Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 boots up to a Password CGI


  • Please log in to reply
4 replies to this topic

#1 GipBrown

GipBrown

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 17 August 2015 - 08:06 PM

Howdy all - Have a laptop here whos owner fell for the old YOU HAVE A VIRUS!! scam and let someone log into remotely to 'fix' it and after that on boot up would display "This computer is configured to require a password in order to start up. Please enter the Startup Password". Same results in SafeMode etc. The 'tech' tried to get a bunch of money from him so he called me in to see if the is a fix for this.

After a bunch of reading it seems that one approach is to bootup from a USB drive and check for a restore point. I set up the laptop some years ago and believe that System Restore was disabled after I installed everything. I tried HitMan Pro with KickStart and now the machine performs the Windows Repair function and cannot find a solution and shuts down after several hours.

The user has files he'd like to keep but they are stored all over the drive and not in one place - chasing them down connected to another PC as a secondary storage device will take literally hours and hours.

Short of wiping it and starting fresh is there a soultion? I feel I may have boned it with Hitman.

Thanks,

Gip

 


Edited by hamluis, 18 August 2015 - 02:11 PM.
Moved from Win 7 to General Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 TheJokerz

TheJokerz

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:07:41 PM

Posted 18 August 2015 - 02:49 PM

I would boot into ubuntu, and get any documents ect that I need and put them on a thumb drive, then wipe it and start over.  But as you stated that would take hours, I guess it depends on how badly he/she wants the documents that are on there!


utl8q0-5.png


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 PM

Posted 18 August 2015 - 08:12 PM

“This is Microsoft Support” telephone scam – Computer ransom lockout
syskey.png

See these related topics for other suggestions:
* This computer is configured to require a password in order to start up
* Remove a startup password before account screen
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 GipBrown

GipBrown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 20 August 2015 - 03:14 PM

Thanks for all the general information though I have to wonder where this password request launches from and can I remove it or keep it from launching?



#5 GipBrown

GipBrown
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 20 August 2015 - 07:39 PM

Hi all - I went in with EaseUS Todo Backup Free 8.6 and took a look around in %SYSTEMROOT%\system32\config looking for the SOFTWARE and SYSTEM and SAM and SECURITY and the DEFAULT files and they are not there - Also looked in %SYSTEMROOT%\system32\config\regback folder and they are not there.

So they may be hidden, moved or deleted and that is why the Windows Repair fails maybe?

I wonder though, say my bud paid the ransom, if the files were deleted then how would they have been able to restore access?

Maybe they are still on the drive somewhere? What would you recommend for a search vehicle for the drive?

 

Thanks much
 


Edited by GipBrown, 20 August 2015 - 07:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users