Hi everyone! My first post here.
Like the title said, I'm trying to identify what type of Windows 7 security login was involuntarily placed on a family's PC. I've posted this question on another forum, but they all refused to help because they think I was trying to hack into someone's PC.
Here's the long story...
My uncle got a call from some guy with India accent claiming to work for Microsoft. He said that my uncle's PC has viruses and registry errors. He said he needed to scan my uncles PC to see the extent of the problem, so emailed a link and instructed my uncle to download program from that website. After downloading this system scanner software, he basically took over my uncles PC (like Win remote assistance) and started scanning the PC. According to my uncle, after downloading this program, he saw his mouse cursor moved around the screen, opened the Control Panel and adjusted some settings. What settings it was, he doesn't recall. Again, this sure sounded like Windows Remote Assistance. Now all of this is happening while my uncle was on the phone with this guy. fter he was done scanning, he inform my uncle that the PC has so and so amount of virus and errors. He wanted $200 to remove the virus and fix the registry. My uncle refused, so the guy told him that the PC will be locked with a password until he is willing to pay. My uncle refused because he thought the price is outrageous and he didn't feel comfortable giving someone his CC over the phone. So this guy told my uncle that the PC will be locked with a password and he will only get the password if he pays. He even gave a toll free(800) for my uncle to call back if he changes his mind.
When you boot up the PC, you will get a message "This computer is configured to required a password in order to start up. Please enter the startup password below". As you can see, this isn't the usual Windows login screen.
This is what the login message looks like:
Since we do not have the password, we click on "Restart". After the PC restarts, we get an Window Error Recovery" message
What I've done so far:
I tried running Windows Repair with the recovery disc, but it found nothing wrong. I tried do a system restore to an earlier date, but the message still pops up asking for a password. I've googled this problem and I got "It's a bios password issue", I reset the password in the bios and nothing. Someone mentioned it's a "lsass.exe issue", try running the recovery disc, which I did but it didn't work.
After fiddling with this for nearly 3 days, I decided to reformat and do a clean installation. I pull the hard drive from the PC and placed it in a external hd docking station. I was able to access this hard drive and see all the folders and files. I was surprised that it didn't ask for a password. I decide to run Malwarebytes and scan this hd, but it found nothing. Now I'm backing up all of my uncles files and will proceed to reformat.
This is the contents of the Windows folder on my uncle's hd:
I would rate my PC skills a 4 out of 5. I probably do 10 viruses, malware, etc removal from people's PC every month. I've also done Windows password recovery several times, but I have never encounter something like this before. QUESTIONS:
What type of Windows security is this?
Where in Windows would you go to implement/manage this type of security?
Is it a third party program?
Thanks in advance!