Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
A few points to cover before we start:
- Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
- Make sure to read my instructions fully before attempting a step.
- If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
- Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
- Important information in my posts will often be in bold, make sure to take note of these.
- I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
- I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
- Lets get going now
I believe I know what has happened here; it seems like a hacker or scammer may have taken control of your client's PC and used syskey to lock the SAM registry hive. There is a chance I will not be able to do anything, but I do have a few steps to try first before that.
First thing I need to know is what operating system the computer runs, if you know.
~If I am helping you and you have not had a reply from me in two days, please send me a PM~
ID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here
~Twitter~ | ~Malware Analyst at Emsisoft~