Can I bypass the startup password on a computer?

I have a customer that called and said a scammer claiming to be from AOL had gotten on her computer the other day and she would not pay him anything and then when she re-started her computer it came up prompting for a password (BIOS password).
Is there something I can do to get past the password to get into her computer or do we need to change out the motherboard?
Will Schmidtowner Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
If the customer has proof of purchase, they can contact the manufacturer and see if they can reset it. Likely not, and most likely you will need to replace the motherboard to provide new BIOS
0
☠ MASQ ☠Commented:
Also check it is the BIOS password that they've reset, that's pretty tricky to do from a remote connection.  It's more likey to be SysKey that they've changed the password for.  If so you won't be able to get back into Windows but theirdata will be untouched and can be recovered from the HDD.
0
JohnBusiness Consultant (Owner)Commented:
If not BIOS as you assumed, you can recover the data and then reinstall Windows and recover the data
0
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Hello ThereSystem AdministratorCommented:
Pretty nice method is described here.

You can also reset the password by removing CMOS battery and waiting at least 20 mins because of power stored in capatitators.

Also using a 3rd party software is an option here.

Many step-by-steps are on YouTube and many articles describe how to achieve it witout losing anything.

You can also use a jumper on MB to do it. More here.

On many computers (especially old ones), computer manufacturers build in backdoor passwords for their own technicians to use so they can access the BIOS when the hardware is being serviced. Just search it for your device.

These passwords are case sensitive.

AMI BIOS Backdoor Passwords:

    A.M.I.
    AAAMMMII
    AMI
    AMI?SW
    AMI_SW
    BIOS
    CONDO
    HEWITT RAND
    LKWPETER
    MI
    Oder
    PASSWORD

Open in new window


Award BIOS Backdoor Passwords:

        (eight spaces)
        01322222
        589589
        589721
        595595
        598598
        ALFAROME
        ALLY
        ALLy
        aLLY
        aLLy
        aPAf
        award
        AWARD PW
        AWARD SW
        AWARD?SW
        AWARD_PW
        AWARD_SW
        AWKWARD
        awkward
        IOSTAR
        CONCAT
        CONDO
        Condo
        condo
        d8on
        djonet
        HLT
        J256
        J262
        j262
        j322
        j332
        J64
        KDD
        LKWPETER
        Lkwpeter
        PINT
        pint
        SER
        SKY_FOXSYXZ
        SKY_FOX
        syxz
        SYXZ
        TTPTHA
        ZAAAADA
        ZAAADA
        ZBAAACA
        ZJAAADC

Open in new window


Russian Award BIOS Passwords:

    %øåñòü ïpîáåëîâ%
    %äåâÿòü ïpîáåëîâ%

Open in new window


Phoenix Backdoor BIOS Passwords:

    BIOS
    CMOS
    phoenix
    PHOENIX

Open in new window


Other Manufcaturers Backdoor Passwords: (manufacturer name – password)

    VOBIS and IBM – merlin
    Dell – Dell
    Biostar – Biostar
    Compaq – Compaq
    Enox – xo11nE
    Epox – central
    Freetech – Posterie
    IWill – iwill
    Jetway – spooml
    Packard Bell – bell9
    QDI – QDI
    Siemens – SKY_FOX
    SOYO – SY_MB
    TMC – BIGO
    Toshiba – Toshiba

Open in new window

1
JohnBusiness Consultant (Owner)Commented:
You can also reset the password by removing CMOS battery and waiting at least 20 minutes because of power stored in capacitors.

Manufacturers have largely disabled this method.
0
David Johnson, CD, MVPOwnerCommented:
No external user can access your bios and set a bios password. What the bad guy did was run syskeys and encrypt the SAM database.  This is a common extortion gambit.  Boot from an installation media select repair and command prompt.

Find the drive letter of your OS partition and run the following command from a cmd prompt  (replace c: with the actual drive you see while using the recovery environment

xcopy C:\Windows\System32\Config\RegBack C:\Windows\System32\Config /y
1
Lee W, MVPTechnology and Business Process AdvisorCommented:
BIOS is not air-gapped and since BIOS can be updated from a program installed on the OS, I consider this a possibility.  HOWEVER, a VERY VERY low possibility.  I'm 99% certain David is correct, ESPECIALLY if you haven't seen the PC personally and are going purely by what the customer tells.
0
Shaun VermaakTechnical SpecialistCommented:
Here is a comprehensive article on the Computer ransom lockout scam which also use the command mentioned above
https://triplescomputers.com/blog/casestudies/solution-this-is-microsoft-support-telephone-scam-computer-ransom-lockout/
syskey-1-.png
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MacleanSystem EngineerCommented:
If the guy managed to put a PW on then god knows what else he ran such as key loggers or stealing PW DB from browsers.
I'd reset your online PW'ds especially to any sites which you can make payments from or through, plus anything else confidential.
Then I would format the device and rebuild it. But if you have data you wish to keep you will need to repair windows first, pull the network connection to avoid going online, and copy your data before the format.

Also
No external user can access your bios and set a bios password

Not always correct to my knowledge. See HP BIOS Utility Whitepaper here
It mentions resetting and changing PW through their Windows Utility.
0
Will Schmidtowner Author Commented:
Sorry I didn,t get back sooner. I picked up the computer in question this evening and will look at it as soon as I get back to the shop.  I promise to update this tomorrow after I take a look at it.
0
Will Schmidtowner Author Commented:
I started the computer up this morning and it was not at all like the customer said.  The bad guy did a Computer ransom lockout scam with a password.  I feel kind of foolish for believing the costumer instead of looking at the computer first.  
Thank you all for your time and effort in helping me out with this issue.  I still learned a lot through this.
0
JohnBusiness Consultant (Owner)Commented:
Thanks for the update.  We (none of us) can always know from a distance what is going on. Better to get hands on.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Miscellaneous

From novice to tech pro — start learning today.