Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Serious Security Breach Windows 7 Account! Need help!

18 Feb 2010   #11


Quote   Quote: Originally Posted by DarkAngelSent View Post
The Administrator account has a password and was disabled during initial configuration.

There are no key loggers on my machine.

What really is stumping me is that he had to restart the machine to do this. This is leading me to beleive that he tampered with a windows file. Perhaps deleted a file containing the user account passwords in particular. (I dont know what windows calls it as i only know it for linux). Again he had no access to the windows environment itself. So i dont think a software keylogger would be something id account for. Nor did he have peripherals such as hardware keyloggers.
Well ... if I may be allowed to joke with you (in a totally friendly way) unless he had a "magic wand", there is no way he could login to your computer, either linux or windows, without your password, or some external operating system.

BTW this tutorial is a legit way to enable the Default Administrator Account when one has damaged his computer and no longer has any administrator rights with any user accounts. That is why I recommend giving the special account a password. User Account Password - Change from WinRE


My System SpecsSystem Spec
18 Feb 2010   #12

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE

Your mention of Linux makes me wonder if you are dual booting with a Linux distro? If so, and he could access that, he could read Windows files with it I'm not certain, but I think that could be done with a Linux Live CD.
My System SpecsSystem Spec
18 Feb 2010   #13


I think this thread has gone far enough with information relating to certain access points.
My System SpecsSystem Spec

18 Feb 2010   #14

Win7 Home Premium 64x

Encrypt the Hardrive like with
My System SpecsSystem Spec
18 Feb 2010   #15

Win7 Home Premium 64x

If you think he could get into the boot menu or bios, you can disable the keys on startup will not be able to use them either if you need to though.

Edit apologies: Sorry Brady I didn't read your post, I was trying to offer a way to protect not bring up securtiy flaws and what not
My System SpecsSystem Spec
18 Feb 2010   #16

Win7 Home Premium 64x

There are also programs like Eraser to get rid of sensitive data so it cant be dug up from your computer if it is compromised. or get a program to create an encypted vault for your files. If you think he might have a program to hack your password, remember the longer the pass the better. even if he could decrypt your pasword, if its 20 chars long, it will take him months(?) to crack it as opposed to days(?) for a 6 alphanumerics
My System SpecsSystem Spec
18 Feb 2010   #17


A reboot with a hirens bootable cd and use of tools would make any of the problems possible. Also a Live Ubuntu CD would give full access as well and it is easy to reset the Ubuntu password from a command line on boot.

I would report this person to the proper authority if it is relevant.
My System SpecsSystem Spec
18 Feb 2010   #18

Windows 7 Ultimate 64Bit

Quote   Quote: Originally Posted by DarkAngelSent View Post
My CD Tray and USB's were not used.

I want to prevent this from happening again. Either way I need to know what he did to prevent it. Can you please tell me what he did?
Did you ask him what he did ? Did you bring it to a higher authority ?
Is this your own personal computer ? If it is ... Well Then ......
My System SpecsSystem Spec
19 Feb 2010   #19

Windows 7 Professional x64, Windows Server 2008 x64, Ubuntu 9.1

Yea I had a gut feeling he used my ubuntu to access my windows files. But I have a secure alphanumeric password for both the root and my account pass on my Ubuntu as well as my W7. I have already set a bios password as well and set my HDD as my primary boot device.

As for reporting him. (while I am a bit pissed that he tampered with a configuration without telling me first (ie delete my account passwords), its just something he does. Hes a classmate and we both study in the network securities field. ie, he does it to try to motivate me to keep updated on security flaws and weaknesses. This is why he wont tell me exactly what he did. Unfortunately, I cannot seem to figure out what he did and its unnerving that he can break into my account when he pleases (though i have the bios passwd set now). The methods for "resetting" the windows password do not meet the criteria of events and procedures he used.

If this issue really is a "flaw" or weakness in the operating system. I would think that this knowledge should be public knowledge so that the community and people around the world can work to protect themselves. While I understand why some users are compelled to keep this under wraps, If you hide these weaknesses, your basically just saying. "Yea ok, theres a problem, but were not gonna tell you what the problem is." One of the first things they teach us is that Obscurity is the worst form of network security. If these people know about this weakness, they must have learned it somewhere, and if that flow of information and education stops, the new generation of security admins will not have the proper education to protect the systems they are hired to protect. I cannot help but feel that this is more than just an attempt at obscurity, as the logic behind the argument to me is flawed based on the security through obscurity principle. Instead (while intentional or unintentional) the feeling of oppressing the learning and education of emerging students in regards to that information can only serve to increase the gap between amatures and professionals.

As I see it, security breaches like this are like a festering wound. If you leave it unattended for too long, itll become worse and worse. Ignoring it and witholding treatment does nothing to serve the community. With that in mind, I think its unethical to withhold this kind of information that the community of users have a right to know about to protect themselves with.

Thank you Iseeuu. The method you described seems to fit the criteria. Ill explore into this in greater detail and get back to you with my results. :)
My System SpecsSystem Spec
19 Feb 2010   #20


Yeah he used your ubuntu OS to bypass your login, Following this guide to reset a ubuntu password is quite trivial because recovery mode drops you into a root shell by default without requiring a password

I recommend removing ubuntu.

How to reset your password in Ubuntu
My System SpecsSystem Spec

 Serious Security Breach Windows 7 Account! Need help!

Thread Tools

Similar help and support threads
Thread Forum
Security breach on the Ubuntu Forums
I received an email about this.
Chillout Room
Security Breach or a Bug?
Booted up my laptop, nothing suspicious to report, was going to upload a pic to a forum, when it was odd that it showed my system32 folder. I then noticed the folder I was looking for was moved to another folder..unless I may have did something that caused it to do that. That was the first thing I...
System Security
Security Breach??
Awoke this morning to my MS Outlook being shut down. Before going to bed, I did not shut it down. However, looking in the event logs, this is what I've found: Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:58.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App