Solved Windows 8 lock out after "a Microsoft call"

MohavePC

Whovian
Member
Messages
27
Location
Arizona
Hello all:
First let me apologize if this is in the wrong place. I have no idea where to post it other than it deals with security.

I have a customer that brought in his windows 8.1 machine because after responding to a "Call from Microsoft" he let them into his computer. I would like to preface this with the fact that in the pact he has indeed let the real Microsoft into his machine to assist with 8.1 setup so I don't think he realized until too late that it was a scam.

I would be happy to post his specs if needed

right now he is faced with a lockout screen (see screenshot)

I haven't seen this type of lockout since the days of windows 2000. I cant even boot with a cd. I have checked and reset the bios to no avail.

My question is has anyone else seen this? any suggestions?
 

Attachments

  • IMAG0729.jpg
    IMAG0729.jpg
    346.4 KB · Views: 135

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG
My guess would be you would need to pull the HD and stick it in an enclosure, docking station or otherwise connect it to a running machine to overwrite whatever they wrote on it as startup code. I doubt you can do anything while it's in the machine.
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
I'm wondering if the machine is in a 'Ransom' state and something like HitmanPro 'Kickstart' could break in. Just a thought.
 

My Computers

System One System Two

  • OS
    Windows 7 Home Premium
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavillion
  • PC2
    Tablet - Windows 10 Home
I cant even boot with a cd. I have checked and reset the bios to no avail.
Apologies if this is obvious but just to double-check... if it's a PC which came with Windows 8 or 8.1 from new, then it would boot in UEFI mode by default, and you need a CD/DVD that's configured correctly to boot (eg. a Windows 8/8.1 Setup disc, but not some other Linux-based CDs), or you need to change the boot mode in BIOS (to Legacy or CSM or something).

The other thought I had was that some computers which come with Windows 8.1 from new, and meet certain hardware standards (eg. boot from an SSD) will have device encryption turned on by default, as part of Windows 8.1. I don't know what dialogs that may generate, and whether it looks anything like that, but maybe that's the cause?
 

My Computer

System One

  • OS
    Windows 8.1, 10
@DavidY good point about the booting.

Also it occurs to me these people may have set the power on password through code. If that's the case I would ask Brink if he has a suggestion as I'm not sure what qualifies as "password bypass" as far as forum rules are concerned.
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
I cant even boot with a cd. I have checked and reset the bios to no avail.
Apologies if this is obvious but just to double-check... if it's a PC which came with Windows 8 or 8.1 from new, then it would boot in UEFI mode by default, and you need a CD/DVD that's configured correctly to boot (eg. a Windows 8/8.1 Setup disc, but not some other Linux-based CDs), or you need to change the boot mode in BIOS (to Legacy or CSM or something).

The other thought I had was that some computers which come with Windows 8.1 from new, and meet certain hardware standards (eg. boot from an SSD) will have device encryption turned on by default, as part of Windows 8.1. I don't know what dialogs that may generate, and whether it looks anything like that, but maybe that's the cause?

Thank you David for the idea but this isn't a uefi issue. This is a custom machine with an uefi Mobo that was upgraded to win 8.1 from 7 ultimate. I am booting with the uefi dvd rom using Kasperski rescue right now but when I tried to boot from the win 8 disk to do a backup it had the same box pop up.

I will let KAS Rescue run tonight and see what it finds. I will then check for startup code as was suggested by MilesAhead (thank you). This box looks very old school as it were and I am of a thought that is it ransom ware especially after it appeared when my customer would not pay "Microsoft" to fix his supposedly Extremely Infected Machine.
 

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG
@DavidY good point about the booting.

Also it occurs to me these people may have set the power on password through code. If that's the case I would ask Brink if he has a suggestion as I'm not sure what qualifies as "password bypass" as far as forum rules are concerned.

as I am not a VIP member here yet (not enough post) would someone kindly ask in the lounge if Brink would look at this? I'll go ask in the 7 forums or in 9 forums. Thanks

I am off here for the evening but will check in first thing in the morning. I am taking the missus out for a couple of drinks as she will be gone to Oregon visiting family all next week.
 
Last edited:

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG
@DavidY good point about the booting.

Also it occurs to me these people may have set the power on password through code. If that's the case I would ask Brink if he has a suggestion as I'm not sure what qualifies as "password bypass" as far as forum rules are concerned.

as I am not a VIP member here yet (not enough post) would someone kindly ask in the lounge if Brink would look at this? I'll go ask in the 7 forums or in 9 forums. Thanks

I am off here for the evening but will check in first thing in the morning. I am taking the missus out for a couple of drinks as she will be gone to Oregon visiting family all next week.

I don't think there's any way you could be prevented from searching terms "PowerOn Password" ;)
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
@DavidY good point about the booting.

Also it occurs to me these people may have set the power on password through code. If that's the case I would ask Brink if he has a suggestion as I'm not sure what qualifies as "password bypass" as far as forum rules are concerned.

as I am not a VIP member here yet (not enough post) would someone kindly ask in the lounge if Brink would look at this? I'll go ask in the 7 forums or in 9 forums. Thanks

I am off here for the evening but will check in first thing in the morning. I am taking the missus out for a couple of drinks as she will be gone to Oregon visiting family all next week.

I don't think there's any way you could be prevented from searching terms "PowerOn Password" ;)

I know you might be thinking I am lazy on this but I have indeed researched this on here and google. Everything I see pertains to the normal login password in windows 8 and how to disable/enable it. I saw nothing that looks like the photo I posted. it is not a uefi pass as I can access that just fine.

I did find one thread that deals with this and it is unsolved as well Link
 

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG
Ok new information. Did not help me perse but might be usefull to others.

Windows has a function called doskey.
With this doskey you can encrypt your user password database and give a boot password.
That is what the "guys from microsoft" did.
You can even save your password on a external drive.
The thing to do is put in a windows install cd, which I cannot get to boot.
choose the recover option and try to reset your system to a earlier date
and everything runs again,
I my case the guys deleted the system restore backups too.
Will have to pull data and Bootnuke then rebuild I guess as I see no options to disable the doskey.
 
Last edited:

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG
I don't use a Power On Password so I wasn't sure what the dialog looked like. I did use DosKey to make aliases as recently as Vista. But I never used the password function. Interesting.

What a way to make a living eh? Putting people through that panic. I wonder how they avoid trace through the phone calls? I hope they get caught in a sting operation.
b0272.gif
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
Windows has a function called doskey.
With this doskey you can encrypt your user password database and give a boot password.
I remember using DOSKEY when it first came out, several years ago - it was an MS DOS utility (not dependent on Windows) and it basically let you recall previous commands you'd put into the command line. Typing DOSKEY /? in a Windows 8 command prompt, it still seems to be the same utility.

It's not clear to me how you'd use it to encrypt a database, set a boot password or whatever?
 

My Computer

System One

  • OS
    Windows 8.1, 10
It's not clear to me how you'd use it to encrypt a database, set a boot password or whatever?

Looking through DosKey reference it seems it's not a function of DosKey. But with DosKey you can easily run a series of commands on one command line, using $T as command separator. With admin privileges you can do nearly anything. With the use of a macro file you can assign innocent looking aliases to most any series of commands.
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
I'm backing up his data now. The info about doskey was off the Microsoft forums. I will likely bootnuke his hard drive Monday and be done. I hate having to do that but seems the only answer. I will check back Monday before I do the nuke and see if anyone else has any ideas. Thanks for trying though. I do appreciate it.

Here's a good reference as to what they did. I showed this to my customer and he said it was almost verbatim
Trying to unmask the fake Microsoft support scammers! - Securelist
 

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG
If the gist of it is they changed his Admin password then there may be alternatives. But if they also loaded some malware then that's not as simple. Please let us know how it's resolved in the end. :)
 

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
If the gist of it is they changed his Admin password then there may be alternatives. But if they also loaded some malware then that's not as simple. Please let us know how it's resolved in the end. :)

I have searched and searched and have found no way to "fix" the "Poweron Password"
 

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG

My Computer

System One

  • OS
    Windows 8.0 x64
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba Satelite C55D-A Laptop
    CPU
    AMD EI 1200
    Memory
    4 gb DDR3
    Graphics Card(s)
    Raedon 340 MB dedicated Ram
    Monitor(s) Displays
    Built in
    Screen Resolution
    1366 x 768
    Hard Drives
    640 GB (spinner) Sata II
    Keyboard
    Built in
    Mouse
    Touch pad
after responding to a "Call from Microsoft" he let them into his computer.

Here's hoping you have already decided to recommend a clean install to the customer (as the only viable solution) because there is no way of knowing "what else" lies beyond that password prompt issue that needs to be addressed. Good luck with your decision.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    CPU
    Intel G2020
    Motherboard
    ASRock B75M-DGS R2.0
    Memory
    8GBs @ 1333 MHz
    Hard Drives
    Samsung 840 EVO
    PSU
    400w
    Internet Speed
    57/11
after responding to a "Call from Microsoft" he let them into his computer.

Here's hoping you have already decided to recommend a clean install to the customer (as the only viable solution) because there is no way of knowing "what else" lies beyond that password prompt issue that needs to be addressed. Good luck with your decision.

Doing a fresh install on a 250 gb ssd and pulling docs and pictures before we nuke the drive.
 

My Computer

System One

  • OS
    Win8
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo y580
    CPU
    i7 3630qm
    Motherboard
    OEM
    Memory
    8GB
    Graphics Card(s)
    OEM
    Sound Card
    OEM
    Monitor(s) Displays
    15.6"
    Screen Resolution
    1366x768
    Hard Drives
    1TB
    PSU
    120watt
    Case
    y580
    Cooling
    laptop fan
    Keyboard
    Lenovo
    Mouse
    Lenovo Wireless
    Internet Speed
    8MBPS
    Browser
    Firefox, Chrome, IE10 when nessessary
    Antivirus
    AVG
Have the same problem with a friends laptop computer running win 8.1. Cannot boot from ANY external drives. Was able to remove drive, hook up to another machine and recover files. All other recovery functions when drive is in the laptop requires administrator privileges. and a message which says that there are no administrator accounts. Has there been any solution to this yet? With drive removed from laptop it will not boot from any external drives also. Headache. btw i dont have much technical skills
 

My Computer

System One

  • OS
    8.1
Back
Top