Need to break into a syskey locked xp system

[Crackle]

So if you read the title and thought, I can help, cool, if you didn't understand a word, you can't!

An acquaintance of mine got scammed. More exactly his wife got scammed in a Talk Talk scam. One of the things the scammers did was lock him out of his own PC with Syskey password which I can't guess. So, without re-building the whole PC, which will be a headache, I need to break the Syskey password, so I'm looking for utilities to do this. I've tried one but it didn't work. There are others but I'm reluctant to look at some of them as they're on dodgy hacking sites.

Has anyone any recommendations or methods or even password guesses?

 

[classic33]

Ransomware?

 

[Crackle]

Ransomware?

No

 

[Crackle]

But one of the things that worries me is what I will find when I get in

 

[Milkfloat]

Are there any restore points on the PC? If there are then you are mightily in luck - just restore back.

I used this method on a PC from a friend which worked for me, but it was a couple of years ago.

http://www.computernetworkingnotes.com/xp-tips-and-trick/remove-administrator-password.html

 

[Crackle]

Are there any restore points on the PC? If there are then you are mightily in luck - just restore back.

I used this method on a PC from a friend which worked for me, but it was a couple of years ago.

http://www.computernetworkingnotes.com/xp-tips-and-trick/remove-administrator-password.html

That's the one I've tried and can't get to work. What happens is, it can't see the partition. So where you select 1 to choose the path, there's nothing there. It might be possible at that point to manually enter the path but so far I've failed to find a command that works but my command line knowledge is basic and non-existent when it comes to 3rd party Linux scripts like that. If someone can tell me how to enter the path I could probably get it to work.

 

[Milkfloat]

That's the one I've tried and can't get to work. What happens is, it can't see the partition. So where you select 1 to choose the path, there's nothing there. It might be possible at that point to manually enter the path but so far I've failed to find a command that works but my command line knowledge is basic and non-existent when it comes to 3rd party Linux scripts like that. If someone can tell me how to enter the path I could probably get it to work.

For me the partition showed up directly. In fact the PC had two partitions and they both showed up. I don't suppose you have the capability to connect the drive up to your own machine do you and try from there?

Did you actually check for restore points?

 

[User33236]

If the PC gas been compromised to that extent and not knowing exactly how the 'attack' took place I, personally, would wipe the system and start from scratch.

They do have backups of everything important don't they?

 

[User33236]

For me the partition showed up directly. In fact the PC had two partitions and they both showed up. I don't suppose you have the capability to connect the drive up to your own machine do you and try from there?

Did you actually check for restore points?

And risk any unknown malware attacking his own system?!

 

[Crackle]

For me the partition showed up directly. In fact the PC had two partitions and they both showed up. I don't suppose you have the capability to connect the drive up to your own machine do you and try from there?

Did you actually check for restore points?

I don't really want to put the drive on my PC or network as I have no clue what's on it.

Restore points are not accessible under F8 on XP or through any repair utility, you have to log in, unless you can tell me how to get to them. I also read they often delete the restore points precisely to stop you getting around the password.

 

[Crackle]

If the PC gas been compromised to that extent and not knowing exactly how the 'attack' took place I, personally, would wipe the system and start from scratch.

They do have backups of everything important don't they?

He does! but I ascertained today that he doesn't know where some of his key software discs are. re-building would be a monumental headache.

 

[John the Monkey]

So if you read the title and thought, I can help, cool, if you didn't understand a word, you can't!

An acquaintance of mine got scammed. More exactly his wife got scammed in a Talk Talk scam. One of the things the scammers did was lock him out of his own PC with Syskey password which I can't guess. So, without re-building the whole PC, which will be a headache, I need to break the Syskey password, so I'm looking for utilities to do this. I've tried one but it didn't work. There are others but I'm reluctant to look at some of them as they're on dodgy hacking sites.

Has anyone any recommendations or methods or even password guesses?

This may well have the stuff you've seen already;
http://triplescomputers.com/blog/ca...pport-telephone-scam-computer-ransom-lockout/

 

[Seevio]

If my understanding of the problem is correct and assuming it's just syskey and not full drive encryption, a live linux disk should be able to recover the data.

 

[Crackle]

This may well have the stuff you've seen already;
http://triplescomputers.com/blog/ca...pport-telephone-scam-computer-ransom-lockout/

The last part is the same iso file I've tried. The first part is under consideration and would involve me putting another HD in and installing a new system and then mounting the original disc as a data disc.

 

[John the Monkey]

The last part is the same iso file I've tried. The first part is under consideration and would involve me putting another HD in and installing a new system and then mounting the original disc as a data disc.

There's possibly some useful stuff in the comments - I've no personal experience of this one, but there's some discussion of tools & methods further down, from what I can see.