"MS Support" victim with a new twist

xxenon

xxenon

Member
Reaction score
6
Hello all, The "Hi, I'm calling from Microsoft" scam artists seem to have been calling everyone in my neighborhood lately.

One of my customers fell for it and let them take control of her computer. Of course, they found tons of 'problems' and wanted $250.(greedy s.o.b's) to 'fix' them. They wanted her to wire them the money, but the people at her bank warned her this would be a bad idea, and she didn't.
Now her laptop, an Acer E1-572G running Win8.1, requires a Startup Password (not an Account Logon Pwd) and she has no idea what it is.
I can get into the bios, there are no bios passwords set.
Do any of the erds (DaRT8, Hiren's, etc.) have a reset for this?
 
Last edited:
DaRT pwd reset didn't work.

Box pops up immediately after bios: Startup Password

This computer is configured to require a password in order to start up. Please enter the Startup Password below.

I have Konboot and others, But I believe they are all designed to reset a Windows account logon password. This is something else, not account logon, not bios.
 
Last edited:
Can you take a picture so we can see if it matches anything we have seen ? The one I had was not some kind of encryption.
 
Interesting, I'll boot into DaRT again and see if I can look at registry. I'm guessing these guys are so nasty they've been cut off by Visa and MC; this is the first time I've heard of a request for wire transfer.
 
SYSKEY:

syskey.png
 
If none of the above works (and make a copy of these files asap) check system32\config\regback to see if there are backups of the hives there.
 
JustInspired said:
I've got one on the bench now. Syskey password was 1234. Hehe.

Restore points had been wiped.
Click to expand...

So now that you're in, how did you actually remove SysKey? Or does it turn itself off once you've entered the correct password?

I've been lucky that restore points were available and a manual system restore fixed the issue.
 
If the suggested passwords don't work, perhaps try Ophcrack to find it. BTW, using NTPWEdit on anything but XP is reported to cause continuous reboots. I think you can disable syskey by entering "syskey" in an elevated command prompt.
 
glricht said:
So now that you're in, how did you actually remove SysKey? Or does it turn itself off once you've entered the correct password?

I've been lucky that restore points were available and a manual system restore fixed the issue.
Click to expand...

Hi Gary,
Instead of explaining I'll point you in the direction of this nice video which is pretty much the same as what we did: https://www.youtube.com/watch?v=5ow0NCpD0bU :)

Kind regards,
Julian
 
You must log in or register to reply here.

Similar threads

M
Having the hardest time with LENOVO "Support"
Replies
6
Views
1K
14049752
14049752
tankman1989
Anyone use "US Directory" which they associate with yellow pages - or is it a scam?
Replies
7
Views
8K
callthatgirl
callthatgirl
Back
Top