Hacker put password on PC, need help to get into PC

windows-10 passwords

They talked him into doing things on his laptop

  1. Please disconnect this PC from the internet right now.

    • If your uncle has used the PC for intenet banking then his bank account details may already be compromised.

  2. Let his bank know what has happened immediately.

    • They will be able to advise him how to change his internet banking details over the phone.

    • The talktalk scammers have already conned some individuals out of thousands of pounds.

  3. Change all his passwords (email, websites, etc)

    • Do this from another computer you know is clean.

  4. Then get professional advice on how to fix this.

    • You don't know exactly what trojans or whatever nasties have been left behind on this PC.

    • Getting the password back is only the first step of a cleanup and the safest thing to do is to reinstall Windows.

    • A professional IT support person should be able to get any personal files saved first (in a safe way) before Windows is reinstalled.

  5. But I really want to clean up this mess myself!

    If you feel you have the technical skills to fix this then:

    • See What can I do if I forgot my Windows password? to get back access to the machine.

    • See How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC? for cleanup instructions.

    • As per comment by JamesRyan consider giving your uncle user access rights only (standard user account). If you are willing to support him in the future keep the Admin rights to yourself. That will at least limit the damages if it happens again.


I would copy all important files to an external drive, and reinstall the computer, since you never know what the cybercriminals did to the current install.

Contact the bank and let them know what happened, and change ALL his passwords for ALL his online services (Banking, Social Media, PayPal, Shopping)

Some of these steps (like installing Windows) should be left to a professional if you don't know what you're doing.

  1. Get a thumbdrive, and install any flavour of Live Linux to it. Perhaps Linux Mint (http://community.linuxmint.com/tutorial/view/389)

  2. Boot the PC in Linux and see if the files are accessible. (eg. not encrypted by the hacker)

  3. Plug in an external hard drive, and copy all important files from the computer's internal drive to the external drive.

  4. Reinstall Windows and any other applications he uses.

  5. Create a user account for him WITHOUT Administrative rights, AND an admin account which is password protected.

  6. Give him access to the standard user account only.


While I would heed the advice to not trust the computer anymore, as well as change all passwords everywhere (as suggested by others)...

If you want to simply change the password on this box - to get files, setup, etc... without the need for "other tools" like HBCD (Hiren Boot CD) or UBCD (Ultimate Boot CD)

Sticky Keys Hack/Trick

I would look into the "Sticky Keys Hack". All you need is a Windows CD so you can get into "Repair Mode" command line... you then replace the sticky key .exe file with the cmd.exe file. When you reboot, you hit shift five times and BAM you have administrator command line.

This trick is available from many places. Random Example - Relevant passage quoted below

To reset a forgotten administrator password, follow these steps:

  1. Boot from Windows PE or Windows RE and access the command prompt.
  2. Find the drive letter of the partition where Windows is installed. In Vista and Windows XP, it is usually C:, in Windows 7, it is D: in most cases because the first partition contains Startup Repair. To find the drive letter, type C: (or D:, respectively) and search for the Windows folder. Note that Windows PE (RE) usually resides on X:.

  3. Type the following command (replace “c:” with the correct drive letter if Windows is not located on C:):

    copy c:\windows\system32\sethc.exe c:\

    This creates a copy of sethc.exe to restore later.

  4. Type this command to replace sethc.exe with cmd.exe:

    copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe

    Reboot your computer and start the Windows installation where you forgot the administrator password.

  5. After you see the logon screen, press the SHIFT key five times.

  6. You should see a command prompt where you can enter the following command to reset the Windows password (see screenshot above):

    net user your_user_name new_password

    If you don’t know your user name, just type net user to list the available user names.

  7. You can now log on with the new password.

After the password is reset and you've logged in successfully, make sure to reverse the process so that you don't have an "open door" into your system.

I've successfully used this "trick" a few times to unlock passwords without having to jump through hoops learning new tools.

Related

Updating Time : ntpdate[3108]: the NTP socket is in use, exiting
Can you grab any IP address on the Internet?
Paranoid Parent: "WiFi safe for baby?" [closed]
How to disable scary terminal commands?
Removing dead thunderflies stuck inside an LCD monitor
Turn off change file extension warning in Windows 7
Can I create a link to a specific email message in Outlook?
Is it safe to install both Homebrew and Macports on the same machine?
How can I make just one page of a Word document horizontal?
Why is piping 'dd' through gzip so much faster than a direct copy?
How to suppress cUrl's progress meter when redirecting the output?
How can I find the oldest file in a directory tree