Tech Support Forum banner
Status
Not open for further replies.

[SOLVED] Microsoft Scam, Two Administrator Accounts

4K views 20 replies 4 participants last post by  spunk.funk 
#1 ·
Hello everyone,

An elderly relative of mine recently fell for the 'this is Microsoft and your computer has a virus' phone call scam. She gave them remote access to her PC, and when she didn't pay, they essentially locked her out. I now have her machine, and am trying to undo the damage. First, they put on a start up sys key password, which I have managed to remove. Where I'm having trouble is that they also added an extra administrator account, or just renamed her account to Compaq_Administrator. With some software on a bootable CD, I have reset the passwords on all accounts on this machine to <blank>. I checked and re-checked that the passwords were set to <blank> However, when I reboot, the login screen for just the Compaq_Administrator account comes up, and still tells me to enter the correct password. They put the password hint as 'asdf', which of course is the first four keys on the middle row of the left side of the keyboard..just for their convenience I guess. So, I'm stuck.

Her machine is an old Compaq desk top that runs Windows XP Media Center Edition.

I am trying to preserve her data obviously, but also her OS. I can retrieve her data, but she does not have rescue/restore disks to re-install her OS. I don't remember seeing a restore option in the HD itself (while in safe mode)

She can't ever seem to afford a new PC , so I have been keeping this one alive and kicking for her for years.

I would appreciate any suggestions...thank you :)
 
See less See more
#4 ·
Re: Microsoft Scam, Two Administrator Accounts

Since you're not requesting password help which we aren't permitted to give, perhaps our Security Team can have a go at it.
We recommend that you read this article…
http://www.techsupportforum.com/forums/f50/new-instructions-read-this-before-posting-for-malware-removal-help-305963.html
follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the Virus/Trojan/Spyware Help section of the forum.
(Simply, click on the colored links to be re-directed.)

Please ensure that you create a new thread in the Virus/Trojan/Spyware HelpForum; not back here in this one.

When carrying out The Malware Removal Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to the Virus/Trojan/Spyware Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.
 
#5 ·
Re: Microsoft Scam, Two Administrator Accounts

Boot into Safe Mode, do you have the option to boot into Administrator built in Administrator? If so, go to Start/Run and type control userpasswords2 Here you can highlight any user account that is not the one you are logged in as, and Remove it
 
#7 ·
Re: Microsoft Scam, Two Administrator Accounts

Hello everyone,

Thanks for the suggestions. I haven't had the time in the last few days to mess with the machine. Plan on doing so this evening to try what you suggested. Will post later with the results. Fingers crossed. :smile:
 
#8 ·
Re: Microsoft Scam, Two Administrator Accounts

Hello again,

I can get into the machine, even in safe mode. There's three accounts, Compaq_Administrator, Administrator, and Guest. All three have have passwords. In safe mode, the three accounts come up and all ask for a password. How can I get in to do the malware scan, or remove any account? I can't get passed the log in screen. My relative has never had a password on her account, so this is something the scammers did. Even if I could delete one, I don't know which 'administrator' account was originally hers. That's where her data is, and I wouldn't want to delete that one, even if I could.
 
#9 ·
Re: Microsoft Scam, Two Administrator Accounts

I gave a non PW solution in Post #4 when you claimed the PW situation was overcome. If not, our Rules apply.

From TSF RULES

You may not ask for assistance with any deemed illegal activities such as but NOT restricted to the following::

* software pirating
* hacking
* password cracking
* keystroke recording software
* assistance with accessing copyrighted software programs
* Leeching on private or public WiFi/Broadband connections
 
#11 ·
Thank you everyone for at least trying to help. :) Just to clarify, the password I managed to remove was a 'start up' or sys key password. The system would not boot without entering it. Without going into too much detail so I won't get into trouble, removing the start up password was also supposed to 'set to blank' any passwords on all user accounts. It did remove the sys key so the system would at least boot up, but not the passwords, even though each entry says blank. The scammers need to be hung from the highest tree, and that is too nice. Without the recovery disks, her PC is history by the looks. I'm going to focus on just trying to recover her data, at least the pictures she has. Maybe someday she can get a new machine. Thanks again, and I apologize if I've inconvenienced anyone.
 
#13 ·
Re: Microsoft Scam, Two Administrator Accounts

Hello again everyone,

I managed to recover the data. The scammers deleted it along with putting a password in every possible place. They really don't like it when they don't get the $$ they thought so sure they were going to get. I am now doing a factory restore. I have never done before, so my new question is how long does this typically take? I've been watching the screen slowly fill with dots for almost three hours. Just before that it said 'Please wait while Windows prepares to start.' Is this normal, or is it stuck at some point during the restore?

Thanks again :)
 
#14 ·
Re: Microsoft Scam, Two Administrator Accounts

The process is doing a Full format of the HDD and checking for bad sectors. If the HDD has many bad sectors, it will take a very long time to do the full format, possibly over night. If it still has not completed or seems to have hung after that, then the HDD may need to be replaced.
 
#15 ·
Thank you, that's good to know. It's still going, and it's been about 6 hours. I'm going to let it go overnight and see if any progress is made. I hope the HDD isn't bad. If it is, then that's it. I don't have the disk to install XP on a new drive. She lost it long ago. I discovered that this PC had a separate recovery partition, and that's what I'm trying to do the factory reset from.
 
#16 ·
Re: Microsoft Scam, Two Administrator Accounts

There are many options,
First if the Recovery fails or hangs, you can test the HDD by downloading the ISO image of Seatools in my signature and burn the image to CD using IMGBurn also in my signature. Boot off of the CD and run the Short and Long tests to confirm if the drive has failed. You can go to Ebay and probably find a Recovery CD or a Retail version of XP or Windows 7 if you like.
 
#17 ·
Thank you. I left the PC running overnight, but we lost power for about 15 minutes during the night. I haven't yet turned the computer back on to see what happened.

If the drive was still formatting/resetting during the power loss, will that add insult to injury?
 
#20 ·
When I booted the PC today, it went back to the recovery screen and said, 'Please wait while Winows starts.' This time, however, instead of endless dots following that message, the machine started successfully. I'm very happy. Now I'm removing 10 year old bloat ware programs, and getting things re-installed.
Thank you again for the suggestions and help :)
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top