Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1112
  • Last Modified:

Windows XP Startup Password

I have a computer that when it starts I get a small box with a message that says "this computer is configured to require a password. In order to start up please enter the start of password below. Then there is a text box to enter a password with 2 buttons one says okay and the other says restart.

I have tried to replaced the LSASS.exe file from the original i386 directory and that has had no effect. This problem also shows up when I press F8 and boot into safe mode with command prompt. I have also tried to remove the passwords using a password removal tool with a Linux based system.

This problem started after an unsuspecting person took a call from people who said they were from "Windows" and indicated that this computer was sending out information over the Internet. That person allowed the caller to log onto the computer and once she realized that it was a scam she unplugged the computer from the Internet and shut it down.

This system is running Windows XP home premium with service pack 3.

Does anyone know how to bypass this problem?
0
Pat Clancy
Asked:
Pat Clancy
1 Solution
 
tailoreddigitalCommented:
This tool will remove the password.
http://pogostick.net/~pnh/ntpasswd/

Burn it to CD, then boot off the CD and follow the steps carefully.    I've used this for about 8 years and it has never failed.   I've used in on XP, Vista and 7, haven't tried it on 8 yet.



If i was working on a computer with that history, i'd pull the drive, extract any important data and format.
0
 
Dave BaldwinFixer of ProblemsCommented:
This is a fairly well known 'repair' scam.  The people say they are calling from Microsoft or AOL or some other well known computer organization and ask for remote access.  Then all they really do is create a password to block access to the computer.  They usually ask for money to unlock it.  But they often don't unlock it even if you send them money.

It might as well be a virus but in the other questions, the scammers have used 'legitimate' Windows tools and programs to block access to the computer.  That means that anti-virus programs usually don't find anything.
0
 
nobusCommented:
maybe a "system restore " like this can get you going again:

http://support.microsoft.com/kb/307545
----------------------------------------------------------------------------------------------
An easier way is to boot from a Bart PE CD (or UBCD4Win CD) and use the file manager for manipulating files. Here  the procedure :
1. rename c:\windows\system32\config\SYSTEM to c:\windows\system32\config\SYSTEM.bak
2. Navigate to the System Volume Information folder.
it contains some restore {GUID} folders such as "_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}".
The restore points are in  folders starting with "RPx under this folder.
3. In such a folder, locate a Snapshot subfolder. This is an example of a folder path to the Snapshot folder:  C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot
4. From the Snapshot folder, copy the following file to the c:\windows\system32\config folder
 _REGISTRY_MACHINE_SYSTEM
5. Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM
6. Exit Bart PE, reboot and test

Use a fairly recent restore point from at least a day or two prior to problem occurring .

** you can add the other hives also with this procedure

http://www.nu2.nu/pebuilder/       BARTPE
http://www.ubcd4win.com/            UBCD4WIN
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
rindiCommented:
Most of those scams apply some encryption to your folders / files, and only after you pay them do they give you a password to disable the encryption. So my best advice here is to install the OS from scratch or do a factory restore from the recovery partition/media, and then restore the data from your customer's backup. Any new data that was created or changed between the last backup and the start of the scam you should regard as lost. Don't ever pay the criminals, or they will keep on blackmailing "customers".

As encryption can't be decrypted without knowing the decryption keys, that is the only working way to get the system back in working order.
0
 
Pat ClancyAuthor Commented:
Thank you all for your posts. I had tried the Pogostick paswword recovery CD before asking my question but that failed. I will try the system backup on my next go around. I am able to use Bart PE and can see that the files are all there and can access them so I can copy them onto an external drive of some kind so if I need to I can just format and start the system again. I don't think anything has been encrypted (that I can see anyway).  My customer realized that this was a scam a little too late she didn't give the crooks any money.

I will give the system restore a try and if that fails I will try an in place install. If that fails then we all now there is a final solution. Format!

Thanks for your help I'll post my findings next week.
0
 
Pat ClancyAuthor Commented:
The solution actually came when I did a "restore" of the system/security hive of the registry. Nobus got me started in the right direction.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now