Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Please help identify this Windows 7 login security


10 Jan 2013   #1

Windows 7 Ultimate x64
 
 
Please help identify this Windows 7 login security

Hi everyone! My first post here.

Like the title said, I'm trying to identify what type of Windows 7 security login was involuntarily placed on a family's PC. I've posted this question on another forum, but they all refused to help because they think I was trying to hack into someone's PC.

Here's the long story...

My uncle got a call from some guy with India accent claiming to work for Microsoft. He said that my uncle's PC has viruses and registry errors. He said he needed to scan my uncles PC to see the extent of the problem, so emailed a link and instructed my uncle to download program from that website. After downloading this system scanner software, he basically took over my uncles PC (like Win remote assistance) and started scanning the PC. According to my uncle, after downloading this program, he saw his mouse cursor moved around the screen, opened the Control Panel and adjusted some settings. What settings it was, he doesn't recall. Again, this sure sounded like Windows Remote Assistance. Now all of this is happening while my uncle was on the phone with this guy. fter he was done scanning, he inform my uncle that the PC has so and so amount of virus and errors. He wanted $200 to remove the virus and fix the registry. My uncle refused, so the guy told him that the PC will be locked with a password until he is willing to pay. My uncle refused because he thought the price is outrageous and he didn't feel comfortable giving someone his CC over the phone. So this guy told my uncle that the PC will be locked with a password and he will only get the password if he pays. He even gave a toll free(800) for my uncle to call back if he changes his mind.

When you boot up the PC, you will get a message "This computer is configured to required a password in order to start up. Please enter the startup password below". As you can see, this isn't the usual Windows login screen.

This is what the login message looks like:


Since we do not have the password, we click on "Restart". After the PC restarts, we get an Window Error Recovery" message


What I've done so far:
I tried running Windows Repair with the recovery disc, but it found nothing wrong. I tried do a system restore to an earlier date, but the message still pops up asking for a password. I've googled this problem and I got "It's a bios password issue", I reset the password in the bios and nothing. Someone mentioned it's a "lsass.exe issue", try running the recovery disc, which I did but it didn't work.

After fiddling with this for nearly 3 days, I decided to reformat and do a clean installation. I pull the hard drive from the PC and placed it in a external hd docking station. I was able to access this hard drive and see all the folders and files. I was surprised that it didn't ask for a password. I decide to run Malwarebytes and scan this hd, but it found nothing. Now I'm backing up all of my uncles files and will proceed to reformat.

This is the contents of the Windows folder on my uncle's hd:


I would rate my PC skills a 4 out of 5. I probably do 10 viruses, malware, etc removal from people's PC every month. I've also done Windows password recovery several times, but I have never encounter something like this before.

QUESTIONS:
What type of Windows security is this?
Where in Windows would you go to implement/manage this type of security?
Is it a third party program?

Thanks in advance!

My System SpecsSystem Spec
.

10 Jan 2013   #2

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

It sounds like some type of ransom-ware was installed to the system - since you are going to format and re install Windows, this will remove the ransom-ware so you wont have further problems.

Regards,
Golden
My System SpecsSystem Spec
10 Jan 2013   #3

Windows 8.1 Pro RTM x64
 
 

Hi Jimmy,

I'm sorry, but your uncle has been scammed. There is no way on this Earth that anyone can ring someone up and claim that they have PC virus/registry problems. How did they get your uncle's phone number in the first place? I would consider having it changed because once one scammer has got hold of it and it has been verified as an active line (by your uncle answering it in the first place), the chances are this won't be the last call of this type that your uncle receives.

I'm pleased that your uncle had the sense not to pay up, and a full reformat is probably the easiest remedy for this.
My System SpecsSystem Spec
.


10 Jan 2013   #4

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Golden View Post
It sounds like some type of ransom-ware was installed to the system - since you are going to format and re install Windows, this will remove the ransom-ware so you wont have further problems.

Regards,
Golden
So this isn't something that was built-in to Windows, but a third party software?

Can you remove this "ransom-ware" without reformat?

I just noticed something on this hard drive Program Files folder called Uniblue...It seems suspicious. I'm going to look into it.
My System SpecsSystem Spec
10 Jan 2013   #5

Windows 8.1 Pro RTM x64
 
 

It is possible, but will probably require specialist advice and will depend on the type and variant of ransom-ware that has been installed. In addition, there is no telling what other damage has been done. If you wish, I can ask one of our malware specialists to take a look. Please carry out her instructions and report back with any information that she asks for.
My System SpecsSystem Spec
10 Jan 2013   #6

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64 Ubuntu 12.04 LTS Tri-Boot
 
 

Uniblue is one of those 3rd party registry cleaners.....I don't think that's the source of the problem.

Follow Jacee's advice (the malware expert Dwarf referred to) when she replies if you want to try and clean it up. Alternatively, if you still plan to format and re-install Windows, that will certainly clean it up.
My System SpecsSystem Spec
10 Jan 2013   #7

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Dwarf View Post
Hi Jimmy,

I'm sorry, but your uncle has been scammed. There is no way on this Earth that anyone can ring someone up and claim that they have PC virus/registry problems. How did they get your uncle's phone number in the first place? I would consider having it changed because once one scammer has got hold of it and it has been verified as an active line (by your uncle answering it in the first place), the chances are this won't be the last call of this type that your uncle receives.

I'm pleased that your uncle had the sense not to pay up, and a full reformat is probably the easiest remedy for this.
I totally agree with you. When I was called over to his house to check on this PC, I was just dumbfoundead the entire way over there as to how they know his phone numbers. I interrogated him like the FBI. Did he get any weird emails? Filled out any online questionnaires? Visit any weird website? See any strange pop-ups? He answered NO to everything. I told him to keep an eye out for his identity with the credit bureau from now on.

As for him not paying, he told me he might of paid if it were $20. He's a 67 yrs old who calls me everyday when he needs to print something. So when a guy from Microsoft calls and tells him that his Windows has been sending error messages to Microsoft headquarters, he believed him. How many seniors could fall or have fallen for this? Unbelievable!
My System SpecsSystem Spec
10 Jan 2013   #8

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Dwarf View Post
It is possible, but will probably require specialist advice and will depend on the type and variant of ransom-ware that has been installed. In addition, there is no telling what other damage has been done. If you wish, I can ask one of our malware specialists to take a look. Please carry out her instructions and report back with any information that she asks for.
Yes, please have Jaycee contact me. I have not formatted the drive yet, as I now have access to it by way of the external docking station. I'm interested to know how to resolve this if I ever encounter it again.

Thanks
My System SpecsSystem Spec
10 Jan 2013   #9

Windows 8.1 Pro RTM x64
 
 

They carefully choose the amount that they demand from you in order to provide you with the key to unlock your PC. This amount is designed to make you think that you are paying for a worthwhile service whereas nothing could be further from the truth. If they charge too much, people won't fall for them. Likewise, charging too little will have the same effect.

This key that they provide on receipt of their demands actually serves 2 functions. One, it removes the prompt and allows you to use the PC as normal. However, its other more sinister function is to actually activate whatever Trojan/malware that they have placed on your system.

Unfortunately, there are plenty of gullible people out there to give these crooks a decent living. I'm sorry that your uncle fell for this scam, but at least he had the sense not to cave in to their demands for money.
My System SpecsSystem Spec
10 Jan 2013   #10

Windows 8.1 Pro RTM x64
 
 

Quote   Quote: Originally Posted by JimmyVu View Post
Quote   Quote: Originally Posted by Dwarf View Post
It is possible, but will probably require specialist advice and will depend on the type and variant of ransom-ware that has been installed. In addition, there is no telling what other damage has been done. If you wish, I can ask one of our malware specialists to take a look. Please carry out her instructions and report back with any information that she asks for.
Yes, please have Jaycee contact me. I have not formatted the drive yet, as I now have access to it by way of the external docking station. I'm interested to know how to resolve this if I ever encounter it again.

Thanks
Done. Please await her reply.
My System SpecsSystem Spec
Reply

 Please help identify this Windows 7 login security




Thread Tools



Similar help and support threads for2: Please help identify this Windows 7 login security
Thread Forum
Login pop up windows security System Security
Login Security System Security
windows 7 login security with face and password login Software
Windows Security Center not identify MSE System Security
Default Domain in "Windows Security" login dialog Network & Sharing
windows security - no login Network & Sharing
Security Program Prevents Windows 7 Login. Must Disable Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:55 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33