Removal of XP Start-up Password (SysKey)

[barrowhill]

Hope someone can help on this issue.

Friend of mine called me in after he had been caught out by scammers. He
originally put the phoned down on then but they (the "manager") called back
within 20 minutes and basically scared him. The net effect was he let them
have access to his PC to "put right". They've installed software without
permission as well as removed software without permission and finally used
the SysKey function to provide an encrypted XP start-up password
requirement. Again without permission. Action is being taken against the
company concerned but that doesn't help is resolving my friends problems.

I've uninstalled the, unwanted, installed programs and re-installed all the,
wanted, uninstalled programs but am left with the requirement of an XP
start-up password before it will boot to the desktop.

Can someone provide detailed instructions on how to remove this or how to
reset it so no password is required

Thanks in anticipation

 

[Zaphod Beeblebrox]

On Mon, 5 Aug 2013 19:30:05 +0100, "barrowhill"

Hope someone can help on this issue.

Friend of mine called me in after he had been caught out by scammers. He
originally put the phoned down on then but they (the "manager") called back
within 20 minutes and basically scared him. The net effect was he let them
have access to his PC to "put right". They've installed software without
permission as well as removed software without permission and finally used
the SysKey function to provide an encrypted XP start-up password
requirement. Again without permission. Action is being taken against the
company concerned but that doesn't help is resolving my friends problems.

I've uninstalled the, unwanted, installed programs and re-installed all the,
wanted, uninstalled programs but am left with the requirement of an XP
start-up password before it will boot to the desktop.

Can someone provide detailed instructions on how to remove this or how to
reset it so no password is required

Thanks in anticipation

I'm not particularly familiar with the SysKey encryption you are
dealing with, but the first thing I'd do is Google "syskey password
removal" and take it from there. First hit looks promising.

 

[Ken Blake, MVP]

Hope someone can help on this issue.

Friend of mine called me in after he had been caught out by scammers. He
originally put the phoned down on then but they (the "manager") called back
within 20 minutes and basically scared him. The net effect was he let them
have access to his PC to "put right". They've installed software without
permission as well as removed software without permission and finally used
the SysKey function to provide an encrypted XP start-up password
requirement. Again without permission. Action is being taken against the
company concerned but that doesn't help is resolving my friends problems.

I've uninstalled the, unwanted, installed programs and re-installed all the,
wanted, uninstalled programs but am left with the requirement of an XP
start-up password before it will boot to the desktop.

Can someone provide detailed instructions on how to remove this or how to
reset it so no password is required

As far as I'm concerned that's not what he should do. Besides their
getting money from you for doing nothing of any value, if you let them
into your computer, who knows what damage they did there or what
confidential information they stole.

So if you did, I highly recommend that you do both of the following
immediately:

1. Do a clean reinstallation of Windows.

2. Change all of your passwords, especially any for banks or other
financial sites.

 

[barrowhill]

Zaphod,

Many thanks for reply. Found many articles and tips but it's finding the
right one that is helpful.

Apparently not many people, me included, are familiar with Syskey. Looks
like it provides encrypted protection to all accounts registered so you have
to get past this stage before you get to individual account access and
password input (if used).

Hopefully I'll find a simple and easy solution.


"Zaphod Beeblebrox" wrote in message

On Mon, 5 Aug 2013 19:30:05 +0100, "barrowhill"

Hope someone can help on this issue.

Friend of mine called me in after he had been caught out by scammers. He
originally put the phoned down on then but they (the "manager") called
back
within 20 minutes and basically scared him. The net effect was he let
them
have access to his PC to "put right". They've installed software without
permission as well as removed software without permission and finally used
the SysKey function to provide an encrypted XP start-up password
requirement. Again without permission. Action is being taken against the
company concerned but that doesn't help is resolving my friends problems.

I've uninstalled the, unwanted, installed programs and re-installed all
the,
wanted, uninstalled programs but am left with the requirement of an XP
start-up password before it will boot to the desktop.

Can someone provide detailed instructions on how to remove this or how to
reset it so no password is required

Thanks in anticipation

I'm not particularly familiar with the SysKey encryption you are
dealing with, but the first thing I'd do is Google "syskey password
removal" and take it from there. First hit looks promising.

 

[barrowhill]

Ken,

Thanks for you response. Yes he's been conned and paid for absolutely
nothing. Friend received email from company. This what that did...

1. Removed event log
2. Increased virtual memory
3. Cleaned the temporary files.
4. Provided CCleaner (free edition)
5. Installed Smart Cop AV. (AVG Antivirus already installed)
6. Taken Customers details including MAC address and IP address.

And finally, as per terms and conditions of contract (?!?) its mandatory to
provide feedback on the services provided!!!!!!!!

The reason for their actions are laughable.

A complete rebuild may be the only and safest option



"Ken Blake, MVP" wrote in message

Hope someone can help on this issue.

Friend of mine called me in after he had been caught out by scammers. He
originally put the phoned down on then but they (the "manager") called
back
within 20 minutes and basically scared him. The net effect was he let
them
have access to his PC to "put right". They've installed software without
permission as well as removed software without permission and finally used
the SysKey function to provide an encrypted XP start-up password
requirement. Again without permission. Action is being taken against the
company concerned but that doesn't help is resolving my friends problems.

I've uninstalled the, unwanted, installed programs and re-installed all
the,
wanted, uninstalled programs but am left with the requirement of an XP
start-up password before it will boot to the desktop.

Can someone provide detailed instructions on how to remove this or how to
reset it so no password is required

As far as I'm concerned that's not what he should do. Besides their
getting money from you for doing nothing of any value, if you let them
into your computer, who knows what damage they did there or what
confidential information they stole.

So if you did, I highly recommend that you do both of the following
immediately:

1. Do a clean reinstallation of Windows.

2. Change all of your passwords, especially any for banks or other
financial sites.

 

[Ken Blake, MVP]

Ken,

Thanks for you response. Yes he's been conned and paid for absolutely
nothing. Friend received email from company. This what that did...

1. Removed event log
2. Increased virtual memory
3. Cleaned the temporary files.
4. Provided CCleaner (free edition)
5. Installed Smart Cop AV. (AVG Antivirus already installed)
6. Taken Customers details including MAC address and IP address.

And finally, as per terms and conditions of contract (?!?) its mandatory to
provide feedback on the services provided!!!!!!!!

The reason for their actions are laughable.

A complete rebuild may be the only and safest option

It's certainly safest. And he should change all his passwords too.

 

[Paul]

Hope someone can help on this issue.

Friend of mine called me in after he had been caught out by scammers.
He originally put the phoned down on then but they (the "manager")
called back within 20 minutes and basically scared him. The net effect
was he let them have access to his PC to "put right". They've installed
software without permission as well as removed software without
permission and finally used the SysKey function to provide an encrypted
XP start-up password requirement. Again without permission. Action is
being taken against the company concerned but that doesn't help is
resolving my friends problems.

I've uninstalled the, unwanted, installed programs and re-installed all
the, wanted, uninstalled programs but am left with the requirement of an
XP start-up password before it will boot to the desktop.

Can someone provide detailed instructions on how to remove this or how
to reset it so no password is required

Thanks in anticipation

http://pogostick.net/~pnh/ntpasswd/syskey.txt

Now, in all the words there, I don't see any mention
of stuff stored outside the Registry.

Which suggests to me, a possible attack would be to replace
the Registry files offline (using the services of another OS).

This method only works, if you have a "good" Restore Point
from System Restore to work with. It's a two step process.
The "empty" set of registry files (not a long-term useful
set), is installed first, to get the machine to boot. Then,
a Restore Point is used, to put back a known good set of
Registry files. You would need to get inside System Volume
Information, and see how many "RPs" are in there. If about
a hundred appear to be present, then maybe they didn't
reset System Restore and wipe everything.

http://support.microsoft.com/kb/307545

"Good" is a relative term. When a machine is infected with malware,
it's assumed all the Restore Points are compromised (infected).

If these guys were good, they'd simply clear the Restore Points,
do their Syskey, and one easy way of escaping is removed.

*******

There are tools like this. Exactly what a "free trial version"
would do for you, is unknown.

http://www.elcomsoft.com/pspr.html

*******

As has already been discussed, this is purely academic,
as you now can't trust the installation. A clean install
is in order. (Take user data files, email database, stuff
like that, before beginning.) There could be a rootkit on
there for all you know.

*******

Dammit, we need user training courses that come with the computer.

Maybe a video about "what to do when the FBI phones" or
"what to do when Microsoft phones and says you have
thousands of errors in Event Viewer". Why can't people
just hang up ?

Now, if the NSA phones, and says I have ketchup on my
chin, I usually wipe my chin carefully But I
won't do it for the FBI or for Microsoft, if they phone

Paul

 

[ronny254]

Hope someone can help on this issue.



Friend of mine called me in after he had been caught out by scammers. He

originally put the phoned down on then but they (the "manager") called back

within 20 minutes and basically scared him. The net effect was he let them

have access to his PC to "put right". They've installed software without

permission as well as removed software without permission and finally used

the SysKey function to provide an encrypted XP start-up password

requirement. Again without permission. Action is being taken against the

company concerned but that doesn't help is resolving my friends problems.



I've uninstalled the, unwanted, installed programs and re-installed all the,

wanted, uninstalled programs but am left with the requirement of an XP

start-up password before it will boot to the desktop.



Can someone provide detailed instructions on how to remove this or how to

reset it so no password is required



Thanks in anticipation

I am placing the link using which you can get the proper steps to remove it.......

http://computernetworkingnotes.com/xp-tips-and-trick/remove-administrator-password.html