Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Windows XP Startup password - not login - after bogus Windows support call

  • 29-09-2012 10:00am
    #1
    Registered Users, Registered Users 2 Posts: 951 ✭✭✭


    Have a laptop from a customer of mine that was locked up by those nasty Asian "Windows support" individuals.

    The customer was stupid enough to give them remote control of the system and they held him to ransom and locked him out of his laptop demanding cash to fix the issue. A new sinister move as far as I can see.

    Now note this is not a BIOS password or a USER login password, it displays before the user login even in safe mode.

    Anyone come across this before and have a solution? Their is some stuff on the web about the issue:

    http://www.techtalkz.com/windows-xp/30534-windows-xp-startup-password-2.html

    However nothing about breaking an already locked system? These fixes assume you know the password and just want rid of the nag screen.

    I know I can just format and reinstall however I am looking for an easier approach.

    I have a pic attached of what is displaying.


Comments

  • Registered Users, Registered Users 2 Posts: 55,571 ✭✭✭✭Mr E


    Load in safe mode, and do a system restore from before the hijack.


  • Closed Accounts Posts: 560 ✭✭✭andrew241983


    Can u not just do fresh install of windows.. I know everything will be lost but better thatt than hand over money to a scam artist


  • Registered Users, Registered Users 2 Posts: 951 ✭✭✭andrewdeerpark


    Ok I cannot load safe mode or safe mode with networking. I tried last known good configuration aswell all did not work.

    I also reset the user password using http://pogostick.net/~pnh/ntpasswd/
    Had no effect.

    I believe this is a reg hack so if I booted MINI XP from the Hiren Boot CD and then loaded the system registry I might be able to turn it off.

    I know I can format and reinstall however I am looking for a less brutal fix.


  • Registered Users, Registered Users 2 Posts: 55,571 ✭✭✭✭Mr E


    Pretty comprehensive suggestions here:

    http://www.pcreview.co.uk/forums/microsoft-support-scam-help-t4041003.html

    I think the OP just backed up photos etc. and did a wipe. Worth a read though if you want to try some other things first.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,581 Mod ✭✭✭✭Capt'n Midnight


    Don't forget that old copies of the registry files are in the System volume information folder


  • Advertisement
  • Moderators, Arts Moderators, Regional Abroad Moderators Posts: 11,106 Mod ✭✭✭✭Fysh


    Thanks for posting this - I've never heard of this, but in trying to figure it out I've discovered the Syskey utility, which I've never heard of.

    Sounds like that's what has been used to bodge your install. I've seen a few suggestions that current versions of NTPasswd include an option to turn off Syskey, so my advice would be:

    1) Clone the disk (or take an image of it)
    2) Test the cloned drive/image
    3) Boot NTPassWD and remove Syskey protection, then test
    4) If that fails, do a repair install using original OS media.


  • Registered Users, Registered Users 2 Posts: 951 ✭✭✭andrewdeerpark


    Fysh
    A big help your suggestions especially the syskey keyword

    Anyway when I boot NTPasswd I do not get 2 the syskey removal menu?

    I have Hiren bootcd 15.1 and I also tried it on its own from the website. Am I missing a version update of NTPasswd the one I am using is http://pogostick.net/~pnh/ntpasswd/cd110511.zip ??

    Plus here is a youtube video of the fix:
    http://www.youtube.com/watch?v=MTgepTw5ZOc


  • Registered Users, Registered Users 2 Posts: 951 ✭✭✭andrewdeerpark


    Got it its on the current version just hidden from the menu

    http://www.conradshome.com/ntpasswd/editor.html

    2010-06-27
    • Patches from Frediano Ziglio adding or fixing:
    • - buffer overflow in export_subkey printing keyname
    • - reg export: some quoting error (name and string values must be quoted)
    • - adding support for wide character encoding in keys and value names
    • - and some other bugs fixed
    • New function from from Aleksander Wojdyga to decode Digital Product ID. Now in registry editor, may be moved later. example dpi \Microsoft\Windows NT\CurrentVersion\DigitalProductId
    • Syskey menu selection has been removed from text, but can still be selected as number 2. So that people stop emailing me when it bombs out.
    • Some other minor tweaks
    Anyway system booted now will just do a system restore a few days back and hopefully that is it.


    Thanks to all for their help and suggestions


  • Moderators, Arts Moderators, Regional Abroad Moderators Posts: 11,106 Mod ✭✭✭✭Fysh


    Glad to hear you got it fixed :)


  • Registered Users, Registered Users 2 Posts: 55,571 ✭✭✭✭Mr E


    @Capt'n Midnight: What do you think about linking to this thread from the Applications and Fixes sticky? It's bound to come up again....


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 951 ✭✭✭andrewdeerpark


    Sounds good fire away.


Advertisement