Did I get owned?

I really need your input on this.

Something very strange happened to my computer yesterday evening. When I returned to my computer (Windows XP Pro) that was locked, I was unable to unlock it. Many tries later, I realized that for some reason the system was not accepting my password. Using the administrator account, I logged of my user (who also has admin rights) and tried to find out what had happened. I also switched of the WLAN of my computer, as a precaution.

I looked in the event log but could not find anything more suspicious than that the registry was not unloaded when the computer restarted and also that flushing of the transaction log had failed. Then, I got the idea that I should decrypt the password of my inaccesible user, to see if that could give me a clue about something.

I installed LC5 for cracking purposes. However, this did not help since LC5 was unable to import the account of my inaccesible user but was able to import all other accounts. Hence, I could not start to brute force the user passwrod since LC5 was unable to even see it.

At this point I gave up. I either had a system that had corrupted security information for my user or someone had taken control of my computer. Either way, I could not trust my set-up, so I popped in my manufacturer provided system restore disk and restored the factory OS image to my computer.

Some additional info:

I did have a firewall as well as anti-virus software and neither gave any indication that something fishy was going on. However, the firewall has many ports open and my system was sitting in the routers DMZ.

So guys, what do you think? Did I get hacked and the hacker/trojan changed the password of my user account or was it a corruption problem?

What other measures (except LC5) could I have taken to investigate further to see if I was hacked (I know that it is too late now but I would like to know for future reference)?

 

DMZ Mode? never never... its like standing naked to the hackers.

Someone could have easily gained access to your comp. Did this happen at your home or office?

You could have created another account & removed your Windows Password.

 

Yeah, just making another account would have worked.

 

It was at home. However, how can hackers easily gain access to the computer? Since I have all windows updates installed and do have a firewall, they must be using hitherto unknown exploits in Windows XP. Also, why waste energy (and risk revealing unknown exploits) on someone like me? I have nothing of commercial value on my computer at all?

I did so from my administrator account. However, since I either was hacked or had security data corrupted I could not trust my set-up so I blew the disk clean and re-installed Windows XP.

 

I think it was the Chinese.

You don't happen to work for a major credit card company or bank & have 10.75 million peoples' account information on that system, do you?

 

It's not a bad idea to reinstall. I probably would have done that, too.

 

Uh oh, how did you know?

But seriously, could my problem have occurred due to data corruption issues or did someone take control of my system. The thing I do not understand, if I was hacked why only change the password on my user account and not the administrator account as well. And also, why change the user account password at all? That would only alert me that something was fishy.

 

Yes, you just got owned.

There's my answer to your question.

 

So you are saying that the password change on my account (while the computer was locked) is much more likely to be due to hacking than data corruption?

 

Well, even if it is data corruption... You still got owned... by Microsoft.

 

lol, so true...

 

Heehee. Pwn3d b'/ M$! OMG M$ sux move 2 linux!

 

Hehe linux? .i would love to do that if you tell me where to get drivers.

I mean i would jus love to use Linux Ubuntu .. with its Beryl that PwnS! AERO

 

No you don't have a firewall. If your machine was in the firewall's DMZ that means it was totally unprotected. That is the very definition of the DMZ, an unprotected zone.

Gary

 

yes, its called Demilitarized zone under which all your major ports are Open & Data Traffic is not checked. Its like a Buffet for Hackers.

The Chinese Hackers are always on the lookout for DMZ modes.

Thats why i atleast PWN! them in CS!

 

I should have been more clear. I meant that I had a software firewall (on my computer). I use Norman Personal Firewall.

 

I wonder how many of the MS haters primarily use Windows?

 

Windows PWNS Mac... but XP Pwns Vista anyday!

 

And Linux PWNS them all!


(Compiz Fuzion FTW!)

 

and i as asked u before... Where to get Linux drivers for laptops?

 

Vostro 1400|T5470 Core 2 Duo 1.6Ghz|2GB DDR2 667MHz|128MB nVidia GeForce 8400M GS|80G 5400RPM SATA HDD|24X CD-RW/DVD|1390 802.11g Mini|2.0MP w/cam| Windows Vista Business|Ubuntu 7.10

 

Ubuntu 7.10