Bit of a weird one - W7 password changed, not by me.
Discussion
Logged on this morning as usual.
Password need 3 tries as my hand tremor is particularly bad at the moment & fingers have a life of their own.
Anyway, 3rd time lucky with the right characters.
Using Chrome to do some browsing (multiple tabs).
Notice I got logged out of Facebook (from one account to another). Thought nothing of it.
Then wanted to see the password of a gmail account. Went into Chrome settings, found account, clicked show password - needed to enter W7 login password.
Typed it in. Wrong password.
Checked again, no dice.
Checked by typing in Notepad, copy/paste. No dice.
Ran MalwareBtyes.
Got a malicious website protection popup for Chrome, immediately closed.
MalwareBtyes tagged 1 item in scan, adware of something (potential) - removed it.
Checked Protection Log, got a few of these:
Detection, 30/05/2016 15:14, SYSTEM, My PC, Protection, Malicious Website Protection, IP, 46.246.126.220, 17265, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
1st one was 09.19 (4 hits), then 09.55 (3 hits), then 4 more from 15.14.
To rectify the situation, I created an new User with Admin rights, set a password, switched to new User, removed password from my account, created new password, switched back, changed new password back.
Any insight into what might have happened/tips would be welcome.
Thanks.
Password need 3 tries as my hand tremor is particularly bad at the moment & fingers have a life of their own.
Anyway, 3rd time lucky with the right characters.
Using Chrome to do some browsing (multiple tabs).
Notice I got logged out of Facebook (from one account to another). Thought nothing of it.
Then wanted to see the password of a gmail account. Went into Chrome settings, found account, clicked show password - needed to enter W7 login password.
Typed it in. Wrong password.
Checked again, no dice.
Checked by typing in Notepad, copy/paste. No dice.
Ran MalwareBtyes.
Got a malicious website protection popup for Chrome, immediately closed.
MalwareBtyes tagged 1 item in scan, adware of something (potential) - removed it.
Checked Protection Log, got a few of these:
Detection, 30/05/2016 15:14, SYSTEM, My PC, Protection, Malicious Website Protection, IP, 46.246.126.220, 17265, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,
1st one was 09.19 (4 hits), then 09.55 (3 hits), then 4 more from 15.14.
To rectify the situation, I created an new User with Admin rights, set a password, switched to new User, removed password from my account, created new password, switched back, changed new password back.
Any insight into what might have happened/tips would be welcome.
Thanks.
C:\Nobody>nslookup 46.246.126.220
Server: routerlogin.net
Address: 192.168.0.1
Name: edis08se.srv.wifiprotector.com
Address: 46.246.126.220
Doesn't look quite so scary - is "WifiProtector" something you have installed?
ETA -
I don't think a System Restore is a good idea.
If you still have odd behaviour, follow "What do I do now" here:
https://forums.malwarebytes.org/topic/9573-im-infe...
Server: routerlogin.net
Address: 192.168.0.1
Name: edis08se.srv.wifiprotector.com
Address: 46.246.126.220
Doesn't look quite so scary - is "WifiProtector" something you have installed?
ETA -
I don't think a System Restore is a good idea.
If you still have odd behaviour, follow "What do I do now" here:
https://forums.malwarebytes.org/topic/9573-im-infe...
Edited by grumbledoak on Monday 30th May 19:35
Thanks for the replies. Already on the MalwareBytes forum & will post up after Microsoft Security has finished a deep scan.
Nothing seems out of place at the moment, I did an IP lookup for that address but didn't really understand the results (in terms of threat level).
I checked the system events & the only ones found seem to correspond to my setting up a new admin user & deleting/changing of my password.
All rather odd.
Nothing seems out of place at the moment, I did an IP lookup for that address but didn't really understand the results (in terms of threat level).
I checked the system events & the only ones found seem to correspond to my setting up a new admin user & deleting/changing of my password.
All rather odd.
Smiler. said:
I did an IP lookup for that address but didn't really understand the results (in terms of threat level).
As far as I can see WifiProtector is a legit product that you can download and install free + adware. Did you install it? Can you see it in Control Panel | Programs? If you can, I would assume you just typo'd the password field repeatedly.I would also run through the procedure in the link to check for malware. And if you have an external backup, maybe disconnect it and keep it safely in a drawer...
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff