Holmes Posted August 26, 2016 Share Posted August 26, 2016 My girlfriends sister's son was on youtube and clicked on a ad and allowed a intruder access to there computer now on startup there is a password startup password. THe intruder encrypted her registry's SAM registry hive and is asking for one thousand dollars to give her computer back to her. SAM is where password hashes are stored. I have read you can try one two three and then add four then five then six then seven then eight then nine or abc or abcd. I have read about how to fix this Im asking if there is anyone that has had this problem before and if they know any passwords that might work. I am pretty sure I know how to fix it Im hoping someone else has run into this problem?? Please constructive feedback please no one word comments. Link to comment Share on other sites More sharing options...
Ghazi Posted August 26, 2016 Share Posted August 26, 2016 Just make a bootable usb or cd using kon boot 2.5. Boot in windows and remove the password if you can. Also there are some other tools like NT Password who make it to remove password of a user but you have to make a bootable usb or cd. I have done it a long time ago. Also can try Password Recovery Bundle 2015 Enterprise Edition 3.5 and use the windows password option. It will make a cd or a bootable usb. Select the mbr for bios or gpt for UEFI based computer. You can use PC Unlocker WinPE 3.8.0 Enterprise Edition boot ISO Link to comment Share on other sites More sharing options...
straycat19 Posted August 26, 2016 Share Posted August 26, 2016 8 hours ago, Holmes said: My girlfriends sister's son was on youtube and clicked on a ad and allowed a intruder access to there computer now on startup there is a password startup password. THe intruder encrypted her registry's SAM registry hive and is asking for one thousand dollars to give her computer back to her. SAM is where password hashes are stored. I have read you can try one two three and then add four then five then six then seven then eight then nine or abc or abcd. I have read about how to fix this Im asking if there is anyone that has had this problem before and if they know any passwords that might work. I am pretty sure I know how to fix it Im hoping someone else has run into this problem?? Please constructive feedback please no one word comments. Sounds like you ran into SAMSAM Ransomware. There are multiple pages on the internet on how to remove it. Here is one example https://howtoremove.guide/samsam-ransomware-removal/ Link to comment Share on other sites More sharing options...
eurobyn Posted August 27, 2016 Share Posted August 27, 2016 boot a pe disk (dlc boot - or hirens or whatever you use to explore a system.) go to youre windows directory choose the folder system32 - goto folder config and open folder regbackup copy file sam en go back to system32\config and overwrite the file. this is a previous file before changed. this works also for not working systems . all the registry files are there. hope it helped you out. You can make a backup first before doing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.