Jason Johanknecht
asked on
Vista PC with LOCKED graphic
Had an Vista PC brought in to me today, with a scareware remote story. The computer is LOCKED (Pictures attached). Drive was pulled and no virus/malware/rootkit found. Ctrl+Alt+Del allows me to open task manager, but I cannot actually do anything with hit. The mouse is constrained to the middle of the screen away form Task Mgr, and keyboard input closes everything immediately and then reopens the locked password request. No actual Ransomware is found on the computer asking for money or providing a phone number or e-mail. No change when logging into Safe Mode of any flavor. Replacing registry from regback didn't solve it.
20180810_111145.jpg
20180810_111150.jpg
20180810_111145.jpg
20180810_111150.jpg
It looks to me as if the user fell for the scam and allowed someone to remotely access their PC. The remote "technician" then used syskey on the machine. Syskey isn't a virus or malware. It's built in to the OS so it won't show up on any A/V scans.
1) I take it you already tried the "sdfghj" password displayed in your second image?
2) If you create a new user, does it also have the same issue(s)?
3) Do you have a Vista reinstall DVD you can boot to?
2) If you create a new user, does it also have the same issue(s)?
3) Do you have a Vista reinstall DVD you can boot to?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, it was a remote tech (Hinted that only in my question). I had already ruled out SYSKEY. Lock MY PC 4 was exactly right. I hadn't heard or seen that one before. Not sure if I had mentioned before, but yes the files were unharmed before removing the Lock MY PC 4 as MASQ mentioned. Thanks to all who responded.