Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

You must restart your computer to turn off user account control


  • Please log in to reply
20 replies to this topic

#1 zaidi87

zaidi87

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 June 2017 - 02:37 PM

I purchased a brand new HP probook laptop last year in July(2016), it was working fine and perfectly(I used it for 9 months without any error), 2 months ago,I was working on it, then suddenly I got notification "you must restart your computer to turn off user account control" and it restarted automatically, After restart, this screen starts appearing and I was unable to do any thing after this screen

 

This system is the property of Booz Allen Hamilton and may only be accessed by authorized users.

 

 

 

I contacted the shop owner(I have in-voice slip), he tried below things

1: Re-install windows 3-4 times

2: Re-install BIOS

 

But every time,this screen start appearing as soon as I connect to internet.

Finally, I claimed warranty and they replaced its motherboard, I was just using it gave me the same warning and restarted again, and after restarting, this screen starts appearing.

 

I tried contacting this company but no response from them.

Please suggest me what should I do?If the company is the owner of this pc,then how it worked till 9 months? Also what should I do to make it work again(or remove ownership of the company)

Is this a case of Ransomware?

 



BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 05 June 2017 - 02:57 PM

Sounds like this is a refurbished computer that once belonged to Booz Allen Hamilton, and is configured to go through the company portal before accessing the Internet.

 

This is probably configured in Group Policy.



#3 zaidi87

zaidi87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 June 2017 - 03:01 PM

Sounds like this is a refurbished computer that once belonged to Booz Allen Hamilton, and is configured to go through the company portal before accessing the Internet.

 

This is probably configured in Group Policy.

May be you are correct,but still how I was able to use it for 9 months? Also what should I do now?



#4 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 05 June 2017 - 03:07 PM

What version of Windows?

 

Do you have the Windows install media?

 

When you say the shop "re-installed Windows 3-4 times", was that a repair, or a clean (from scratch) install?

 

Are you getting the same result with different browsers?



#5 MasterNe0

MasterNe0

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 05 June 2017 - 03:08 PM

How sure are you the laptop was brand new in the first place? Also same for the store you brought this from had actually reinstalled anything to begin with?

 

As Jwoods said, it possible the laptop was used and the seller sold you it as "new" which is a fraud. You could try contacting HP to see if the item is indeed used or new or who it registered under.

 

It sounds like this message you are getting is something this company installed in order to "disable" laptops if they were lost or stolen as a security measure, it just a theory but it sounds like it.



#6 zaidi87

zaidi87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 June 2017 - 03:10 PM

What version of Windows?

 

Do you have the Windows install media?

 

When you say the shop "re-installed Windows 3-4 times", was that a repair, or a clean (from scratch) install?

 

Are you getting the same result with different browsers?

 

Windows 10, the shop owner installed the windows from scratch,

This is not browser screen,I am getting this screen just after I am turning on my laptop(after logon screen)



#7 zaidi87

zaidi87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 05 June 2017 - 03:12 PM

How sure are you the laptop was brand new in the first place? Also same for the store you brought this from had actually reinstalled anything to begin with?

 

As Jwoods said, it possible the laptop was used and the seller sold you it as "new" which is a fraud. You could try contacting HP to see if the item is indeed used or new or who it registered under.

 

It sounds like this message you are getting is something this company installed in order to "disable" laptops if they were lost or stolen as a security measure, it just a theory but it sounds like it.

 

He opened the box infront of me,I also verified the serial number from HP website, If I accept the fact that he sold me an old Laptop, then still how I was able to use it for 9 months?It should have given me this error in start



#8 MasterNe0

MasterNe0

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Local time:12:03 AM

Posted 05 June 2017 - 03:22 PM

 

How sure are you the laptop was brand new in the first place? Also same for the store you brought this from had actually reinstalled anything to begin with?

 

As Jwoods said, it possible the laptop was used and the seller sold you it as "new" which is a fraud. You could try contacting HP to see if the item is indeed used or new or who it registered under.

 

It sounds like this message you are getting is something this company installed in order to "disable" laptops if they were lost or stolen as a security measure, it just a theory but it sounds like it.

 

He opened the box infront of me,I also verified the serial number from HP website, If I accept the fact that he sold me an old Laptop, then still how I was able to use it for 9 months?It should have given me this error in start

 

Did you verify it with HP support directly - not just their website.

 

You could try replacing the harddrive as that would be the last thing I would try doing or do a reinstallation of Windows yourself if you have the license key and the recovery media for this laptop. Need to make sure you wipe the partitions completely before reinstalling windows, not just reinstall over the current or a repair as per jwood - it a easy step to miss when doing a reinstallation.

 

Something does sounds fishy. The only reason I could think of why it stopped working is maybe someone from that company trigger a alert on their end using a software or something that locks out stolen or lost laptops. Before that, if that laptop was USED, it possible he/she didn't know it was missing until recently. It similar to what would happen if a mobile device like a iphone is lost or stolen, you can lock it remotely.



#9 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 05 June 2017 - 03:26 PM

From an elevated (Run as Adminstrator) Command prompt, type sfc /SCANNOW and hit Enter.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:03 AM

Posted 05 June 2017 - 05:32 PM

...Is this a case of Ransomware?

Actual ransomware usually will have obvious indications (signs of infection)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number to call for assistance.

If none of the above are applicable, then you are not dealing with ransomware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,181 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:05:03 AM

Posted 06 June 2017 - 12:51 PM

Hi,

 

Can you post a photo showing the error message and the model of the laptop?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 zaidi87

zaidi87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 June 2017 - 02:01 PM

Hi,

 

Can you post a photo showing the error message and the model of the laptop?

Laptop is HP pro-book G6, please see http://www.pcadvisor.co.uk/forum/windows-29/you-must-restart-your-pc-turn-user-account-4636669/ for screen shot of error 



#13 zaidi87

zaidi87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 June 2017 - 02:02 PM

 

...Is this a case of Ransomware?

Actual ransomware usually will have obvious indications (signs of infection)...it typically targets and encrypts data files so you cannot open them on your computer (and all connected drives at the time of infection), in most cases it appends an obvious extension to the end or beginning of encrypted filenames (although some variants do not), demands a ransom payment by dropping ransom notes in every directory or affected folder where data has been encrypted and sometimes changes Windows wallpaper. Less obvious symptoms include adding or modifying registry entries and deletion of Shadow Volume Copies so that you cannot restore your files from before they had been encrypted but leaves the operating system working so the victim can pay the ransom. Further, when dealing with real ransomware, the cyber-criminals generally instruct their victims to contact them by email or website for decryption...they do not provide a phone number to call for assistance.

If none of the above are applicable, then you are not dealing with ransomware.

 

 

Thanks for your reply, I am still not getting even if its an old laptop(or stolen one) then why I was able to use it for 9 months? Also the screen appearing like an add-on 



#14 zaidi87

zaidi87
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 06 June 2017 - 02:03 PM

 

 

How sure are you the laptop was brand new in the first place? Also same for the store you brought this from had actually reinstalled anything to begin with?

 

As Jwoods said, it possible the laptop was used and the seller sold you it as "new" which is a fraud. You could try contacting HP to see if the item is indeed used or new or who it registered under.

 

It sounds like this message you are getting is something this company installed in order to "disable" laptops if they were lost or stolen as a security measure, it just a theory but it sounds like it.

 

He opened the box infront of me,I also verified the serial number from HP website, If I accept the fact that he sold me an old Laptop, then still how I was able to use it for 9 months?It should have given me this error in start

 

Did you verify it with HP support directly - not just their website.

 

You could try replacing the harddrive as that would be the last thing I would try doing or do a reinstallation of Windows yourself if you have the license key and the recovery media for this laptop. Need to make sure you wipe the partitions completely before reinstalling windows, not just reinstall over the current or a repair as per jwood - it a easy step to miss when doing a reinstallation.

 

Something does sounds fishy. The only reason I could think of why it stopped working is maybe someone from that company trigger a alert on their end using a software or something that locks out stolen or lost laptops. Before that, if that laptop was USED, it possible he/she didn't know it was missing until recently. It similar to what would happen if a mobile device like a iphone is lost or stolen, you can lock it remotely.

 

I have tried re-installing after deleting all partitions, and no I didnt verfied from HP support directly, let me do that as well



#15 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 PM

Posted 06 June 2017 - 02:35 PM

Whenever you post the same issue on different forums, it is common courtesy to let each forum know where else you have posted.

 

That said, I suspect that a volume license was installed on this computer.

 

It looks like it is trying to connect to the Booz Allen Hamilton server to do a license check, and of course, because it's not connected to the Booz Allen Hamilton license server, it fails the check.

 

Something triggered the license check after 9 months (Windows update, or...)

 

Take it back to the shop you purchased it from and get an individual license for Windows.


Edited by jwoods301, 06 June 2017 - 02:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users