Restore Access To Hacked Windows 7 PC?

BENBOBBY · 4 Apr 2017 at 23:17

My uncle unfortunately fell victim to a scam caller today who pretended to be from Microsoft and gave him remote access to his computer (yeh I know! :rolleyes:

)

To make things worse, the scammer added a password to Windows (Windows 7 Home Edition I believe) so is now unable to access his computer. I offered to try help him at least recover his personal files tomorrow (if they haven't been deleted)... So how would you guys go about it? Ive thought of a few possible options:

1. Perform a system restore - would this remove the password or even be possible without entering a password though? If particularly evil they might have deleted all recovery points though.

2. Plug hard drive into another machine as a slave drive then copy files over. However will I be able to access the user files without a password? I forget how sophisticated the security is on Win7. Plus although unlikely could they have installed something to infect a second computer or added a backdoor? Obviously I dont want to put another computer at risk by doing so.

3. Use a Linux Boot CD (KNOPPIX) to boot in without Windows to gain access to the personal files (again not sure how secure Win7 is against this though?)

4. Or finally, try resetting the password but not sure of the process.

Thanks for any advice! :cool:

On Holiday · 4 Apr 2017 at 23:25

Google Windows Password Reset Utilman.exe

This will allow you to open up command prompt at the login screen so you can change the Administrator password.
I'd then get an external USB to copy over all desirable files/folders etc then reinstall Windows to be sure all the dodgy stuff is gone.

AthlonXP1800 · 4 Apr 2017 at 23:45

Long time ago I installed Windows 7 on my sister PC but I was forget what the administrator password was so I googled and found very good tool called Offline NT Password Registry Editor succeed reset password to gain accessed.

http://www.isunshare.com/windows-password/six-methods-for-windows-nt-password-reset.html

If it still not work then here other method to reset Windows 7 password through startup repair on youtube.

Puppetmaster · 5 Apr 2017 at 10:03

Assuming its a Syskey password then you may be able to remove it. Try system restore first.

You will need to press F8 at start up and choose "repair computer" and run system restore from there or boot off a Windows 7 + CD / USB. They will have likely deleted the restore points but sometimes they forget.

If this doesn't work you can try a manual restore, tho you will need a bootable windows / linux or plug the HDD into another PC.

Go to C:\Windows\System32\config\RegBack. Copy the contents into C:\Windows\System32\config. I've had some success with that (worked on Monday on a W7 machine).

I would make a backup of anything important first though in case something bad happens

demonix · 5 Apr 2017 at 15:59

As this is your common or garden scam caller, it's more then likely that syskey has been used to lock out access to the OS which means that those tools aren't going to work.

Also, if that is all they've done (probably because there was no payment made to remove the bogus threats which have been manufactured using whatever commands are available through command prompt like tree) then it is most likely only going to block access to the OS and not the files if connected to another computer (via a USB enclosure, not connected directly to the PC through a SATA port) or by using a linux distro in live mode (however, you probably will have to change the permissions for the some folders so that you can access and copy the files at least in windows), but only use this as a last resort if what @Puppetmaster doesn't restore access (but even then, if access can be restored it would always be for the best to just backup any critical files and start from scratch).

Glanza · 5 Apr 2017 at 16:09

If they've done the usual password setup it won't be the local account and they'll have set a password up on the SAM hive. Which they try charging for to let you unlock it, system restore if possible sometimes get it back to before they enabled it but it isn't a guaranteed fix.

gpuerrilla · 5 Apr 2017 at 21:59

A scammed client gave me their laptop after the syskey method. They did delete all the backups and restore points. A couple of the methods I tried before I just decided to guess the password. I never tried all the potential 'solutions' but a lot of the online advice missed the mark. There were a couple of paid for tools but I never went down that route.

MacRS4 · 7 Apr 2017 at 09:03

The bootable CD on my site here can reset Windows 7 passwords. I've used it a fair few times and it works well.

BENBOBBY · 9 Apr 2017 at 16:57

Many thanks for all the replies. In the end I used the Linux CD method to bypass the password then copied the files across and reformatted

Fishbait · 26 Sep 2017 at 08:39

Hirens Bootcd is what I've used to remove passwords from folks computers over the years.

Steveocee · 26 Sep 2017 at 19:20

Fishbait said:
Hirens Bootcd is what I've used to remove passwords from folks computers over the years.

This is my go to.

vuzzaon · 21 Dec 2017 at 08:42

George9206 said:
Hi! I have ever experienced the same issue before that my PC was locked by a scammer. I suggest you use the method 4 and make a backup of the files on the hard drive. Here are the instructions: https://www.uukeys.com/reset-windows-7-password.html

Note: Resetting syskey might cause system corruption. Make sure you backup the files before trying any password hacking tricks/softwares.

The method 4 works for me. However, it is a bit complicated for users who are not familiar with CMD. Actually, paid solution is much better for normal users. Save time and avoid to mess up the computer.

AHarvey · 21 Dec 2017 at 13:55

google "windows sticky key password reset"

You'll need a linux boot cd/usb like Ubuntu but it's very simple and can be done in under 5 mins.

EDIT:

Do'h, just seen you managed it

Linux live usb's are a god send