Results 1 to 12 of 12
  1. #1
    Lounger
    Join Date
    Dec 2009
    Location
    Shreveport, LA, USA
    Posts
    32
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Microsoft tech support scam...

    My friend fell for the old "call from Microsoft tech support" a couple of days ago and now I'm trying to fix his pc. He gave them remote access but finally hung up before any money passed hands, however they installed a bunch of
    malware and now he is locked out. Every time he tries to boot it says a password is required and the only options are "ok" and "restart". Trying to boot into safe mode or safe mode with command prompt goes to the same password
    required box. Neither he nor I has a Vista installation disk or rescue disk to use to try the "repair your pc" option. I downloaded the latest Windows Defender Offline and ran it. It found 20 malware apps and removed them. Ran a full
    scan again and it came up clean. But on boot it still goes to the password required box. Downloaded and ran ophcrack and it didn't find any user account passwords. Downloaded and ran "NT Password & Registry Editor", cleared & unlocked
    all user account passwords. Still goes to the password required box on boot. I would really like to NOT have to fall back to the "recovery" partition or clean reinstall of Vista. Is there anyone here who can tell me how to get
    around this? And PLEASE, I am looking for REAL solutions, not crybaby replies. Sorry if that sounds harsh, but I have searched many other forums where all the replies were "boohoo, that happened to me...blah, blah, blah...". I
    don't need that. Any REAL help will be greatly appreciated. Thanks.

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Can you use the "registry editor" part of "NT Password & Registry Editor" to examine and possibly update the two most common keys for startup:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run & HKLM\Software\Microsoft\Windows\CurrentVersion\Run ?

    Joe

  3. #3
    Lounger
    Join Date
    Dec 2009
    Location
    Shreveport, LA, USA
    Posts
    32
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by JoeP517 View Post
    Can you use the "registry editor" part of "NT Password & Registry Editor" to examine and possibly update the two most common keys for startup:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run & HKLM\Software\Microsoft\Windows\CurrentVersion\Run ?

    Joe
    Didn't try that as I didn't know what key(s) related to passwords. What exactly are these 2 keys for?

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Those keys are used for programs that are started when you boot the PC. You haven't specifically said where in the boot process the password request occurs. But, if the password request is immediate such that it could be a BIOS password you should contact the PC vendor for help. You can try How to Bypass or Remove a BIOS Password too.

    Joe

  5. #5
    Lounger
    Join Date
    Dec 2009
    Location
    Shreveport, LA, USA
    Posts
    32
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I get the starting windows logo & progress bar for a little while, then the screen goes black and then the box pops up wanting a password. I'll check the bios for a password though, but I know he wasn't using a password before the call from "microsoft". Thanks.

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    If it gets to the Windows logo it is not a BIOS password. Since you've cleared any account passwords. It is highly likely it is some program that is started during the boot process. The registry keys mentioned before come into play.

    Joe

  7. #7
    Lounger
    Join Date
    Dec 2009
    Location
    Shreveport, LA, USA
    Posts
    32
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I'll try using NT Password & Registry Editor on the keys after the backup finishes. Thanks again.

  8. #8
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,434
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    B.B.,

    Sounds like they managed to Encrypt your HD before you got out. HTH
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  9. #9
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,727
    Thanks
    95
    Thanked 127 Times in 124 Posts
    RetiredGeek, if that is so, a long uphill climb will be necessary. If registry editing does not work, and if HD is encrypted -- restore to factory rollout time. There are password-cracking tools out there, hopefully OP can use one of them and get back into business.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  10. #10
    New Lounger
    Join Date
    Dec 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Have you checked for rootkits? It's a long, slow scan ... but it's found and fixed problems everyone else gave up on
    I use
    http://support.kaspersky.com/us/viruses/rescuedisk/
    http://www.vipreantivirus.com/live/
    and I've heard that the following is good, too
    http://www.avg.com/us-en/avg-rescue-cd

  11. #11
    Lounger
    Join Date
    Dec 2009
    Location
    Shreveport, LA, USA
    Posts
    32
    Thanks
    1
    Thanked 0 Times in 0 Posts
    After the backup I decided to go ahead with the factory recovery which didn't take that long, so that he could have his pc back. I ran several different malware scans on the backup and all came up good so I feel safe restoring his stuff. At least now I & he won't have so much to re-do. Thanks to all for help & comments. Bat.

  12. #12
    New Lounger
    Join Date
    Dec 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I love a happy ending
    SB2K
    Microsoft Certified System Engineer
    Certified CyberSecurity Forensic Analyst™
    Registered Linux User Number 214486
    Authorized Windows Crash Test Dummy®

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •