Solved

Windows XP Startup Password

Posted on 2013-05-18
6
1,101 Views
Last Modified: 2013-05-23
I have a computer that when it starts I get a small box with a message that says "this computer is configured to require a password. In order to start up please enter the start of password below. Then there is a text box to enter a password with 2 buttons one says okay and the other says restart.

I have tried to replaced the LSASS.exe file from the original i386 directory and that has had no effect. This problem also shows up when I press F8 and boot into safe mode with command prompt. I have also tried to remove the passwords using a password removal tool with a Linux based system.

This problem started after an unsuspecting person took a call from people who said they were from "Windows" and indicated that this computer was sending out information over the Internet. That person allowed the caller to log onto the computer and once she realized that it was a scam she unplugged the computer from the Internet and shut it down.

This system is running Windows XP home premium with service pack 3.

Does anyone know how to bypass this problem?
0
Comment
Question by:Pat Clancy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39177689
This tool will remove the password.
http://pogostick.net/~pnh/ntpasswd/

Burn it to CD, then boot off the CD and follow the steps carefully.    I've used this for about 8 years and it has never failed.   I've used in on XP, Vista and 7, haven't tried it on 8 yet.



If i was working on a computer with that history, i'd pull the drive, extract any important data and format.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39177729
This is a fairly well known 'repair' scam.  The people say they are calling from Microsoft or AOL or some other well known computer organization and ask for remote access.  Then all they really do is create a password to block access to the computer.  They usually ask for money to unlock it.  But they often don't unlock it even if you send them money.

It might as well be a virus but in the other questions, the scammers have used 'legitimate' Windows tools and programs to block access to the computer.  That means that anti-virus programs usually don't find anything.
0
 
LVL 92

Accepted Solution

by:
nobus earned 500 total points
ID: 39178191
maybe a "system restore " like this can get you going again:

http://support.microsoft.com/kb/307545
----------------------------------------------------------------------------------------------
An easier way is to boot from a Bart PE CD (or UBCD4Win CD) and use the file manager for manipulating files. Here  the procedure :
1. rename c:\windows\system32\config\SYSTEM to c:\windows\system32\config\SYSTEM.bak
2. Navigate to the System Volume Information folder.
it contains some restore {GUID} folders such as "_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}".
The restore points are in  folders starting with "RPx under this folder.
3. In such a folder, locate a Snapshot subfolder. This is an example of a folder path to the Snapshot folder:  C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot
4. From the Snapshot folder, copy the following file to the c:\windows\system32\config folder
 _REGISTRY_MACHINE_SYSTEM
5. Rename _REGISTRY_MACHINE_SYSTEM to SYSTEM
6. Exit Bart PE, reboot and test

Use a fairly recent restore point from at least a day or two prior to problem occurring .

** you can add the other hives also with this procedure

http://www.nu2.nu/pebuilder/       BARTPE
http://www.ubcd4win.com/            UBCD4WIN
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 88

Expert Comment

by:rindi
ID: 39178209
Most of those scams apply some encryption to your folders / files, and only after you pay them do they give you a password to disable the encryption. So my best advice here is to install the OS from scratch or do a factory restore from the recovery partition/media, and then restore the data from your customer's backup. Any new data that was created or changed between the last backup and the start of the scam you should regard as lost. Don't ever pay the criminals, or they will keep on blackmailing "customers".

As encryption can't be decrypted without knowing the decryption keys, that is the only working way to get the system back in working order.
0
 

Author Comment

by:Pat Clancy
ID: 39178524
Thank you all for your posts. I had tried the Pogostick paswword recovery CD before asking my question but that failed. I will try the system backup on my next go around. I am able to use Bart PE and can see that the files are all there and can access them so I can copy them onto an external drive of some kind so if I need to I can just format and start the system again. I don't think anything has been encrypted (that I can see anyway).  My customer realized that this was a scam a little too late she didn't give the crooks any money.

I will give the system restore a try and if that fails I will try an in place install. If that fails then we all now there is a final solution. Format!

Thanks for your help I'll post my findings next week.
0
 

Author Closing Comment

by:Pat Clancy
ID: 39190909
The solution actually came when I did a "restore" of the system/security hive of the registry. Nobus got me started in the right direction.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Error in Visual Project 10 49
SSL how to convert PK7C standard godaddy to PFX 17 46
change local administrator account in windows 10 8 48
relocating SQL 2000 18 39
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question