Showing posts with label password. Show all posts
Showing posts with label password. Show all posts

Monday, January 21, 2019

RansomWare or a Fake Tech Scammer Locked You Out of Your Computer using a "SysKey" Password

Image result for syskey attack

Some RansomWare Viruses and "Microsoft Tech" Scammers will Enable Windows' "SysKey" Function,
 and lock you out of your computer!

Well we have a few ways you can remove that pesky "SysKey,
and get you back into your computer!

*THIS IS FOR WINDOWS 7; MAY WORK ON 8 or 10 BUT THIS IS NOT TESTED OR CONFIRMED.

If this happens to you, the first thing you can try is use a Windows OS Media disk to remove the "SysKey" function using the Command Line.
  1. Boot to the appropriate OS Media (matches the installed OS version of the computer you are fixing). 
  2. When the OS installation screen comes up, Select USA English and then "Repair the Windows Installation"; DO NOT INSTALL!! 
  3. Go to "Advanced Troubleshooting" 
  4. Click on "Advanced Repairs" 
  5. Click on and open the the "Command Line" tool 
  6. Find the OS Disk by changing drive letters and checkin contents with the "dir" command. ie: cd C: cd D: cd E:, etc. 
  7. Run the following command on the OS drive:
    copy c:\windows\system32\config\regback c:\windows\system32\config 
  8. Say no to the "Software" replace prompt, but say yes to the others and replace a total of 4 files; Default, SAM, Security and System. 
  9. Reboot system 
You should be able to login to the computer again!
A warning however, you may have some security, OS and/or user account damage after the fact.

However there is an alternate method (or two) that can also do the trick, if the above process does not work, or is too difficult!

I have also removed the "Syskey" password using the following procedure:
  1. Boot from a Windows 7 Install DVD/Thumbdrive, or boot from a user created Windows Restore/Repair Thumb Drive.
    *You can also attempt the same procedure from Windows Start-Up Repair; if you are able to get there. 
  2. When the "Install Windows" screen appears, click on "Repair your computer" to access the system recovery options. 
  3. From the nex screen, run System Restore to last point before the syskey password on your computer.
    *This will fail, but must be done! 
  4. Click "run system restore again" and this will take you back to the main system recovery options list. 
  5. Open Command Prompt from the main system recovery options list. 
  6. Open Regedit; type "regedit" without the quotes, into the command prompt and the Regedit application will open. 
  7. Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa and change the 'SecureBoot' value entry from 1 to 0. 
  8. Navigate to: HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account and delete everything for "F value" so that it's data/value is 0000 
  9. Reboot and you should now be able to Login! 

If you are not able to boot into the Windows 8 or 10 Startup Recovery Environment there is still yet another repair method you can try!

To get the computer to run a system restore if you can't get into the recovery environment, you try to make/trip the computer into doing a Startup Repair. 
  • The way we do this, is by turning the system off mid boot and then Startup Repair should catch that "issue" and run the next time you power on. 
  • During this process Windows typically recommends running a system restore to fix any possible boot issues; allow this process to proceed and complete. 
  • After this process has completed, open the computer's DVD drive and insert a copy of Hiren's All-in-one Boot CD/thumb drive. 
  • Turn the system off/restart the system. 
  • Booting from DVD or USB, boot into the Hiren's All-in-one Media and select "Mini XP Recovery Environment" 
  • Allow your system to boot into the "Mini XP Recovery Environment" RAM Drive environment. 
  • Once booted into "Mini XP" you can now run the built in Registry Editor (regedit) to complete the registry edits needed and listed in the previous repair steps. 
This procedure lets you complete the same repair tasks but using a different access methods and tools, but the same general repair principles and process.

These all have worked for me on client machines and has allowed me to get passed a "syskey" password each time. Once I am able to login to the client's system, I will physically disconnect the internet and start my cleaning procedures on the affected system. After a full clean-up, software removal and tune-up the once locked PC will now run fine without the user getting locked out anymore!

I hope this helps general users or other IT professionals!

Pacific Northwest Computers
Jon Pienkowski - Owner/Operator
www.pnwcomputers.com
360.624.7379

Wednesday, June 26, 2013

PNW Computers' Links And Recommended Software

PNW Computers' Links And Recommended Software

A basic list of software, tools, and utilities that we use and recommend!
We will update this list as much as possible! 

Tools and Utilities:

  • Hirens All-In-On Boot CD - Great utility CD with TONS of diagnostic software; HD manufacturers included!
    http://www.hirensbootcd.org/download/
  • BleachBit - When your computer is getting full, BleachBit quickly frees disk space. When your information is only your business, BleachBit guards your privacy. With BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there!
    https://www.bleachbit.org/
  • GParted - GParted is a free partition manager that enables you to resize, copy, and move partitions without data loss. Some repair capabilities as well.
    http://gparted.sourceforge.net/download.php
  • Memtest86 - MemTest86 is a free, thorough, stand-alone memory test for x86 architecture computers.
    http://www.memtest86.com/
  • Offline NT Password & Registry Editor - This is a utility to reset the password of any user that has a valid local account on your Windows System.
    http://pogostick.net/~pnh/ntpasswd/
  • HFSExplorer - HFSExplorer is an application that can read Mac-formatted hard disks and disk images. It can read the file systems HFS (Mac OS Standard), HFS+ (Mac OS Extended), and HFSX (Mac OS Extended with case-sensitive file names), including most .dmg disk images created on a Mac, including zlib / bzip2 compressed images and AES-128 encrypted images
    http://www.catacombae.org/hfsx.html 
  • IsoBuster - IsoBuster is actually a CD/DVD and BD/HD DVD data recovery software that can interpret, open, and extract various CD/DVD/Blu-ray disk image files, including DMG.
    http://www.isobuster.com/download.php
  • Revo Uninstaller Free - Revo Uninstaller lists the installed programs and components for all current users. With a choice of views, as well as a context menu, information on program components is available: program properties, their registry entries, and links to the manufacturer's website, for a start. The "Search" option finds installed applications just by typing the first few letters of their name. Revo Uninstaller Free scans for "leftovers" with advanced algorithms that are precise, fast, and very effective in searching for leftover Windows Services, Drivers, File associations, Shell Extensions, COM components, Windows Installer components, program settings, and more!
    http://www.revouninstaller.com/revo_uninstaller_free_download.html
  • MyDefrag - MyDefrag (formerly JKDefrag) is a disk defragmenter and optimizer for Windows 2000/2003/XP/Vista/2008/X64. Completely automatic and very easy to use, fast, low overhead, with several optimization strategies, and can handle floppies, USB disks, memory sticks, and anything else that looks like a disk to Windows.
    http://www.mydefrag.com/Manual-DownloadAndInstall.html
  • CUTEpdf Writer - Create PDF documents on the fly for Free! Portable Document Format (PDF) is the de facto standard for the secure and reliable distribution and exchange of electronic documents and forms around the world. CutePDF Writer (formerly CutePDF Printer) is the free version of commercial PDF creation software. CutePDF Writer installs itself as a "printer subsystem". This enables virtually any Windows applications (must be able to print) to create professional quality PDF documents - with just a push of a button! ALL FOR FREE!
    http://www.cutepdf.com/products/cutepdf/writer.asp
  • VideoLAN VLC Media Player - VLC media player is a highly portable multimedia player for various audio and video formats as well as DVDs, VCDs, and various streaming protocols without external codecs or programs. It can also be used as a server to stream in unicast or multicast in IPv4 or IPv6 on a high-bandwidth network.
    http://www.videolan.org/vlc/
  • Sumatra PDF Viewer - Sumatra PDF is a slim, free, open-source PDF reader for Windows. Sumatra has a very minimalistic design and is nowhere NEAR the security risk that Adobe Reader can be. Simplicity has a higher priority than a lot of features with Sumatra. It's small, secure, and starts up very fast.
    http://blog.kowalczyk.info/software/sumatrapdf/download-free-pdf-viewer.html
  • Piriform Recuva - Accidentally deleted an important file? Lost something important when your computer crashed? No problem! Recuva recovers files deleted from your Windows computer, Recycle Bin, digital camera card, or MP3 player. And it's free!
    http://www.piriform.com/recuva

Security Software:

What is a rootkit!? A rootkit is a program or a program kit that hides the presence of malware (or itself) in a system. A rootkit for a Windows systems is a program that penetrates into the system and intercepts the system functions; Windows API. It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install their own drivers and services in the system and they also remain “invisible".  

Software Sites:

  • Filehippo.com - Great site that hosts TONS of updates and software titles; anything you can think of really.
  • Ninite.com - Great "update-all-at-once" site that lets you install/update multiple programs without dealing with individual installers, prompts, etc. One download, one install; as many programs as you like!


Let us know of any issues with inks!

Updated 11/1/2013
pnwcomputers@gmail.com