In the last few months, a number of users reportedly received called from scammers impersonating Microsoft and/or other big names in the IT Industry. They call the user by looking up their names from the internet and tell them a story in relation to their computers sending out viruses or are hacked or some other reason to trigger interest, when this happens user’s who aren’t aware of this allow the scammer access to their PC and they then trick the user into either buying something from them for a couple of hundred dollars and when the user won’t pay them they set up a start-up password, which locks down the computer and encrypts the files. Technically defined as “the encryption of the SAM hive in the registry”.
Now in simple terms, to restore your computer and remove the password “you need the original registry” which is what we’ll try and do with the help of this guide.
Using Registry Edit Utility to Restore Registry Hive from RegBack
To perform this method you would need to know how to get to BIOS to select proper boot device which will be either CD or USB and you will also need to the RegistryEditor ISO (We are no longer hosting this ISO – Please Google it for a mirror) and write it to the disc/USB using MagicISO or another ISO Burning Program.
- If you don’t know how to boot to bios, see the manufacturer’s manual for your system.
- Once you’ve booted from the registry and correctly using the ISO image, you will see a black screen of this type.
- Wait a few minutes, until it takes you to the prompt showing: Select: 
- Type l and hit enter in the prompt to see your Windows Partitions.
- Then choose your Windows Partition from the list. In my case on VMWare it is  so i chose 2 and then pressed Y to confirm if i wish to force it.
- The next prompt will be [Windows/system32/config] : _
- Type Windows/system32/config and Hit Enter.
- Then type 1 and press Enter. It will then prompt you with the following options:
- Choose option 2 here. “syskey status & change“. Then the next prompt will ask you if you really want to disable syskey, type Y and hit enter and then Q. It should then ask if you want to confirm overwrite, confirm it and then go back to BIOS, change boot order and choose the hard disk as your first boot device, save changes, restart and exit. This should fix the start-up password.
Removing Start-Up Password after logging in
This method is only for those who were successfully able to login using the guess passwords.
- After logging in with the default passwords Hold the Windows Key and Press R. In the run dialog type syskey and Click OK.
- Then click the Update option.
- Then choose “System Generated Password“. And then choose the second option which says “Store Startup Key Locally”. Once done, re-enter the default password you used to log in and choose OK.
- A confirmation on the screen will appear to say “The account database Start-up key was changed“. Click OK on it. This will remove the password. Remember, never allow anyone access to your system claiming to be from Microsoft or elsewhere. Because there are many tech support scams out there and you might be at risk heeding their instructions.