Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

computer locked

May 28, 2012 3:37PM PDT

My son let one of those computer fixers that ring up into my laptop. They then told him after 2 hours that he had to pay $99 which he said he wouldn't. They have password locked the laptop. I have bought and run the windows password recovery program, it resets all of them except the one that has been put on by those people. One of the ones that can't change was called support_388945a0. What can I do to get around this problem.

Discussion is locked

- Collapse -
Answer
Password Recovery Utilities
May 28, 2012 4:37PM PDT

I'm not sure if this is your solution but you can try a few of the NirSoft Password Recovery Utilities.
http://www.nirsoft.net/

NirSoft and Sysinternals have some other useful utilities worth checking out. Network monitoring and a key logger program might help.

- Collapse -
re answer
May 28, 2012 9:53PM PDT

Hi, thanks for trying to help but there is nothing on the nirsoft site that can help.

- Collapse -
Answer
Re: password
May 28, 2012 9:57PM PDT

1. First you say "the one", than you say "one of ones". Can you explain?
2. What's that "suppport_388945a0? A password? A Windows account? If it's a Windows account, can you delete it (I mean: the account)?

Kees

- Collapse -
answer
May 28, 2012 10:49PM PDT

when i put the windows password recovery program on it came up with everything that had a password, one was admin, the other was mine and the last 2 were remote help and the support number I wrote. the last 2 were the only ones that couldn't be recovered

- Collapse -
Answer
May 28, 2012 10:54PM PDT

Sorry for the confusion, when I put the windows password recovery program on, it came up with all the passwords on the computer, administrator didn't have one, mine and my husbands came up and was reset but the last two in the list were remote help password and the the one with the numbers that I listed, both of these could not be reset. I cannot get into windows to delete it as when it boot up it comes up with a little box that says xp is password protected and I need to submit the password.

- Collapse -
Do you know who these people were?
May 28, 2012 11:19PM PDT

It was a scam of course, and if we knew who they were we might be able to find out more about their methods.

In any case I am a bit mystified. As far as I am aware there are only two methods of password protecting computers;

1] BIOS passwords

I doubt these can be set remotely because any remote control is extinguished when the system is restarted and it would have to be restarted for the BIOS password to be set. The BIOS password screen would be displayed immediately when turned on and certainly before any OS loads, so I can't see how such a password screen could say "XP is protected" as the BIOS knows nothing about which OS is installed.

2] Windows' Account Passwords. All Accounts are equal and none takes precedence. So on bootup and after the BIOS has done its POST, (Power On, Self Test), routine and reports, the Welcome Screen should show a list of Windows Accounts available. All of them should work and none of them can exclude others from working. There is no method of including a Master Password before allowing user account access.

Can you tell us, clearly, when this little box message appears. From turning the computer on, what do you see before this box is displayed?

Since this is XP, have you tried to boot into Safe Mode to see if the hidden System Administrator's account is displayed? If so, try that.

Mark

- Collapse -
Maybe they do autologon ...
May 29, 2012 5:33AM PDT

into the 'support' account they made.

I suppose Safe Mode doesn't do the autologon. But I don't know. Worth a try anyway, indeed. They might even be able to own in their own password-cleared account, delete that support account and rest the autologon.

Kees

- Collapse -
Answer
May 29, 2012 3:02PM PDT

I have gone into the bios and there is no admin password. The box appears after the initial windows logo when computer is turned on. I have taken a photo of it but don;t know how to upload it here. The people said they were windows repair technicians. From what my son said they sounded indian. When you start in safe mode you get the same box that says xp is password protected.

- Collapse -
To post images
May 29, 2012 9:19PM PDT

These forums don't allow direct image posts but you can stll upload your image to your favored Image Hosting site, eg ImageShack, Photobucket, Flickr or similar, then post a link to that image here to the 'full sized image.

If none of the tools in Ken's link below works, this is looking increasingly difficult.

Mark

- Collapse -
Re: password protected
May 29, 2012 9:56PM PDT
http://www.bleepingcomputer.com/forums/topic200551.html doesn't seem too promising.

I'm afraid a clean install of Windows XP might be necessary. Unless you are willing to do some tricks, like this:

http://support.microsoft.com/kb/307545 tells how to recover from a damaged registry, by (1) replacing it with the very initial versions left for that purpose by the Windows setup program, (2) running system restore to the latest restore point after logging in into that very initial state. You need the XP CD to boot into the recovery console.

I find the rename and copy procedure for step 1 much easier if you do it from a Linux Live CD. That has a GUI (more or less like Windows Explorer) and that's easier than typing all those commands.

If you boot from Linux, do what's mentioned above and it still doesn't work, a clean install is unavoidable. But you can use that same Linux to copy all your personal files to an external hard disk, so you won't lose any data. But it sure is annoying.

Kees
- Collapse -
When the screen gets to that ...
Jun 5, 2012 11:21AM PDT

window try pressing the three fingered salute combination of Ctrl + Alt + Del TWICE and see if you get a normal logon window that allows you to type in your own user name and password.

If it does you can them use your own Admin account to delete the accounts they added. You will also want to download and install TweakUI from Microsoft -
http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-839afb2a2679/TweakUiPowertoySetup.exe

This will allow you to run it and if these people did set up an autologon account you can disable autologon (it is located under the LOGON > Autologon settings in the left window of TweakUI)

Hope this helps.

- Collapse -
Answer
Jun 7, 2012 6:00PM PDT

Thanks for everyone's help,
the only thing that worked was getting the hard drive out and putting it in the usb enclosure, recovered the files, deleted the ones I could find that they put on there, then restored the computer to it's original condition. Lost the programs but happy to recover personal folders. There is certainly a lesson to be learn't from this experience and the son has been justly reprimanded about letting anyone into the computer.

- Collapse -
Answer
Windows Password Recovery/Reset Tools
May 29, 2012 2:52AM PDT
- Collapse -
Answer
Since it hasn't been
May 29, 2012 11:53PM PDT

Since it hasn't been explicitly stated, just for the record, even though I'm sure at this point you've figured it out... Microsoft will NEVER call you directly, nor will any other company like McAfee, Symantec, or whomever else. If someone calls you claiming to be a representative of that company, there's probably a 99.99999999999999999% chance it is a scam. If for some reason you're unsure, claim you're waiting for an important phone call, could you get a number to call them back at. Then you can google that number, and if it doesn't come up as being associated with Microsoft or whomever the person is claiming to be from, never call them back. In fact, I'd call the phone company and report the number as potentially being associated with fraudulent activity. They can the pass along the complaint to whomever is responsible for servicing that particular set of numbers. Probably resulting in their service being terminated, which may not stop the idiots, but it will likely be an inconvenience for them. It's not much, but it's what is available to you legally.

I also haven't seen anyone suggest a simple password reset disc for Windows. You need physical access to the computer for it to work, but that shouldn't be a problem here. There's an intentional "back door" of sorts left in Windows that allows you to reset the password.

http://support.microsoft.com/kb/305478

- Collapse -
Answer
May 30, 2012 1:19PM PDT

Hi, and thanks for your help, I can't get into the computer to create the disc that microsoft give instructions for . I can get into the bios and thats all. I have tried 3 different password recovery programs including the windows password recover version 3.0 one that I paid for and it said was 100% to work but didn't.

- Collapse -
Your options now then
May 30, 2012 6:27PM PDT

Keep trying with the password recovery utilities.

If not then the system is locked out and a reinstall is the only way forward.

You can still get your personal files off that hard drive and there are a couple of options for that;

1] Remove the hard drive, enclose it in a USB external hard drive enclosure, connect that to another Windows computer and copy off all your personal files, or

2] Use a Linux LiveCD like Ubuntu LiveCD on this laptop. Ubuntu is a version of the Linux OS that can be downloaded and burnt onto a CD as an ISO. That CD then becomes the operating system. You can then boot up the laptop with that CD inserted into Linux and copy the files off to some other external media, eg a memory stick or similar.

Not at all satisfactory I know, but these seem to be the only options you now have.

Mark

- Collapse -
Possible alternative
May 30, 2012 7:43PM PDT

Assuming they did something in the registry (such as autologon to that account) I pointed to Microsofts standard recovery for a corrupted registry in a post above. That first replaces the registry with the initial one from long ago, then with the latest one (or any one) from System Restore. If succesfull, it certainly beats a reinstall of the OS. If not succesfull, no harm done, because the clean install will undo everything.

Kees

- Collapse -
You're right
May 30, 2012 7:05PM PDT

You're right, I didn't do more than skim that article and missed the part about how it only works with the current computer. I was thinking you could create it on another computer and then use that to reset the password, but I guess not.

So I would say I agree with Mark in that formatting and starting over seems to be your only real option here short of trying some kind of brute force password cracking program which could take weeks or months. That, or you can pay the $100 extorted from you by the people who locked the thing if you can figure out how to contact them again.

Just let this be a lesson on this kind of scam, and other social engineering scams. You and your kid(s) should probably take some time to learn about the more common types of social engineering scams so that you can recognize them in the future and avoid these kinds of problems.

In any event, once you get the system running again, I would make sure to create one of those password reset disks.