How to rescue a hijacked Windows 7 machine?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

OM2

Thread Starter
Joined
Oct 28, 2007
Messages
1,029
A friend had a call from 'Microsoft'.
They changed his password and demanded a £10 ransom.
He put the phone down.

His laptop is a Windows 7 one.

Is there anyway I can get in and change or reset his password somehow?

If the answer is no... what's the best way of doing a complete reinstall?
He's got teh serial number below on the sticker. Can I download and reinstall?

What should I do for the hard drive? Format? Use Fdisk or something?
I used Fdisk a long time ago... can't remember what I used for actually!

Thanks.
 

lochlomonder

Colin
Trusted Advisor
Spam Fighter
Joined
Jul 24, 2015
Messages
3,473
In such circumstances, my reaction would be to nuke & pave the machine to ensure it's free of malware. If there's important personal information on the machine he'd like to keep, perhaps consider booting with a Linux live CD to pull the information onto backup media.

Since he has the product key, you can download Windows 7 ISOs from here to do the re-installation. Is it a case of whenever your friend boots the system, it asks for a password and won't let him progress without it? If so, that implies a change in syskey to me. There are various how-to's out there for removing this pest, but I've found them to be largely hit & miss. That's why I recommend a re-installation of the OS from an ISO, since this will take care of the situation.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,029
As I'm sure you're aware, we don't assist with password issues. However, I'm leaving this open to discuss the other options mentioned.
 

OM2

Thread Starter
Joined
Oct 28, 2007
Messages
1,029
@lochlomonder great advice.
i'll do this.

syskey?
not sure.
he told me that they took remote control and while he was in the kitchen, he could see them on the user profile page changing the password.

i don't want to risk anything - he might have all sorts of nasties.
so i will try ISO way after linux boot

QUESTION: will i be able to access the hard drive? i booted from Linux Mint on another latop and am sure i couldnt access the main hard drive. i'll try again though.

i looked up on youtube and saw a way you can 'break in'. but i don't even want to go there.

@Cookiegal thanks. i think the problem is something many others will face.
 

lochlomonder

Colin
Trusted Advisor
Spam Fighter
Joined
Jul 24, 2015
Messages
3,473
OM2,
QUESTION: will i be able to access the hard drive?
Yes, you'll be able to read the hard drive. Within Linux, the convention used is SDA1, SDA2, SDA3, etc. These denote the first partition on drive 1, the second partition on drive 1, and then the third partition on drive 1. If the PC has an additional drive with multiple partitions, these would show as SDB1, SDB2, SDB3, etc. Does this make sense to you?

I'm guessing for the machine in question, you may want to look at SDA2, since I think this is where you'll find the OS and data files. If not, just explore each drive shown to discover where they're saved.
 

plodr

Liz
Joined
Jun 27, 2014
Messages
23,659
They changed his password
Someone can only do this if he/she turned on Remote Assistance. It is off by default in Windows 7.

Did he/she turn it on? If not, then perhaps the password was not changed. Has it been checked to be sure it was actually changed?

If people would just spend the time imaging a computer!!! It takes lees than an hour to restore an image and then all the unlucky person would need to do is be sure the browsers and flash are up to date.
 

OM2

Thread Starter
Joined
Oct 28, 2007
Messages
1,029
thanks for all replies guys.

i could read the hard drive from linux - but couldn't search. i wanted to search for all *.docx and *.jpg and backup files and then restore.
linux could see the files - but couldn't do a search.

i then took out hard drive - think i could attach to an external case and access.
access was blocked - guessing it was microsoft 'sophisticated' way of encrypting.

so i then booted into linux again and had to access and copy files by selecting a few at a time by going through different folders.

now going to download iso @locklomonder gave above.

THANKS for all the help.
 

lochlomonder

Colin
Trusted Advisor
Spam Fighter
Joined
Jul 24, 2015
Messages
3,473
If people would just spend the time imaging a computer!!!
I couldn't agree more. I know some disc imaging programs can be daunting for those unfamiliar with the concept, but I've been impressed with the freeware version of AOMEI Backupper. I've installed this for people I've helped, so I can ease them into the process of regular imaging, and the learning curve has been slight for them.
 

lochlomonder

Colin
Trusted Advisor
Spam Fighter
Joined
Jul 24, 2015
Messages
3,473
You're welcome, OM2 (y)

As plodr mentioned: once your friend gets his PC back up and running, imaging the PC would be a real boon. It's a lot easier to get a machine back up and running after things go awry and that's why I recommend AOMEI Backupper, as I mentioned in my previous post. Disclaimer: I don't work for the company or derive any financial gain. I just believe in credit where credit's due...heh
 

OM2

Thread Starter
Joined
Oct 28, 2007
Messages
1,029
guys...
i tried to download the ISO
microsoft told me that the serial belonged to a pre-install and that they didn't want to help me. :(
oh well.

i had to just resort to the inbuilt restoration to take back to 2012 settings.
only 6 years. :whistle:

question: what should you do in such a case?
how do you do a restoration?
i've actually got the original CD (or DVD) as well... so all wouldn't be lost whatever happened.
but someone could have a corrupt hard disk or something + maybe lost the original restoration disc - and be completely lost?

EDIT another question: how do i get the updates the quickest way? it's going to take many many many hours to get everything upto date!
 

plodr

Liz
Joined
Jun 27, 2014
Messages
23,659
You make images regularly so the computer never has to go back several years. I have not needed to restore a computer to its original state. The worst I've had to do was this year when I had to restore an image to my desktop computer in March. The image was from December 21st. I then had to update two browsers, flash, SpywareBlaster, Malwarebytes. my av and 7-zip. Since the January and February updates were really slowing down the computer, I chose not to install them again.

Sorry but there is no quick way to get 6 years of updates.
Look over all that are offered and do 2012 first. Reboot. Then to 2013 and reboot. Keep going until nothing else is offered.

Don't do any driver updates offered - ever.
 

OM2

Thread Starter
Joined
Oct 28, 2007
Messages
1,029
Don't do any driver updates offered - ever.
how come?

the problem is that it's not for me. it's for a non techno old aged person. :)
he's a top block and i feel so bad that some idiot hijacked his machine.

as for not being able to download ISO - i think that's disgraceful of microsoft.
there are zillions of people with microsoft on their laptops.
of these how many bought a license from microsfot independently and therefore can use the download facility?
surely it must be just a few thousand around the world?

time to ditch microsoft and move to linux.
 

plodr

Liz
Joined
Jun 27, 2014
Messages
23,659
You can download ISOs. You go here
https://www.majorgeeks.com/files/details/microsoft_windows_iso_download_tool.html
grab the tool, then run it and it will list the various version of Windows 7 available for download.
I've used the tool in the past to download 32 bit and 64 bit versions of Home Premium and Pro.

old aged person
I resemble that remark. :D I'm 71.

MS drivers can break things. If you ever heard the saying "if it ain't broke, don't fix it". Years ago MS suggested a driver for my ethernet. I took the advice and allowed it to be installed. I then had no internet access. Thinking I did something wrong, I rolled back the driver and tried again. I had the same result - no internet.
The absolute best place to look for drivers in the manufacturers' website. If they aren't offering any updated drivers, then don't update.
I rarely find it necessary to update drivers.

Before you jump on the linux bandwagon, make sure your hardware is compatible. Linux has gotten easier but it is still not user friendly.

I prefer my android tablet to running linux on my netbook. It is more user friendly and updating is behind the scenes unlike linux where you have to fire up package mangers, set specific repositories and search for updates.
 
  • Like
Reactions: OM2

OM2

Thread Starter
Joined
Oct 28, 2007
Messages
1,029
You can download ISOs. You go here
https://www.majorgeeks.com/files/details/microsoft_windows_iso_download_tool.html
grab the tool, then run it and it will list the various version of Windows 7 available for download.
I've used the tool in the past to download 32 bit and 64 bit versions of Home Premium and Pro.
apologies for being careful...
but how can i trust this website...?
where do they get the ISOs from? do they download from microsoft?
why do i need to download a program to download an iso? why can't i just get a download link?

still don't get why microsoft make it so hard :(

I resemble that remark. :D I'm 71.
that's pretty young i think. :)
you're as old as your mind thinks it is.
 

plodr

Liz
Joined
Jun 27, 2014
Messages
23,659
MS will not give you the download links if you have an OEM serial number, MS refuses to let you download a thing. MajorGeeks is a trustworthy site. I've downloaded from them for years. Those who know me from at least half dozen forums I frequent know I never post links to dodgy sites.

MS makes it hard because they want everyone to get with their program and move to Windows 10. That's not my plan.

If you don't trust the site, then don't download the ISO.
You could always download the ISO then scan it with malwarebytes and your av program. (Right click and select scan with - your security programs should have entries in the right click menu). I routinely do this if I download something I'm not 100% positive about.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top