Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,157
    Thanks
    31
    Thanked 307 Times in 267 Posts

    We have detected your computer is compromised scam (again)

    "This computer is configured to require a password in order to start up. Please enter the Startup Password below."

    Earlier today I collected a Win7 laptop from a customer who had been "sucked in" to allowing some mob claiming to be "Telstra Support" to access her laptop via RDP (Remote Desktop Protocol, but I think the actual program used was "TeamViewer" or maybe "LogMeIn").

    After returning to my homebase I tried to boot the laptop to Win7 but after the initial Win7 loading screens a prompt was displayed "Startup Password: This computer is configured to require a password in order to start up. Please enter the Startup Password below."

    Google searches on the above message led me to this blog page: http://triplescomputers.com/blog/cas...ansom-lockout/

    Have since used System Restore after booting from a Win7 Repair CD to get into the customer's Win7, but most "Joe Bloggs" or "Joanne Bloggs" users would not know how to do that so would be "up the creek".

    Hope the above might warn some about this kind of scam, and might help any who have fallen for it.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  2. The Following 6 Users Say Thank You to Coochin For This Useful Post:

    CLiNT (2015-04-11),cmptrgy (2015-04-11),lumpy95 (2015-05-06),RetiredGeek (2015-04-11),Rick Corbett (2015-04-11),tonyl (2015-04-11)

  3. #2
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 580 Times in 464 Posts
    Nice find, Coochin. Thanks for posting the link to the blog entry. There's some really good other entries in the blog too. It's great to find an IT technician who takes the time and trouble to document problems and fixes so well.
    Last edited by Rick Corbett; 2015-04-11 at 07:36.

  4. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,205
    Thanks
    49
    Thanked 989 Times in 919 Posts
    That blog seems to say.
    If %SYSTEMROOT%\system32\config\RegBack exists, try System Restore.
    If not, copy files from %SYSTEMROOT%\system32\config\RegBack.

    I'm confused.

    cheers, Paul

  5. #4
    4 Star Lounger
    Join Date
    Jun 2011
    Location
    Hampshire (the old one)
    Posts
    525
    Thanks
    21
    Thanked 72 Times in 62 Posts
    Thanks, Coochin. I do my best at spreading the word: Microsoft do not make cold calls. But I can't do it on my own.

  6. #5
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,756
    Thanks
    171
    Thanked 653 Times in 576 Posts
    Quote Originally Posted by Paul T View Post
    That blog seems to say.
    If %SYSTEMROOT%\system32\config\RegBack exists, try System Restore.
    If not, copy files from %SYSTEMROOT%\system32\config\RegBack.

    I'm confused.

    cheers, Paul
    The second set of steps says, "If no Restore Points exist ..."; not, "If no RegBack exists ...".

    There's a STOP at 1 if no RegBack exists.

    Bruce

  7. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,205
    Thanks
    49
    Thanked 989 Times in 919 Posts
    Is it saying you check for restore points by looking for RegBack, or check for restore points, then look for RegBack?

    cheers, Paul

  8. #7
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,756
    Thanks
    171
    Thanked 653 Times in 576 Posts
    Quote Originally Posted by Paul T View Post
    Is it saying you check for restore points by looking for RegBack, or check for restore points, then look for RegBack?

    cheers, Paul
    I think it's saying look for Regback first, then try restore points if any (because there's no point trying restore points after SysKey activation unless RegBack exists).

    But if RegBack exists and restore points were deleted, then you have to manually copy the relevant registry files (because the system can't do it for you without restore points).

    Bruce

  9. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,205
    Thanks
    49
    Thanked 989 Times in 919 Posts
    I still don't get it.

    "FIRST, ensure you don’t have any Restore Points"
    Do stuff

    "If no Restore Points exist"
    Do stuff

    I'm sure it works, just the instructions leave something to be desired.

    cheers, Paul

  10. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,756
    Thanks
    171
    Thanked 653 Times in 576 Posts
    It just amounts to, "FIRST make sure you can't restore from RegBack automatically and safely, before having to restore from RegBack manually after backup".

  11. #10
    5 Star Lounger
    Join Date
    Jul 2012
    Posts
    967
    Thanks
    662
    Thanked 58 Times in 57 Posts
    Thanks Coochin. I have to admit the technicalities are over my head but I like knowing about them. You know what really gets me though; I had 4 friends who got taken in by such schemes over the last 3 years; but they wouldn't take the time to take care of what their computers needed because they don't have the time; when I have volunteered to help them, if it was going to take more than 15 minutes, they wouldn't give me the time to do what was needed; OK, that's them; but lo & behold a complete stranger calls and they take the time to allow and even pay that complete stranger to take over their PC etc.

  12. #11
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,079
    Thanks
    0
    Thanked 259 Times in 248 Posts
    All the calls I've gotten in this genre have been from Windows Support Group or Windows Technical Group, never has Microsoft been mentioned. Not saying Microsoft keeps the callers from infringing in several legal issues.

    Also got a call yesterday saying they were IRS and I was being sued. Interesting since I didn't file my taxes until today and no way IRS will get the return for several days.

  13. The Following User Says Thank You to Berton For This Useful Post:

    Fascist Nation (2015-05-11)

  14. #12
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,157
    Thanks
    31
    Thanked 307 Times in 267 Posts
    Quote Originally Posted by Paul T View Post
    I still don't get it.

    "FIRST, ensure you don’t have any Restore Points"
    Do stuff

    "If no Restore Points exist"
    Do stuff

    I'm sure it works, just the instructions leave something to be desired.

    cheers, Paul
    I understood it as BruceR says in his #7 and #9 posts. I.e.: "if the restore points have been deleted then (and only then) back up the current registry hives from %SYSTEMROOT%\system32\config before replacing them with the backup hives in %SYSTEMROOT%\system32\config\RegBack".

    Before attempting system restore I booted from a BartPE CD and used Total Commander to check %SYSTEMROOT%\system32\config\RegBack (had registry hives from about ten days previous), and the "System Volume Information" folder (had several restore points, the newest matching the file dates of the RegBack hives).
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  15. The Following User Says Thank You to Coochin For This Useful Post:

    Paul T (2015-04-12)

  16. #13
    Silver Lounger
    Join Date
    Mar 2014
    Location
    Forever West
    Posts
    2,079
    Thanks
    0
    Thanked 259 Times in 248 Posts
    Just got another call from "Windows Technical Support" about my computer. I asked if he minded me recording the call as I had to send it to the State's Attorney General and he said "go to hell" and disconnected.

  17. The Following User Says Thank You to Berton For This Useful Post:

    Paul T (2015-05-05)

  18. #14
    5 Star Lounger
    Join Date
    Oct 2013
    Location
    Phoenix, AZ
    Posts
    926
    Thanks
    554
    Thanked 137 Times in 128 Posts
    It is a lot more fun to kick back with a beer and go through the routine they guide you through. Keep say OK and finally, are you able to access my computer now? Oh, lets go through the procedure again . . . make a game of it. Longest you can keep someone on the phone wins. Need "Best Closing Line" category as well.

  19. #15
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,845
    Thanks
    258
    Thanked 176 Times in 149 Posts
    You may want to reject this # 516-986-6288, since it is the same scam.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •