Monday, January 21, 2019

RansomWare or a Fake Tech Scammer Locked You Out of Your Computer using a "SysKey" Password

Image result for syskey attack

Some RansomWare Viruses and "Microsoft Tech" Scammers will Enable Windows' "SysKey" Function,
 and lock you out of your computer!

Well we have a few ways you can remove that pesky "SysKey,
and get you back into your computer!

*THIS IS FOR WINDOWS 7; MAY WORK ON 8 or 10 BUT THIS IS NOT TESTED OR CONFIRMED.

If this happens to you, the first thing you can try is use a Windows OS Media disk to remove the "SysKey" function using the Command Line.
  1. Boot to the appropriate OS Media (matches the installed OS version of the computer you are fixing). 
  2. When the OS installation screen comes up, Select USA English and then "Repair the Windows Installation"; DO NOT INSTALL!! 
  3. Go to "Advanced Troubleshooting" 
  4. Click on "Advanced Repairs" 
  5. Click on and open the the "Command Line" tool 
  6. Find the OS Disk by changing drive letters and checkin contents with the "dir" command. ie: cd C: cd D: cd E:, etc. 
  7. Run the following command on the OS drive:
    copy c:\windows\system32\config\regback c:\windows\system32\config 
  8. Say no to the "Software" replace prompt, but say yes to the others and replace a total of 4 files; Default, SAM, Security and System. 
  9. Reboot system 
You should be able to login to the computer again!
A warning however, you may have some security, OS and/or user account damage after the fact.

However there is an alternate method (or two) that can also do the trick, if the above process does not work, or is too difficult!

I have also removed the "Syskey" password using the following procedure:
  1. Boot from a Windows 7 Install DVD/Thumbdrive, or boot from a user created Windows Restore/Repair Thumb Drive.
    *You can also attempt the same procedure from Windows Start-Up Repair; if you are able to get there. 
  2. When the "Install Windows" screen appears, click on "Repair your computer" to access the system recovery options. 
  3. From the nex screen, run System Restore to last point before the syskey password on your computer.
    *This will fail, but must be done! 
  4. Click "run system restore again" and this will take you back to the main system recovery options list. 
  5. Open Command Prompt from the main system recovery options list. 
  6. Open Regedit; type "regedit" without the quotes, into the command prompt and the Regedit application will open. 
  7. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa and change the 'SecureBoot' value entry from 1 to 0. 
  8. Navigate to: HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account and delete everything for "F value" so that it's data/value is 0000 
  9. Reboot and you should now be able to Login! 

If you are not able to boot into the Windows 8 or 10 Startup Recovery Environment there is still yet another repair method you can try!

To get the computer to run a system restore if you can't get into the recovery environment, you try to make/trip the computer into doing a Startup Repair. 
  • The way we do this, is by turning the system off mid boot and then Startup Repair should catch that "issue" and run the next time you power on. 
  • During this process Windows typically recommends running a system restore to fix any possible boot issues; allow this process to proceed and complete. 
  • After this process has completed, open the computer's DVD drive and insert a copy of Hiren's All-in-one Boot CD/thumb drive. 
  • Turn the system off/restart the system. 
  • Booting from DVD or USB, boot into the Hiren's All-in-one Media and select "Mini XP Recovery Environment" 
  • Allow your system to boot into the "Mini XP Recovery Environment" RAM Drive environment. 
  • Once booted into "Mini XP" you can now run the built in Registry Editor (regedit) to complete the registry edits needed and listed in the previous repair steps. 
This procedure lets you complete the same repair tasks but using a different access methods and tools, but the same general repair principles and process.

These all have worked for me on client machines and has allowed me to get passed a "syskey" password each time. Once I am able to login to the client's system, I will physically disconnect the internet and start my cleaning procedures on the affected system. After a full clean-up, software removal and tune-up the once locked PC will now run fine without the user getting locked out anymore!

I hope this helps general users or other IT professionals!

Pacific Northwest Computers
Jon Pienkowski - Owner/Operator
www.pnwcomputers.com
360.624.7379
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Thursday, January 10, 2019

Make 802.11ac Work Correctly On A Linksys WRT1900AC


Make 802.11ac Work Correctly On A Linksys WRT1900AC Router


I have had a Linksys WRT1900AC router for quiet sometime now, and in it's name it says that is an AC router. Since I have AC compatible Wifi devices, theoretically I should be able to get a max speed of around 1300 Mbps. In reality it would likely see something around 600 Mbps to something around 1024 Mbps due to the connections being wireless and can have interference. What I recently discovered though was that I was getting 802.11n speeds on my devices. I found that to be weird. So  I checked the route's settings.

Under "Network Mode" in the router's settings (logged in through a browser via the router's IP address), I found that the only options for wireless network modes were for A, N or A/N. But nowhere in the menus/options does it specify an option for 802.11ac!?


That was baffling to me seeing as this router is capable of doing 802.11ac according to Linksys AND it's in the devices NAME. So I figured that I was doing something wrong or I was not looking in the right place. Naturally, I checked their FAQ section and found nothing on this.
I also did what I tell ALL my customers to do and read the manual; found no assistance there.

After doing someone line research I found that if flipped the setting in "Network Mode from A/N only to Mixed (and after a reboot of the router) I had 802.11ac speeds! This router apparently HAS to be on "Mixed Mode" for AC speeds to be achieved. Very odd that Linksys would NOT include an AC option in the "Network Mode" section in the router settings, or make it more clear the A/N mode disables/prevents AC speeds all together.

Since I was able to figure it out, I wanted to make this post to hopefully help folks out that find themselves with the same or similar issue!

Pacific Northwest Computers
www.pnwcomputers.com
360.624.7379
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)