Windows XP Startup Password

Posted on 2013-05-18
Medium Priority
Last Modified: 2013-05-23
I have a computer that when it starts I get a small box with a message that says "this computer is configured to require a password. In order to start up please enter the start of password below. Then there is a text box to enter a password with 2 buttons one says okay and the other says restart.

I have tried to replaced the LSASS.exe file from the original i386 directory and that has had no effect. This problem also shows up when I press F8 and boot into safe mode with command prompt. I have also tried to remove the passwords using a password removal tool with a Linux based system.

This problem started after an unsuspecting person took a call from people who said they were from "Windows" and indicated that this computer was sending out information over the Internet. That person allowed the caller to log onto the computer and once she realized that it was a scam she unplugged the computer from the Internet and shut it down.

This system is running Windows XP home premium with service pack 3.

Does anyone know how to bypass this problem?
Question by:Pat Clancy
LVL 23

Expert Comment

ID: 39177689
This tool will remove the password.

Burn it to CD, then boot off the CD and follow the steps carefully.    I've used this for about 8 years and it has never failed.   I've used in on XP, Vista and 7, haven't tried it on 8 yet.

If i was working on a computer with that history, i'd pull the drive, extract any important data and format.
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39177729
This is a fairly well known 'repair' scam.  The people say they are calling from Microsoft or AOL or some other well known computer organization and ask for remote access.  Then all they really do is create a password to block access to the computer.  They usually ask for money to unlock it.  But they often don't unlock it even if you send them money.

It might as well be a virus but in the other questions, the scammers have used 'legitimate' Windows tools and programs to block access to the computer.  That means that anti-virus programs usually don't find anything.
LVL 93

Accepted Solution

nobus earned 1500 total points
ID: 39178191
maybe a "system restore " like this can get you going again:

An easier way is to boot from a Bart PE CD (or UBCD4Win CD) and use the file manager for manipulating files. Here  the procedure :
1. rename c:\windows\system32\config\SYSTEM to c:\windows\system32\config\SYSTEM.bak
2. Navigate to the System Volume Information folder.
it contains some restore {GUID} folders such as "_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}".
The restore points are in  folders starting with "RPx under this folder.
3. In such a folder, locate a Snapshot subfolder. This is an example of a folder path to the Snapshot folder:  C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot
4. From the Snapshot folder, copy the following file to the c:\windows\system32\config folder
6. Exit Bart PE, reboot and test

Use a fairly recent restore point from at least a day or two prior to problem occurring .

** you can add the other hives also with this procedure

http://www.nu2.nu/pebuilder/       BARTPE
http://www.ubcd4win.com/            UBCD4WIN
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

LVL 88

Expert Comment

ID: 39178209
Most of those scams apply some encryption to your folders / files, and only after you pay them do they give you a password to disable the encryption. So my best advice here is to install the OS from scratch or do a factory restore from the recovery partition/media, and then restore the data from your customer's backup. Any new data that was created or changed between the last backup and the start of the scam you should regard as lost. Don't ever pay the criminals, or they will keep on blackmailing "customers".

As encryption can't be decrypted without knowing the decryption keys, that is the only working way to get the system back in working order.

Author Comment

by:Pat Clancy
ID: 39178524
Thank you all for your posts. I had tried the Pogostick paswword recovery CD before asking my question but that failed. I will try the system backup on my next go around. I am able to use Bart PE and can see that the files are all there and can access them so I can copy them onto an external drive of some kind so if I need to I can just format and start the system again. I don't think anything has been encrypted (that I can see anyway).  My customer realized that this was a scam a little too late she didn't give the crooks any money.

I will give the system restore a try and if that fails I will try an in place install. If that fails then we all now there is a final solution. Format!

Thanks for your help I'll post my findings next week.

Author Closing Comment

by:Pat Clancy
ID: 39190909
The solution actually came when I did a "restore" of the system/security hive of the registry. Nobus got me started in the right direction.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
I was recently poking around with LibreOffice and figured out how easy it is to add great vector clip art to one's own LibreOffice gallery collection.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question