No announcement yet.

Admin password is hacked

  • Filter
  • Time
  • Show
Clear All
new posts

  • Admin password is hacked

    Dear All ,

    I'm an IT admin responsible and have a number of desktop PCs used by operators [ windows 7 professional . one of those PC i found it's configuration was changed and i thought at the beginning it's my mistake but then i found that someone is ale to do it .

    the changes i'm talking about is the static IP address and the DNS. after afew days i found that the same PC have different IP .

    i even found some applications installed without my permission but no one knows the admin password .

    the thing i noticed is when i log off the user account and try to log on again using the admin account i find in the log screen that all Accounts , admin or not are marked as logged on . this is wired.

    please help me to know what happened .


    M Farag

  • #2
    Re: Admin password is hacked

    i found a strange software installed on the machine named " SetACL"

    i'm wondering what is this


    • #3
      Re: Admin password is hacked

      If this is a domain, then someone else knows your admin credentials, whether they admit it or not. Or maybe your lockdowns just aren't as secure as you may believe. If you didn't put it there, someone else did, either deliberately or by running something which stuck it on in the background (but the logged-on user had to have permissions to do that).

      That program appears to be a tool for setting NTFS permissions on files/folders/printers/etc. on a PC. Haven't used it myself, so can't say whether it's any good or just another cash cow.

      What to do:
      -Take the PC off the network
      -Remove that program
      -Perform system file scan
      -Verify your AV is up to date and do a complete device scan
      -Use Disk Cleanup tools from the C:\ drive's 'Properties' window to clean out Temp folder, etc.
      -Change your admin credentials immediately, tell no one else
      -Make certain that other users don't have Power User or Administrators group memberships on the PCs or the domain (if applicable)
      -Don't reattach to the network until you're happy that the machine is clean
      -See if that or any other program mysteriously appears anywhere, check the system and application logs for the install event, see who was logged on at the time
      -Tell management.
      MSCA (2003/XP), Security+, CCNA

      ** Remember: credit where credit is due, and reputation points as appropriate **


      • #4
        Re: Admin password is hacked

        Actually, if this is on a domain, your first step should be to change the local admin password, if you have a Domain Admin account, that is. Once you take it off the network, you aren't going to be changing anything if you don't have the password to an admin account, unless you want to rely on a third-party hacking tool.

        Find the computer account in Active Directory, right-click and select "Manage". You can change it from there without logging on to the PC.

        If this is not a domain, then I'm afraid I have no suggestions.


        • #5
          Re: Admin password is hacked

          If you have WDS running on your network, just blow the sucker away and reimage. Takes 20 to 40 minutes depending on your hardware, image size and network speed.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2