Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,224
    Thanks
    31
    Thanked 318 Times in 276 Posts

    We have detected your computer is compromised scam (again)

    "This computer is configured to require a password in order to start up. Please enter the Startup Password below."

    Earlier today I collected a Win7 laptop from a customer who had been "sucked in" to allowing some mob claiming to be "Telstra Support" to access her laptop via RDP (Remote Desktop Protocol, but I think the actual program used was "TeamViewer" or maybe "LogMeIn").

    After returning to my homebase I tried to boot the laptop to Win7 but after the initial Win7 loading screens a prompt was displayed "Startup Password: This computer is configured to require a password in order to start up. Please enter the Startup Password below."

    Google searches on the above message led me to this blog page: http://triplescomputers.com/blog/cas...ansom-lockout/

    Have since used System Restore after booting from a Win7 Repair CD to get into the customer's Win7, but most "Joe Bloggs" or "Joanne Bloggs" users would not know how to do that so would be "up the creek".

    Hope the above might warn some about this kind of scam, and might help any who have fallen for it.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    Confuscius said: "no use running harder if you're on the wrong road" and "any problem once correctly understood is already half-solved".

  2. The Following 6 Users Say Thank You to Coochin For This Useful Post:

    CLiNT (2015-04-11),cmptrgy (2015-04-11),lumpy95 (2015-05-06),RetiredGeek (2015-04-11),Rick Corbett (2015-04-11),tonyl (2015-04-11)

  3. #2
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,216
    Thanks
    104
    Thanked 593 Times in 475 Posts
    Nice find, Coochin. Thanks for posting the link to the blog entry. There's some really good other entries in the blog too. It's great to find an IT technician who takes the time and trouble to document problems and fixes so well.
    Last edited by Rick Corbett; 2015-04-11 at 07:36.

  4. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,323
    Thanks
    50
    Thanked 1,008 Times in 937 Posts
    That blog seems to say.
    If %SYSTEMROOT%\system32\config\RegBack exists, try System Restore.
    If not, copy files from %SYSTEMROOT%\system32\config\RegBack.

    I'm confused.

    cheers, Paul

  5. #4
    4 Star Lounger
    Join Date
    Jun 2011
    Location
    Hampshire (the old one)
    Posts
    526
    Thanks
    22
    Thanked 72 Times in 62 Posts
    Thanks, Coochin. I do my best at spreading the word: Microsoft do not make cold calls. But I can't do it on my own.

  6. #5
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,836
    Thanks
    172
    Thanked 667 Times in 588 Posts
    Quote Originally Posted by Paul T View Post
    That blog seems to say.
    If %SYSTEMROOT%\system32\config\RegBack exists, try System Restore.
    If not, copy files from %SYSTEMROOT%\system32\config\RegBack.

    I'm confused.

    cheers, Paul
    The second set of steps says, "If no Restore Points exist ..."; not, "If no RegBack exists ...".

    There's a STOP at 1 if no RegBack exists.

    Bruce

  7. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,323
    Thanks
    50
    Thanked 1,008 Times in 937 Posts
    Is it saying you check for restore points by looking for RegBack, or check for restore points, then look for RegBack?

    cheers, Paul

  8. #7
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,836
    Thanks
    172
    Thanked 667 Times in 588 Posts
    Quote Originally Posted by Paul T View Post
    Is it saying you check for restore points by looking for RegBack, or check for restore points, then look for RegBack?

    cheers, Paul
    I think it's saying look for Regback first, then try restore points if any (because there's no point trying restore points after SysKey activation unless RegBack exists).

    But if RegBack exists and restore points were deleted, then you have to manually copy the relevant registry files (because the system can't do it for you without restore points).

    Bruce

  9. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,323
    Thanks
    50
    Thanked 1,008 Times in 937 Posts
    I still don't get it.

    "FIRST, ensure you don’t have any Restore Points"
    Do stuff

    "If no Restore Points exist"
    Do stuff

    I'm sure it works, just the instructions leave something to be desired.

    cheers, Paul

  10. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,836
    Thanks
    172
    Thanked 667 Times in 588 Posts
    It just amounts to, "FIRST make sure you can't restore from RegBack automatically and safely, before having to restore from RegBack manually after backup".

  11. #10
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    987
    Thanks
    678
    Thanked 62 Times in 61 Posts
    Thanks Coochin. I have to admit the technicalities are over my head but I like knowing about them. You know what really gets me though; I had 4 friends who got taken in by such schemes over the last 3 years; but they wouldn't take the time to take care of what their computers needed because they don't have the time; when I have volunteered to help them, if it was going to take more than 15 minutes, they wouldn't give me the time to do what was needed; OK, that's them; but lo & behold a complete stranger calls and they take the time to allow and even pay that complete stranger to take over their PC etc.

  12. #11
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,105
    Thanks
    0
    Thanked 260 Times in 249 Posts
    All the calls I've gotten in this genre have been from Windows Support Group or Windows Technical Group, never has Microsoft been mentioned. Not saying Microsoft keeps the callers from infringing in several legal issues.

    Also got a call yesterday saying they were IRS and I was being sued. Interesting since I didn't file my taxes until today and no way IRS will get the return for several days.

  13. The Following User Says Thank You to Berton For This Useful Post:

    Fascist Nation (2015-05-11)

  14. #12
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,224
    Thanks
    31
    Thanked 318 Times in 276 Posts
    Quote Originally Posted by Paul T View Post
    I still don't get it.

    "FIRST, ensure you don’t have any Restore Points"
    Do stuff

    "If no Restore Points exist"
    Do stuff

    I'm sure it works, just the instructions leave something to be desired.

    cheers, Paul
    I understood it as BruceR says in his #7 and #9 posts. I.e.: "if the restore points have been deleted then (and only then) back up the current registry hives from %SYSTEMROOT%\system32\config before replacing them with the backup hives in %SYSTEMROOT%\system32\config\RegBack".

    Before attempting system restore I booted from a BartPE CD and used Total Commander to check %SYSTEMROOT%\system32\config\RegBack (had registry hives from about ten days previous), and the "System Volume Information" folder (had several restore points, the newest matching the file dates of the RegBack hives).
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    Confuscius said: "no use running harder if you're on the wrong road" and "any problem once correctly understood is already half-solved".

  15. The Following User Says Thank You to Coochin For This Useful Post:

    Paul T (2015-04-12)

  16. #13
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,105
    Thanks
    0
    Thanked 260 Times in 249 Posts
    Just got another call from "Windows Technical Support" about my computer. I asked if he minded me recording the call as I had to send it to the State's Attorney General and he said "go to hell" and disconnected.

  17. The Following User Says Thank You to Berton For This Useful Post:

    Paul T (2015-05-05)

  18. #14
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    It is a lot more fun to kick back with a beer and go through the routine they guide you through. Keep say OK and finally, are you able to access my computer now? Oh, lets go through the procedure again . . . make a game of it. Longest you can keep someone on the phone wins. Need "Best Closing Line" category as well.

  19. #15
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,891
    Thanks
    265
    Thanked 185 Times in 153 Posts
    You may want to reject this # 516-986-6288, since it is the same scam.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •