybody with a receiver can also access the transmitter ... get it?

doing online banking with WIFI is like you screaming your bank account number out loud for hours while riding the train ...
checking email with WIFI is like you handing out prints of all your email to everybody on the train ...

why people don't get that, i don't understand ...

only *real* wires in my office/home ...
(IMG:http://www.914world.com/bbs2/html/emoticons/type.gif) Andy

[bryanc]

QUOTE (SirAndy @ Jun 1 2005, 09:46 PM)

QUOTE (scottb @ Jun 1 2005, 07:06 PM) thanks in advance for help and suggestions..... i've been telling people for years ... think of wireless internet like a radio transmitter ... everybody with a receiver can listen to it ... then think of it as being 2-way ... everybody with a receiver can also access the transmitter ... get it? doing online banking with WIFI is like you screaming your bank account number out loud for hours while riding the train ... checking email with WIFI is like you handing out prints of all your email to everybody on the train ... why people don't get that, i don't understand ... only *real* wires in my office/home ... (IMG:http://www.914world.com/bbs2/html/emoticons/type.gif) Andy

Actually, online banking etc. over a wireless network is no more secure than over a wired network once you realize that all of the routers et.al between you and your bank are subject to being compromized. (open) Wireless networks just make it much easier for the casual eavesdropping.

Besides, if your bank has done its homework, all of the web traffic should be encrypted from your pc to the bank. The problem is that many banks/e-commerce sites don't fully understand how the encryption and authentication works. I've seen a few where your session is encrypted, but your password passes over the net in clear text (IMG:http://www.914world.com/bbs2/html/emoticons/headbang.gif).

The real problem here is that XP is not fundamentally secure. There are too many copies of it, with to many holes being exploited by too much malware. Making XP secure inhibits much of it's functionality--think of the times a firewall or virus software interferes with a game or other piece of software.

I really don't think other OS's are that much more secure, just less popular. That said, I use Linux.

[scottb]

ok, got into safe mode via f8 and now down to admin and my account with password prompt. used the pass word i set during set up and no luck. any more suggestions?

thanks......

[Part Pricer]

Are you sure that the Admin account has a password? Most don't.

[Part Pricer]

There is a way around the password issue. However, you will need access to another PC that has Internet access and the ability to burn CDs.

Go to this link:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

This page includes the instructions and there are links to the distributions at the bottom of the page. You can run this from floppy, but it's a pain and nobody uses floppys any more. If you are creating a CD, make sure to get the file that is around 3MB.

[scottb]

paul, i have tried to get into the system without putting in a password and a message pops up indicating that is not allowed. i don't know the precise wording as i am at the office now. i will try the download this evening with the wifes computer.

many thanks and keep those ideas coming!!!

scott

[Verruckt]

That link Paul posted was the one I would have mentioned. Works great!


BTW, were you able to scan the laptop and makesure you didn't have any bad stuff?

[bd1308]

You're right Paul.

Verruckt, Have you ever looked into Microsoft AntiSpyware? I've been into computers for a LONG time too and this is the first antispyware product that actually does a complete job. Free beta at M$.

andy....have ya heard of WEP 128 bit? Takes over a week and over tens of thousands of stored packets and a linux box to crack WEP....so i would say its pretty good.

[Verruckt]

QUOTE (bd1308 @ Jun 2 2005, 06:12 AM)

You're right Paul. Verruckt, Have you ever looked into Microsoft AntiSpyware? I've been into computers for a LONG time too and this is the first antispyware product that actually does a complete job. Free beta at M$. andy....have ya heard of WEP 128 bit? Takes over a week and over tens of thousands of stored packets and a linux box to crack WEP....so i would say its pretty good.

Yeah, it used to be Giant I think. And it was not bad then, but MS has changed it a bit. On my winders box, I run spybot and adaware both. One always seems to pick up what the other does not. Their updates come out on a regular, if not daily basis. If I remember correctly, MS decided they would only put out updates once a week or once a month (cant remember which, that sort of turned me off of that rather quickly. Maybe they've changed that, but I've already lost interest.

[scottb]

QUOTE (Verruckt @ Jun 2 2005, 07:00 AM)

That link Paul posted was the one I would have mentioned. Works great! BTW, were you able to scan the laptop and makesure you didn't have any bad stuff?

i still haven't been able to get past the passwords that are being required. once i do that i can check for any nasties.

i have had my spyware and virus software running even when at the hotel....

[Verruckt]

QUOTE (scottb @ Jun 2 2005, 06:41 AM)

QUOTE (Verruckt @ Jun 2 2005, 07:00 AM) That link Paul posted was the one I would have mentioned. Works great! BTW, were you able to scan the laptop and makesure you didn't have any bad stuff? i still haven't been able to get past the passwords that are being required. once i do that i can check for any nasties. i have had my spyware and virus software running even when at the hotel....

I would still try your existing AV and spyware, but you never know. THere are more exploits than preventions. Just to absolutely rule out any doubts, it may be a good idea to try a second one just in case. Alot of the exploits out there will disable or cripple popular AV software.

[SGB]

My son said that safe mode doesn't require admin password. He said that you shouldn't use an admin account as your regular profile anyway, but I do too. Anyway, I think if you can get to the user accounts in control panal, you could make a new account, delete any passwords and bogus accounts, and get control back.

[SirAndy]

QUOTE (bd1308 @ Jun 2 2005, 05:12 AM)

andy....have ya heard of WEP 128 bit? Takes over a week and over tens of thousands of stored packets and a linux box to crack WEP....so i would say its pretty good.

yes, but you're still BROADCASTING all your traffic to the whole world ...

even if it's encrypted, someone can sniff your complete session and then just take all the time in the world to hack it and get your passwords and usernames ...
and that IF you use encryption ...

99.9% of all email traffic is PLAIN TEXT ...

BROADCASTING my emails to every joe schmoe and his cousin just doesn't sound like a good idea to me ...

but hey, what do i know?
(IMG:http://www.914world.com/bbs2/html/emoticons/type.gif) Andy

[scottb]

QUOTE (SGB @ Jun 2 2005, 08:16 AM)

My son said that safe mode doesn't require admin password. He said that you shouldn't use an admin account as your regular profile anyway, but I do too. Anyway, I think if you can get to the user accounts in control panal, you could make a new account, delete any passwords and bogus accounts, and get control back.

the message i get when trying to get in without a password is

the local policy of this system does not permit you to logon interactively

this is really frustrating.... over 300 pics and video of my dads 70th birthday party are on that laptop.....HELP!!!!!


thanks......

[SirAndy]

QUOTE (scottb @ Jun 2 2005, 02:50 PM)

this is really frustrating.... over 300 pics and video of my dads 70th birthday party are on that laptop.....HELP!!!!!

just reinstall the system *without* formatting the harddrive. that way, you'll keep all your data ...

borrow a system CD if you can't find yours ...
(IMG:http://www.914world.com/bbs2/html/emoticons/wink.gif) Andy

[Dr. Roger]

im surprised that you can't delete all of your network profiles and just let XP find your primary ISP again.

like andy said... get the CD and reinstall system files. done deal. keep pics. (IMG:http://www.914world.com/bbs2/html/emoticons/wink.gif)

or slave that drive to another PC, copy files to PC, then reinstall drive to original laptop and reinstall OS> (IMG:http://www.914world.com/bbs2/html/emoticons/biggrin.gif)

so many options, so little time.

[Part Pricer]

QUOTE (scottb @ Jun 2 2005, 05:50 PM)

the message i get when trying to get in without a password is the local policy of this system does not permit you to logon interactively this is really frustrating.... over 300 pics and video of my dads 70th birthday party are on that laptop.....HELP!!!!! thanks......

Scott, DON'T PANIC

By default, XP does not have a password on the admin account. That's why some people believe that you don't need a password for Admin when you boot into Safe Mode. It sounds like a password has been established for the Admin account on you machine.

It also sounds like you may have been added to a domain. But, don't worry about that either. We can get around it.

If you haven't already, download the tool that I mentioned in my prior post. Us eit and reset all the passwords to blank (no password). This should allow you to regain control of your PC. If you need help, PM me with your phone number. I'll walk you through it.

Your pics and video are not lost. We will recover them.