Windows 7 Locked after scam call - SYSKEY

I have had a couple for customers fall for the "This is So and So from Windows 7 Tech support, we have detected malicious software on you PC. The customers have given the scamers access to the PC and its now locked with What looks like the XP Syskey lock screen. There are reports the Password are 123 or 1234 or abcd. But that all failed. If you have this problem:

THIS IS FOR WINDOWS 7 ONLY, MAY WORK ON OTHER OS!!!!

I have repaired the syskey issue when created by scam call from “Windows 7 Tech Support” in windows 7. I repaired customers computers (1 32-bit and 1 64-bit) successfully, To remove following the steps below:

1.     Boot from windows 7 install cd.

2.     When the Install Windows page appears, click Repair your computer to access system recovery options.

3.     Run System Restore to last point before syskey password blocked access. (This will fail, but must be done). Click run system restore again (this will take you back to the options list)

4.     Open Command Prompt from the options list.

5.     Open Regedit (Type regedit into the command prompt). Regedit will open.

6.     Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa, and change 'SecureBoot' value to 0.

7.     HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account Change F value to 0000

8.     Reboot and Login

This has worked for me on two machines. After reboot I ran Super-anti Spyware, Ad-Aware and Hitman Pro to confirm, found 68 items on Super-Anti Spyware, 5 more on ad aware and no further detection's on Hitman Pro. The PC now runs fine with not Lockouts or Passwords.

Hope this helps everyone with this problem.

MICROSOFT / WINDOWS 7 SUPPORT WILL NEVER RING YOU UNLESS YOU HAVE REQUESTED THEM TO DO SO!!!!!!!!!!!!!!!!

 

Discussion Info


Last updated September 23, 2018 Views 164,101 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi Josh,

I own a computer repair and tech support company here in the US and see the "Microsoft Scam" all the time.  Many of the scammers are, as you state,  now using a syskey lock-out and holding the computer for ransom in order to provide the password.  My question to you is this:  what if they have deleted all the restore points?  Last week I had two that came in with syskey and did a simple disc boot, CMD and ran "rstrui.exe" and bam restored and syskey gone.  However, I have had other machines in the shop and when you run the restore it says "no restore points are available."  Any thoughts?  Thanks for your reply.

Replace the registry with the copy stored in the RegBack folder if you cannot find a restore point. 
I have no restore points as I myself disabled system restore. Is there a way to remove/reset the syskey on Windows 7? I know many things can be done with booting with linux, is there a way to remove the syskey on a Win 7 from Linux?
Is it works in windows 8
Reply In reply to deleted message

Thank you Josh vk.

It worked!

Asus laptop so locked down can't get to cd rom to boot for repair?  boots up to startup password - tried all I could find that has worked for anyone else.  tried all other restore - refresh - and command options - all end in there aren't any administrator accounts on this PC.   I have also tried to reset and says a required drive is missing.  Totally locked down.   But the user was on the phone with them for a couple of times over a two day period.  

I'm working on the same problem with Windows 10 on a HP laptop.  I am using a Win 10 install on a USB drive.  I can get to regedit, but I'm not able to change the keys because perhaps the registry keys for syskey have change from Win 8.1 to Win 10.

chemistry teacher in chicago

Possibly a permissions issue on the keys?

John

Programmers are either not taught about Occam's razor or they forgot about it the following day.

Friend rang in panic - suspected scam - windows 10.

Suggested switch off computer (hold start button 5 seconds).

Went round - syskey password required on restarting computer!

started again and used F8 key to get into other options.  Eventually navigated to system restore and went back one week.

Everything OK - but it could have been worse.

Clearly users must be more suspicious - being phoned up by somebody unknown claiming to be from a well known organisation with the story that your computer is infected with X, Y, or Z is worrying - but people have to trust their anti virus program (if they have anti virus!!!!) to keep them safe and to know that reputable companies would not phone them in this manner.  I always ask "if you have a report from my computer please tell me what operating system I'm using and whether its 16,32, or 64 bit, what processor I'm using and my installed memory".  They can't answer - so its obviously a scam!

But do we think that its worth installing our own syskey password so that others can't?

 When they call me my only goal  is to keep the scammer on the phone  as long as I can so the scammer has  less time on the next victim.  

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.