Solved! HELP! email account was hacked last night. I get this error message

[nbabe1]

This morning I came and logged in. I saw that some emails werent sent. Problems is I never sent theM! I checked my sent box and yeah I sent it. but it wasnt me.

I have avast antivirus always on. 1 a week I do a malwarebites and a ccleaner run too.

First thing first I changed my password but hotmail(which is my account) says to do a number of other things. Including checking my updates. BUT I GET an error pages when I try: your connection is not private NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

I also tried antivirus, only 1 thing came up that my wifi https is vulnerable and that supposedly my administrator info are visible?

OK so first my father died...I dont know the administrator info so... we used dlinkrouter but I know the password for allowing access. I just dont know the admin password for getting access to dlink router as avast asked me to change it?

Anyone can help? my mom is panicking, I am panicking....

 

[kanewolf]

Was this the sent folder in hotmail web or the sent folder on your local computer? It sounds like the DLink may not have WIFI encryption enabled correctly. To get access to the router, you would perform a factory reset which would set the router back the default admin password. You would then configure everything again. If nobody knows the admin password, you should do this anyway to regain control of your hardware.

 

[nbabe1]

To get access to the router, you would perform a factory reset which would set the router back the default admin password. You would then configure everything again.

Ok how to I do that?

 

[punkncat]

So, first thing would be to use a different device, like your phone on mobile data to check the model number of your router for deets on what the default settings will be when you reset it. This is generally done with a small button on the router somewhere that will default it back to it's stock settings. One you have it reset you have to go through a process to connect to it and get it set back up. Read up on that as well. Make sure once you do get in to reset the password OFF the stock one.

Most likely that you opened a spoof or phishing email or site somewhere along the line. It could have fooled you into adding information that a "hacker" used to gain access to your email, or possibly installed a keylogger, which is a bit less likely but not unheard of. From there these folks will use your email to send out the kind of junk that either will install virus', spam, etc. Even with an AV solution if you "asked" the program to install, such as by being spoofed or not unchecking a box, clicking somewhere you weren't supposed to, etc. it would not necessarily taken action on it as it thought you 'wanted to'.
From there, one could assume that you may have had the router or other passwords either the same, or auto remembered within your browser.

It probably wouldn't be a bad idea to consider a reset of the affected machine as well. Change all your passwords to something different, particularly the ones you shared with this email account. If your bank info is tied to that account I would place a call to the bank to be on the lookout for fraudulent activities.

 

[nbabe1]

Ok so I followed info on this site :
https/www.thewindowsclub.com/net-err_cert_weak_signature_algorithm

and that allowed me to update windows (doing so now) I ran again an avast and cccleaner and avast again mentions my router is succeptible to attacks.

I get the button I saw it. But what next? I press it and I will be able to change password on it? never did this so please a link of info on how to change this ?

 

[punkncat]

when you press the button it's going to default it back to it's stock out of box settings for user name, password, and IP address. You could possibly lose internet for a moment. In some cases the router will come with an install program that runs through a wizard to help you set back up. In some instances you have to do it all yourself.

 

[nbabe1]

I pushed the button and maintained it for 2 0second (it says on internet it should reset). on the internet it says my default login for dlink is admin admin.or admin and password or admin and blank but not working....
underneath there is also a password. it didnt work also. so what next I cant get in

 

[kanewolf]

If you followed this procedure -- https/support.dlink.com/FAQView.aspx?f=ArIaLfKuIXLoy9%2F4jrF5vA%3D%3D you should then be able to use a WIRED connection and login with the default login. What is the model of the DLink router you have?

 

[nbabe1]

ok so it finally worked.
Ichanged the admin password (will taht be enough?)
I also changed the wifi password

What else needs tobe done so i am relatively safe?

 

[kanewolf]

ok so it finally worked.
Ichanged the admin password (will taht be enough?)
I also changed the wifi password

What else needs tobe done so i am relatively safe?

Your WIFI should be using WPA2 encryption with AES.
Your passwords should be Upper case, lower case, number and special character.
Your admin password should be different than the WIFI password.
You should disable WPS if enabled.
You should disable remote admin (using the admin account via the WAN interface).
You should check for updated firmware for the router.

 

[nbabe1]

ok so it finally worked.
Ichanged the admin password (will taht be enough?)
I also changed the wifi password

What else needs tobe done so i am relatively safe?

Your WIFI should be using WPA2 encryption with AES.

HOW to check that?

You should disable WPS if enabled.
HOW to do that?
You should disable remote admin (using the admin account via the WAN interface).
HOW?

You should check for updated firmware for the router. DONE

 

[nbabe1]

Ok by checking on internet I maanged to disable remote access. you also want me to unckeck enable wifi protection? isnt that more dangerous?

Finally I dont see in my security mode this I selected WPA2 and automatically it selected AES? correct?

anytihng else?
BTW Iran another avast check. it still says despite all I did that my router is still vulnerable to attacks....what now???

 

[kanewolf]

You have never provided the model number of the DLink router to allow us to look up a user's manual ...

 

[nbabe1]

You have never provided the model number of the DLink router to allow us to look up a user's manual ...

oups! dlink dir-816l

 

[kanewolf]

Ok by checking on internet I maanged to disable remote access. you also want me to unckeck enable wifi protection? isnt that more dangerous?

Finally I dont see in my security mode this I selected WPA2 and automatically it selected AES? correct?

anytihng else?
BTW Iran another avast check. it still says despite all I did that my router is still vulnerable to attacks....what now???

Here is the user's manual -- http/ftp.dlink.ru/pub/Router/DIR-816L/Description/DIR-816L_B1_User%20Manual_v.2.5.3_31.03.16_EN.pdf PDF page 148 shows how to ensure AES encryption is used. PDF page 145 shows how to ensure only WPA2 is selected.

If your firmware is up-to-date on the DLink, then that would be all you can do according to AVAST support -- https/help.avast.com/en/av_free/17/hns/hns-vulnerable.html

 

[kanewolf]

There is a "beta" firmware patch -- https/support.dlink.com/ProductInfo.aspx?m=DIR-816L That is intended for fix a specific security vulnerability.

 

[nbabe1]

Yes these changes were made after I checked on the internet how to.

BUT here are the 2 errors I get after I redid an avast check:
1 is:
DnsMasq heap buffer overflow vulnerability
Severity: High

Reference: CVE-2017-14491 | Google Security Blog

2 and 3 =says it exposes the administrative password to anyone that connects: error code is ebd ID 42729

 

[kanewolf]

Yes these changes were made after I checked on the internet how to.

BUT here are the 2 errors I get after I redid an avast check:
1 is:
DnsMasq heap buffer overflow vulnerability
Severity: High

Reference: CVE-2017-14491 | Google Security Blog

2 and 3 =says it exposes the administrative password to anyone that connects: error code is ebd ID 42729

The last firmware release for your router was 2015. You won't find a fix for a 2017 vulnerability in 2015 firmware. It doesn't look like your router supports second source firmware. The only way to get rid of that alert would be to buy newer hardware.

 

[nbabe1]

avast gives a link for solving 1 item: this is the link and I made these changes. BUT will it help? or does it mean I need to change my router today despite all I did today!
https/help.avast.com/en/av_free/17/hns/d-link/howto-dns-hijack.html#solution

 

[kanewolf]

Using the Google DNS, which is what 8.8.8.8 and 8.8.4.4 is, is a good thing to do independent of anything else. Do you HAVE to change your router? No. Is there a small probability that you could get attacked? Sure. It is likely? No, IMO. There are MUCH riskier things on the internet. You are much more likely to get a phishing e-mail or other "social" attack, then a technical attack like the Avast is pointing out.