Solved

Windows XP Startup Password

Posted on 2013-05-18
6
1,078 Views
Last Modified: 2013-05-23
I have a computer that when it starts I get a small box with a message that says "this computer is configured to require a password. In order to start up please enter the start of password below. Then there is a text box to enter a password with 2 buttons one says okay and the other says restart.

I have tried to replaced the LSASS.exe file from the original i386 directory and that has had no effect. This problem also shows up when I press F8 and boot into safe mode with command prompt. I have also tried to remove the passwords using a password removal tool with a Linux based system.

This problem started after an unsuspecting person took a call from people who said they were from "Windows" and indicated that this computer was sending out information over the Internet. That person allowed the caller to log onto the computer and once she realized that it was a scam she unplugged the computer from the Internet and shut it down.

This system is running Windows XP home premium with service pack 3.

Does anyone know how to bypass this problem?
0
Comment
Question by:Pat Clancy
6 Comments
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39177689
This tool will remove the password.
http://pogostick.net/~pnh/ntpasswd/

Burn it to CD, then boot off the CD and follow the steps carefully.    I've used this for about 8 years and it has never failed.   I've used in on XP, Vista and 7, haven't tried it on 8 yet.



If i was working on a computer with that history, i'd pull the drive, extract any important data and format.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39177729
This is a fairly well known 'repair' scam.  The people say they are calling from Microsoft or AOL or some other well known computer organization and ask for remote access.  Then all they really do is create a password to block access to the computer.  They usually ask for money to unlock it.  But they often don't unlock it even if you send them money.

It might as well be a virus but in the other questions, the scammers have used 'legitimate' Windows tools and programs to block access to the computer.  That means that anti-virus programs usually don't find anything.
0
 
LVL 91

Accepted Solution

by:
nobus earned 500 total points
ID: 39178191
maybe a "system restore " like this can get you going again:

http://support.microsoft.com/kb/307545
----------------------------------------------------------------------------------------------
An easier way is to boot from a Bart PE CD (or UBCD4Win CD) and use the file manager for manipulating files. Here  the procedure :
1. rename c:\windows\system32\config\SYSTEM to c:\windows\system32\config\SYSTEM.bak
2. Navigate to the System Volume Information folder.
it contains some restore {GUID} folders such as "_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}".
The restore points are in  folders starting with "RPx under this folder.
3. In such a folder, locate a Snapshot subfolder. This is an example of a folder path to the Snapshot folder:  C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot
4. From the Snapshot folder, copy the following file to the c:\windows\system32\config folder
 _REGISTRY_MACHINE_SYSTEM
5. Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM
6. Exit Bart PE, reboot and test

Use a fairly recent restore point from at least a day or two prior to problem occurring .

** you can add the other hives also with this procedure

http://www.nu2.nu/pebuilder/       BARTPE
http://www.ubcd4win.com/            UBCD4WIN
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 
LVL 87

Expert Comment

by:rindi
ID: 39178209
Most of those scams apply some encryption to your folders / files, and only after you pay them do they give you a password to disable the encryption. So my best advice here is to install the OS from scratch or do a factory restore from the recovery partition/media, and then restore the data from your customer's backup. Any new data that was created or changed between the last backup and the start of the scam you should regard as lost. Don't ever pay the criminals, or they will keep on blackmailing "customers".

As encryption can't be decrypted without knowing the decryption keys, that is the only working way to get the system back in working order.
0
 

Author Comment

by:Pat Clancy
ID: 39178524
Thank you all for your posts. I had tried the Pogostick paswword recovery CD before asking my question but that failed. I will try the system backup on my next go around. I am able to use Bart PE and can see that the files are all there and can access them so I can copy them onto an external drive of some kind so if I need to I can just format and start the system again. I don't think anything has been encrypted (that I can see anyway).  My customer realized that this was a scam a little too late she didn't give the crooks any money.

I will give the system restore a try and if that fails I will try an in place install. If that fails then we all now there is a final solution. Format!

Thanks for your help I'll post my findings next week.
0
 

Author Closing Comment

by:Pat Clancy
ID: 39190909
The solution actually came when I did a "restore" of the system/security hive of the registry. Nobus got me started in the right direction.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now