Serious Security Breach Windows 7 Account! Need help!

DarkAngelSent · 18 Feb 2010

A classmate in my program in university has been able to log into my account after I locked my laptop to goto the bathroom. While I do not know any specifics or details. I can give the following Information.

1) ALL My Account Passwords have been reset to blank.
2) The Laptop was Restarted to do this
3) Im using Windows 7 Professional, with a Ubuntu 9.1 Installation on 2ndary boot.
4) My Ubuntu has a password that he does not know. I do not think he could have used it.
5) He does not know my password, he only wiped it somehow from the account.

He was able to log into my desktop in which I caught him just as he logged in. He was not able to tamper or have access to windows functions like control panel etc as he did not have the time to.

How can I prevent this from happening again and what did he do?

I googled Windows 7 Password Reset but I was not able to find any solutions that meet the above criteria. Im stumped and I do not like the idea of him being able to access my laptop if im not there.

***Solved***

brady · 18 Feb 2010

Change your passwords. There are a few different ways this could have been done on your machine... All in which I don't feel is appropriate to share on this forum due to security reasons.

Disabling auto run will probably do the trick...

DarkAngelSent · 18 Feb 2010

My CD Tray and USB's were not used.

I want to prevent this from happening again. Either way I need to know what he did to prevent it. Can you please tell me what he did?

iseeuu · 18 Feb 2010

DarkAngelSent said:

A classmate in my program in university has been able to log into my account after I locked my laptop to goto the bathroom. While I do not know any specifics or details. I can give the following Information.

1) ALL My Account Passwords have been reset to blank.
2) The Laptop was Restarted to do this
3) Im using Windows 7 Professional, with a Ubuntu 9.1 Installation on 2ndary boot.
4) My Ubuntu has a password that he does not know. I do not think he could have used it.
5) He does not know my password, he only wiped it somehow from the account.

He was able to log into my desktop in which I caught him just as he logged in. He was not able to tamper or have access to windows functions like control panel etc as he did not have the time to.

How can I prevent this from happening again and what did he do?

I googled Windows 7 Password Reset but I was not able to find any solutions that meet the above criteria. Im stumped and I do not like the idea of him being able to access my laptop if im not there.

Hello DarkAngelSent, and welcome to Windows Seven Forums!

Some basic security steps to take that will help here would be to secure the computer bios with a password. Also, for convenience during install, we sometimes set the CD-Rom as first in boot order. This would allow someone to use a CD to circumvent passwords. Set the Hard Drive as first in boot order to prevent this.

Use the password feature when your computer comes out of sleep or hybernation, or after the screen saver.

Enable the Default Administrator account and give the account a password. Then disable the account again.

Please let us know if you need help with these suggestions.

Cheers!
Robert

Bare Foot Kid · 18 Feb 2010

Hello DarkAngelSent, welcome to Seven Forums!

Here's an option in case you ever get "locked out" of your machine; see the snip below and follow the wizard prompts.

Serious Security Breach Windows 7 Account! Need help!-reset.jpg

brady · 18 Feb 2010

DarkAngelSent said:

My CD Tray and USB's were not used.

I want to prevent this from happening again. Either way I need to know what he did to prevent it. Can you please tell me what he did?

Are you in a domain environment there? But like I said earlier, allowing you to "recreate" the breach would be unethical. Thus the reason the explanations for what this person may or may not have done is not really up for discussion.

DarkAngelSent · 18 Feb 2010

I am not in a domain environment as it is my own laptop.

He did not have access to any windows controls, as he had circumvented it without the ability to log onto windows.

He did not utilize the CD Drive or USB Ports
Therefore he did not use the windows password recovery CD or other peripherals etc.

I have already put a bios password in as a precautionary step (as i know he had to reboot) And i have as recommended by the user above, placed my Hard drive as my primary boot device.

I also do not find the discussion of how he did this as unethical. This is after all my own machine, and as a Network Securities Student, one of the key points we are taught is that if we are not able to perform the security breaches or recreate it, we cannot learn from it or take steps and measures to prevent it. This being a Windows 7 Forum, I find that out of all the other places over the internet, THIS is the place one should/would discuss an issue like this as it pertains and has relevance to the operating system and configuring and securing the environment.

seekermeister · 18 Feb 2010

Check User Accounts and see if the Guest Account is enabled. If so, it probably isn't password protected.

iseeuu · 18 Feb 2010

DarkAngelSent said:

I am not in a domain environment as it is my own laptop.

He did not have access to any windows controls, as he had circumvented it without the ability to log onto windows.

He did not utilize the CD Drive or USB Ports
Therefore he did not use the windows password recovery CD or other peripherals etc.

I have already put a bios password in as a precautionary step (as i know he had to reboot) And i have as recommended by the user above, placed my Hard drive as my primary boot device.

I also do not find the discussion of how he did this as unethical. This is after all my own machine, and as a Network Securities Student, one of the key points we are taught is that if we are not able to perform the security breaches or recreate it, we cannot learn from it or take steps and measures to prevent it. This being a Windows 7 Forum, I find that out of all the other places over the internet, THIS is the place one should/would discuss an issue like this as it pertains and has relevance to the operating system and configuring and securing the environment.

DAS;

Your point is well taken. Please consider from our point of view: breaking into someone else's computer IS unethical. We are not the place to educate people on HOW to break in to a computer, but we are willing to make suggestions on how to secure your computer.

If your assessment of the means of intrusion into your computer is correct, I can only think of two means of access: the Default Administrator account can be enabled without a password, so it needs to have a password so even if it is enabled, it cannot be accessed.

Second: a key logger might have been used to capture your password without your knowledge. It could be software or hardware.

DarkAngelSent · 18 Feb 2010

The Administrator account has a password and was disabled during initial configuration.

There are no key loggers on my machine.

What really is stumping me is that he had to restart the machine to do this. This is leading me to beleive that he tampered with a windows file. Perhaps deleted a file containing the user account passwords in particular. (I dont know what windows calls it as i only know it for linux). Again he had no access to the windows environment itself. So i dont think a software keylogger would be something id account for. Nor did he have peripherals such as hardware keyloggers.