BleepingComputer.com

how to remove content advisor password

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer. a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Remove a startup password before account s.

gmkj67 04 Oct 2012

myrti 04 Oct 2012

this password is actually a windows feature, the caller has added the encryption of the SAM hive in the registry. What passwords have you tried to get passed it? Often they will use the same password as the windows login password.

What you could try is to use a system restore point to restore the settings, but it is somewhat risky. I would only attempt this once his data has been backed up.

regards myrti

gmkj67 04 Oct 2012

myrti 04 Oct 2012

Hi,

you can restore a registry hive from a system restore snapshot from outside windows, however when you're doing this for the SAM hive and you choose the wrong date in time, user accounts may get deleted, which would lead to your friends data being deleted along with his account. As this is a risk, I would recommend a backup of the C\documents & settings folder before starting this. Let me know if the backup is an option, then we can go ahead with the restoring.

Do you have your Windows CD at hand? If so we could create a live-CD to facilitate the replacements (and work on the disk while it is inside the PC)

regards myrti

Allan 04 Oct 2012

Hi,

this password is actually a windows feature, the caller has added the encryption of the SAM hive in the registry. What passwords have you tried to get passed it? Often they will

regards myrti

Not in this case. This was a scammer trying to get money out of the user. The password was put on and they will want money to remove it.

You can try a repair installation:

Boot to the XP CD and choose the SECOND repair option, allowing XP to install on top of itself. After completion you'll need to go to Windows Update and download & install all updates (except for hardware & driver related updates, which should never be downloaded from Windows Update - only from the OEM websites). Here is a clear tutorial on how to perform a repair install: http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/

caperjac 04 Oct 2012

hi, try hitting f8 on boot up and see if you can get to safe mode and if so go to control panel /users and remove password ,hope you can get into safe mode. if not try the repair install suggested by Allan

its been going on for a few years now. I thought everyone knew

myrti 04 Oct 2012

Not in this case. This was a scammer trying to get money out of the user. The password was put on and they will want money to remove it.

Actually it is, I've seen a number of those scams and they've all been adding the password by enabling the hive encryption, which will prompt for an additional password that you don't know.

The prompt should look like this:

If it DOES look like this I strongly recommend not to try a repair install, as this may easily break your install further as detailed here: Windows NT System Key Permits Strong Encryption of the SAM

After installing the System Key hotfix, and you have not enabled strong encryption, if you attempt to repair the system files using a repair disk

created before installing the System Key hotfix (that is, using the "pre- hotfix" repair disk) you also MUST repair the SYSTEM and SAM registry. If you do not repair the registry, the system files and registry format will not match. You will get an error (error number C00000DF) when you attempt to log on. When the registry and system files are mismatched, the recovery procedure is to repair matching system and registry files. Either repair the registry hives from the same "pre-hotfix" repair disk, or use the "hotfix - Before Encryption" repair disk, which has a registry format that matches the System Key hotfix system files.

regards myrti

Edited by myrti, 04 October 2012 - 01:17 PM.

Allan 04 Oct 2012

Not in this case. This was a scammer trying to get money out of the user. The password was put on and they will want money to remove it.

Actually it is, I've seen a number of those scams and they've all been adding the password by enabling the hive encryption, which will prompt for an additional password that you don't know.

Okay - my apologies

Sarah_Anderson 04 Oct 2012

Wow, a SysKey password. What a sneaky trick!

I think I've only ever seen about half a dozen computers with SysKey passwords in my whole life. Outside of the computer tech community, very few people seem to know that the SysKey utility even exists.

I have a boot disk which can automatically remove SysKey passwords. But it's not a free program, so I don't think the rules of this forum would allow me to upload it for you to use. (Copyright regulations and whatnot.)

So I think your best bet is to follow myrti's advice and manually restore the SAM hive (and maybe also the other hives) from a recent restore point snapshot folder with a Linux or BartPE boot disk.

Good luck.

eric512 08 Dec 2012

Wow, a SysKey password. What a sneaky trick!

I think I've only ever seen about half a dozen computers with SysKey passwords in my whole life. Outside of the computer tech community, very few people seem to know that the SysKey utility even exists.

I have a boot disk which can automatically remove SysKey passwords. But it's not a free program, so I don't think the rules of this forum would allow me to upload it for you to use. (Copyright regulations and whatnot.)

So I think your best bet is to follow myrti's advice and manually restore the SAM hive (and maybe also the other hives) from a recent restore point snapshot folder with a Linux or BartPE boot disk.

Good luck.

Hey Sarah - what paid program is that to remove the Syskey password? I'm playing with a VMware image of a system that was hacked by a telephone scam and the Syskey password was enabled. I'd love to be able to uncover the password for my own education. I've tried some trialware Syskey password tools, but none of them work.

I ultimately had to do a complete fresh install of XP for this user to get their machine back up and running. Luckily the install did preserve the My Documents and other files for the user. The hacker did not turn on the file level encryption.

Edited by eric512, 08 December 2012 - 04:32 PM.

ds_jon 27 Mar 2013

ds_jon 27 Mar 2013

I know this thread is a little old, but mary_anderson, was wondering if you could tell me the name of the purchased program you have to remove the syskey password. in the same situation here with a customer that fell for this scam.  I run a computer repair shop and mostly likely would be able to supply my customers with a better service if I were able to reset vs. reload.

hamluis 27 Mar 2013

Source: www.bleepingcomputer.com

Category: Forex

Similar articles: