Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC virus


  • Please log in to reply
29 replies to this topic

#1 Irishwolf3

Irishwolf3

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 16 April 2016 - 12:16 PM

I have windows 10, I was just talking to a company saying they work with Microsoft saying that the certificate has expired...the end was they wanted $ 200 to take off the viruses. I said I don't have $200. So now my computer says startup password needed 2 get into my computer. I do not know what to do. PC is saying resetting I don't if that's good or not. I need help please. I am on my phone right now.. PLEASE HELP...

Edit: Moved topic from Windows 10 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 April 2016 - 07:30 AM

So now my computer says startup password needed 2 get into my computer. I do not know what to do. PC is saying resetting I don't if that's good or not.

A picture is worth a thousand words...  Since you are on your phone, how about taking a picture or two and posting it?  That might help to get to the root of the issue quicker than anything else.



#3 Irishwolf3

Irishwolf3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 17 April 2016 - 08:45 AM

I don't know how 2 send the pic?

#4 Irishwolf3

Irishwolf3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 17 April 2016 - 08:47 AM

I don't know how 2 send the pic?

#5 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 April 2016 - 09:25 AM

To upload the pictures...

 

1.  Go to imgur.com.

 

2.  Click the upload images button near the top of the page.

1460902657.png

3.  Follow the prompts to upload the pictures.

 

4.  Once the pictures have been uploaded, click the Share Link on the left.  The link will be copied to the clipboard.

1460902989.png

5.  Paste the link in your next post.


Edited by Agouti, 17 April 2016 - 09:25 AM.


#6 ShinyViper

ShinyViper

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 April 2016 - 10:31 AM

Sounds like one I saw just this week where I had a client call the number on the screen and they locked him out of his computer for nonpayment.

 

Is this the message?

 

"This computer is configured to require a password in order to start up.  Please enter the Startup Password below."

 

and it occurs in a Windows GUI screen (not DOS or BIOS) but before a "normal" Windows user login screen

 

http://www.bleepingcomputer.com/forums/index.php?app=core&module=attach&section=attach&attach_rel_module=post&attach_id=127920

 

Look up "Sam Hive Encryption"

 

Cliff's notes version of the fix: the way I fixed was to boot off a boot CD (Hirens CD in my case but any PE boot CD would work), backed up the password-protected registry files at c:\windows\system32\config to another location, and restored the backups the system had done a month earlier at c:\windows\system32\config\regback. 

 

After that, no more Sam Hive Encryption asking for a password, but make sure to completely clean the PC of any remaining malware after you get access.

 

 



#7 Irishwolf3

Irishwolf3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 17 April 2016 - 10:43 AM

Yes that's what happened. I am not good with computers when it comes to this. I am willing to try anything at this point. Thank you Trish

#8 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:48 AM

Posted 17 April 2016 - 10:50 AM

If you use imgur and want to post an image do NOT use the http:// links.

Instead use
BBCode (message boards & forums) which will show the image in your post.

 

It looks like this

[img=http://i.imgur.com/file name here.png]

Other photo hosting sites will have a similar option.
 



#9 Irishwolf3

Irishwolf3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 17 April 2016 - 12:32 PM

Hi, I am on my re-image your computer asking 4 network folder. What does that mean?

#10 Irishwolf3

Irishwolf3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 17 April 2016 - 05:35 PM

Should I buy blank DVD or USB flash drive to help get my files so I can try and get rid of this problem?

#11 Irishwolf3

Irishwolf3
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 17 April 2016 - 05:37 PM

I have windows 10, I was just talking to a company saying they work with Microsoft saying that the certificate has expired...the end was they wanted $ 200 to take off the viruses. I said I don't have $200. So now my computer says startup password needed 2 get into my computer. I do not know what to do. PC is saying resetting I don't if that's good or not. I need help please. I am on my phone right now.. PLEASE HELP...

Edit: Moved topic from Windows 10 to the more appropriate forum. ~ Animal


What forum should I move it to?

#12 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 April 2016 - 06:03 PM

Yes that's what happened. I am not good with computers when it comes to this. I am willing to try anything at this point. Thank you Trish

Are you absolutely sure what you are seeing is exactly the same as the screenshot which ShinyViper linked to?  If so, you can follow the instructions in this article to remove the startup password.  However, you should first boot from a live disc and backup your personal files before attempting to the procedure.  If you have any doubts about what to do, find a knowledgeable friend who can help.



#13 cybercynic

cybercynic

  • Members
  • 562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:02:48 AM

Posted 17 April 2016 - 07:27 PM

@irishwolf3:

 

It looks like you have "sam hive encryption". The solution is not overly difficult, but is somewhat technical in nature. It may be more than you can handle. ShinyViper offered one solution in a previous post. I suggest you take your computer to a computer knowledgeable friend, or a technician at a local repair shop. If you get a blank look at "sam hive encryption", have the friend or technician read the detailed article here:

 

http://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/

 

Any technician worth his/her salt should be able to get your computer back to normal. (Assuming that the registry backup isn't too old.)


Edited by cybercynic, 17 April 2016 - 08:03 PM.

We are drowning in information - and starving for wisdom.


#14 cybercynic

cybercynic

  • Members
  • 562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:02:48 AM

Posted 17 April 2016 - 07:32 PM

 

Yes that's what happened. I am not good with computers when it comes to this. I am willing to try anything at this point. Thank you Trish

Are you absolutely sure what you are seeing is exactly the same as the screenshot which ShinyViper linked to?  If so, you can follow the instructions in this article to remove the startup password.  However, you should first boot from a live disc and backup your personal files before attempting to the procedure.  If you have any doubts about what to do, find a knowledgeable friend who can help.

 

If irishwolf3 doesn't know the startup password, how will the article help? (Maybe I missed something - it happens.)


We are drowning in information - and starving for wisdom.


#15 ShinyViper

ShinyViper

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 17 April 2016 - 07:44 PM

 

 

Yes that's what happened. I am not good with computers when it comes to this. I am willing to try anything at this point. Thank you Trish

Are you absolutely sure what you are seeing is exactly the same as the screenshot which ShinyViper linked to?  If so, you can follow the instructions in this article to remove the startup password.  However, you should first boot from a live disc and backup your personal files before attempting to the procedure.  If you have any doubts about what to do, find a knowledgeable friend who can help.

 

If irishwolf3 doesn't know the startup password, how will the article help? (Maybe I missed something - it happens.)

 

 

The solution, from my experience in resolving the same problem recently, involves the fact that the password is completely unknown by the PC user because it was set by a person who the PC user calls on the telephone (after receiving a non-legitimate notice on-screen from adware regarding PC issues),  The remote "tech"  remotely accesses the computer, sets the password, and then asks for payment for "help" or for a bogus "antivirus software" to the tune of a couple hundred US dollars.  The PC user generally refuses payment and the password, unbeknownst to the PC user, is left in place after the call ends and remote session terminated.

 

The bypass for the password being unknown is to restore a version of the Windows registry that is not password protected.  Ideally that would be a registry backup made just before the "tech" set the password.  Realistically, that's not the case.  There are usually copies of the registry kept in a safe place on the hard drive automatically maintained by Windows itself during its course of auto-updates and maintenance.  Of course a full backup of the PC is also a viable alternative place from which to restore.  The biggest drawback is that the automatically created Windows backup copies of the registry files may be out of date.  If they're within a few months, there's probably not much difference in the registry and there's little to no harm in restoring them.  However I've seen registry files that hadn't been updated since the date the computer was installed, up to 4 or 5 years later.  In that case, restoring that copy of the registry files can remove the password, but also cause unintended consequences with relation to software and settings made in the time between the backup and the restore.


Edited by ShinyViper, 17 April 2016 - 07:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users