In the last few months, a number of users have reportedly received calls from scammers impersonating Microsoft or other big names in the IT industry. These scammers call the users by looking up their names on the internet, and spin a story about their computers supposedly sending out viruses, being hacked, or presenting other issues to pique their interest. Unaware users who fall for this ruse grant these scammers access to their PCs. The scammers subsequently trick these users into purchasing something from them for a few hundred dollars. If the user refuses to pay, the scammers set up a startup password, which locks down the computer and encrypts the files. This process is technically defined as “the encryption of the SAM hive in the registry.
Now in simple terms, to restore your computer and remove the password, ‘you need the original registry.’ We’ll try to accomplish this with the help of this guide.
Using the Registry Edit Utility to Restore the Registry Hive from RegBack.
To perform this method, you would need to know how to access the BIOS in order to select the proper boot device, which could be either a CD or a USB. Additionally, you will need the RegistryEditor ISO (We are no longer hosting this ISO – Please Google it for a mirror) and write it to the disc/USB using MagicISO or another ISO Burning Program.
- If you don’t know how to boot to bios, see the manufacturer’s manual for your system.
- Once you’ve booted from the registry and started correctly using the ISO image, you will see a black screen of this type.
- Wait a few minutes until it takes you to the prompt that shows: ‘Select: ’.
- Type ‘l’ and hit ‘Enter’ in the prompt to see your Windows partitions.
- Then, choose your Windows Partition from the list. In my case, on VMWare, it is , so I chose 2 and then pressed Y to confirm if I wished to force it.
- The next prompt will be [Windows/system32/config] : _
- Type Windows/system32/config and Hit Enter.
- Then type 1 and press Enter. It will then prompt you with the following options:
- Choose option 2 here: “syskey status & change.” The next prompt will then ask if you truly wish to disable syskey. At this stage, type ‘Y’, then hit enter followed by ‘Q’. Afterwards, it should inquire if you want to confirm the overwrite. Confirm it, then return to the BIOS, alter the boot order, and elect to have the hard disk as your primary boot device. Once finalized, save the changes. Then, restart and exit. This process should resolve the start-up password issue.
Removing the start-up password after logging in is possible.
This method is only for those who were able to successfully log in using the guessed passwords.
- After logging in with the default passwords, hold the Windows Key and press R. In the run dialog, type ‘syskey’ and click OK.
- Then click the Update option.
- Then, choose ‘System Generated Password.’ Next, select the second option labeled ‘Store Startup Key Locally.’ Once completed, re-enter the default password you used to log in and select ‘OK.’
- A confirmation will appear on the screen stating, “The account database Start-up key was changed.” Click ‘OK.’ This will remove the password. Remember, never grant anyone access to your system who claims to be from Microsoft or elsewhere, as there are many tech support scams out there. You might put yourself at risk by following their instructions.