Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Please help identify this Windows 7 login security

10 Jan 2013   #1
JimmyVu

Windows 7 Ultimate x64
 
 
Please help identify this Windows 7 login security

Hi everyone! My first post here.

Like the title said, I'm trying to identify what type of Windows 7 security login was involuntarily placed on a family's PC. I've posted this question on another forum, but they all refused to help because they think I was trying to hack into someone's PC.

Here's the long story...

My uncle got a call from some guy with India accent claiming to work for Microsoft. He said that my uncle's PC has viruses and registry errors. He said he needed to scan my uncles PC to see the extent of the problem, so emailed a link and instructed my uncle to download program from that website. After downloading this system scanner software, he basically took over my uncles PC (like Win remote assistance) and started scanning the PC. According to my uncle, after downloading this program, he saw his mouse cursor moved around the screen, opened the Control Panel and adjusted some settings. What settings it was, he doesn't recall. Again, this sure sounded like Windows Remote Assistance. Now all of this is happening while my uncle was on the phone with this guy. fter he was done scanning, he inform my uncle that the PC has so and so amount of virus and errors. He wanted $200 to remove the virus and fix the registry. My uncle refused, so the guy told him that the PC will be locked with a password until he is willing to pay. My uncle refused because he thought the price is outrageous and he didn't feel comfortable giving someone his CC over the phone. So this guy told my uncle that the PC will be locked with a password and he will only get the password if he pays. He even gave a toll free(800) for my uncle to call back if he changes his mind.

When you boot up the PC, you will get a message "This computer is configured to required a password in order to start up. Please enter the startup password below". As you can see, this isn't the usual Windows login screen.

This is what the login message looks like:


Since we do not have the password, we click on "Restart". After the PC restarts, we get an Window Error Recovery" message


What I've done so far:
I tried running Windows Repair with the recovery disc, but it found nothing wrong. I tried do a system restore to an earlier date, but the message still pops up asking for a password. I've googled this problem and I got "It's a bios password issue", I reset the password in the bios and nothing. Someone mentioned it's a "lsass.exe issue", try running the recovery disc, which I did but it didn't work.

After fiddling with this for nearly 3 days, I decided to reformat and do a clean installation. I pull the hard drive from the PC and placed it in a external hd docking station. I was able to access this hard drive and see all the folders and files. I was surprised that it didn't ask for a password. I decide to run Malwarebytes and scan this hd, but it found nothing. Now I'm backing up all of my uncles files and will proceed to reformat.

This is the contents of the Windows folder on my uncle's hd:


I would rate my PC skills a 4 out of 5. I probably do 10 viruses, malware, etc removal from people's PC every month. I've also done Windows password recovery several times, but I have never encounter something like this before.

QUESTIONS:
What type of Windows security is this?
Where in Windows would you go to implement/manage this type of security?
Is it a third party program?

Thanks in advance!


My System SpecsSystem Spec
10 Jan 2013   #2
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64
 
 

It sounds like some type of ransom-ware was installed to the system - since you are going to format and re install Windows, this will remove the ransom-ware so you wont have further problems.

Regards,
Golden
My System SpecsSystem Spec
10 Jan 2013   #3
Dwarf

Windows 8.1 Pro RTM x64
 
 

Hi Jimmy,

I'm sorry, but your uncle has been scammed. There is no way on this Earth that anyone can ring someone up and claim that they have PC virus/registry problems. How did they get your uncle's phone number in the first place? I would consider having it changed because once one scammer has got hold of it and it has been verified as an active line (by your uncle answering it in the first place), the chances are this won't be the last call of this type that your uncle receives.

I'm pleased that your uncle had the sense not to pay up, and a full reformat is probably the easiest remedy for this.
My System SpecsSystem Spec
10 Jan 2013   #4
JimmyVu

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Golden View Post
It sounds like some type of ransom-ware was installed to the system - since you are going to format and re install Windows, this will remove the ransom-ware so you wont have further problems.

Regards,
Golden
So this isn't something that was built-in to Windows, but a third party software?

Can you remove this "ransom-ware" without reformat?

I just noticed something on this hard drive Program Files folder called Uniblue...It seems suspicious. I'm going to look into it.
My System SpecsSystem Spec
10 Jan 2013   #5
Dwarf

Windows 8.1 Pro RTM x64
 
 

It is possible, but will probably require specialist advice and will depend on the type and variant of ransom-ware that has been installed. In addition, there is no telling what other damage has been done. If you wish, I can ask one of our malware specialists to take a look. Please carry out her instructions and report back with any information that she asks for.
My System SpecsSystem Spec
10 Jan 2013   #6
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64
 
 

Uniblue is one of those 3rd party registry cleaners.....I don't think that's the source of the problem.

Follow Jacee's advice (the malware expert Dwarf referred to) when she replies if you want to try and clean it up. Alternatively, if you still plan to format and re-install Windows, that will certainly clean it up.
My System SpecsSystem Spec
10 Jan 2013   #7
JimmyVu

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Dwarf View Post
Hi Jimmy,

I'm sorry, but your uncle has been scammed. There is no way on this Earth that anyone can ring someone up and claim that they have PC virus/registry problems. How did they get your uncle's phone number in the first place? I would consider having it changed because once one scammer has got hold of it and it has been verified as an active line (by your uncle answering it in the first place), the chances are this won't be the last call of this type that your uncle receives.

I'm pleased that your uncle had the sense not to pay up, and a full reformat is probably the easiest remedy for this.
I totally agree with you. When I was called over to his house to check on this PC, I was just dumbfoundead the entire way over there as to how they know his phone numbers. I interrogated him like the FBI. Did he get any weird emails? Filled out any online questionnaires? Visit any weird website? See any strange pop-ups? He answered NO to everything. I told him to keep an eye out for his identity with the credit bureau from now on.

As for him not paying, he told me he might of paid if it were $20. He's a 67 yrs old who calls me everyday when he needs to print something. So when a guy from Microsoft calls and tells him that his Windows has been sending error messages to Microsoft headquarters, he believed him. How many seniors could fall or have fallen for this? Unbelievable!
My System SpecsSystem Spec
10 Jan 2013   #8
JimmyVu

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Dwarf View Post
It is possible, but will probably require specialist advice and will depend on the type and variant of ransom-ware that has been installed. In addition, there is no telling what other damage has been done. If you wish, I can ask one of our malware specialists to take a look. Please carry out her instructions and report back with any information that she asks for.
Yes, please have Jaycee contact me. I have not formatted the drive yet, as I now have access to it by way of the external docking station. I'm interested to know how to resolve this if I ever encounter it again.

Thanks
My System SpecsSystem Spec
10 Jan 2013   #9
Dwarf

Windows 8.1 Pro RTM x64
 
 

They carefully choose the amount that they demand from you in order to provide you with the key to unlock your PC. This amount is designed to make you think that you are paying for a worthwhile service whereas nothing could be further from the truth. If they charge too much, people won't fall for them. Likewise, charging too little will have the same effect.

This key that they provide on receipt of their demands actually serves 2 functions. One, it removes the prompt and allows you to use the PC as normal. However, its other more sinister function is to actually activate whatever Trojan/malware that they have placed on your system.

Unfortunately, there are plenty of gullible people out there to give these crooks a decent living. I'm sorry that your uncle fell for this scam, but at least he had the sense not to cave in to their demands for money.
My System SpecsSystem Spec
10 Jan 2013   #10
Dwarf

Windows 8.1 Pro RTM x64
 
 

Quote   Quote: Originally Posted by JimmyVu View Post
Quote   Quote: Originally Posted by Dwarf View Post
It is possible, but will probably require specialist advice and will depend on the type and variant of ransom-ware that has been installed. In addition, there is no telling what other damage has been done. If you wish, I can ask one of our malware specialists to take a look. Please carry out her instructions and report back with any information that she asks for.
Yes, please have Jaycee contact me. I have not formatted the drive yet, as I now have access to it by way of the external docking station. I'm interested to know how to resolve this if I ever encounter it again.

Thanks
Done. Please await her reply.
My System SpecsSystem Spec
Reply

 Please help identify this Windows 7 login security




Thread Tools





Similar help and support threads
Thread Forum
Login pop up windows security
Hi all, when i try to login into several forums i get a windows security pop up telling me to fill out username and password. when i fill them in i still get not logged in the site/forum etc. the pop up re appears blank and i will get not any further. i will send a screenshot of this pop up...
System Security
Login Security
Hey guys, still getting my head round windows 7.In relation to security i do not know if this is possible in the slightest, is one able to have a voice recording on bootup or at the login page warning others that attempted unauthorised access or theft will be detected? The person i work for has...
System Security
Windows Security Center not identify MSE
Hallo! I have installed MSE for several times,but the problem still the same.It is,that Windows 7 security center /the icon with the flag do not recon identify,that MSE is installed and report for a antivirus and Windows Defender are missing. So,please help me !I love Microsoft Security...
System Security
Default Domain in "Windows Security" login dialog
When using IE8 and navigating to a site that requires authentication, a dialog is poped up requesting the username and password. On Windows versions prior to 7, this would not default the Domain to the name of the computer (assuming the computer is not part of an AD Domain), in fact there was no...
Network & Sharing
windows security - no login
Hi, my problem occured after a repair (my bcd table was exploded due to some tests with multi boot xp - seven). it worked fine before the repair. I have several computers on my network, and one of them is unreachable through windows 7. In network tab I can see it (as the other ones) and when...
Network & Sharing
Security Program Prevents Windows 7 Login. Must Disable
Hello, I upgraded to Windows 7 RC yesterday, but now that I finished upgrading, I can't login through Asus Security Protect Manager. It gives a 'server error' when I try and login through the fingerprint recognition or password.:cry: However, I was able to login through Safe Mode in Windows...
Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:33.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App