Windows - SysKey

Discussion in 'Windows, Linux & Others on the Mac' started by keysofanxiety, Jul 8, 2016.

  1. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #1
    Hi all,

    I've had a fair few calls recently from people getting their computers locked down with SysKey. As expected, the passwords are normally 1234 or 12345; completely synonymous with scammers setting this up.

    However my clients have assured me that nobody has had remote access to their computer, they haven't had any cold calls from people pretending to be Microsoft, and haven't let anybody have use of their computers.

    Just to give them the benefit of the doubt -- I was wondering if anybody else who works in customer care has seen this sort of thing pop up frequently in the last month? Can you also think of any way that malware/elevated applications can set this up without the users' knowledge, or would it have to have been activated manually?

    Thanks for any advice or thoughts; just want to keep on my toes with this sort of thing.

    [​IMG]
     
  2. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #2
    For malware, if their action needs user consent, then they are not malware at all.
    Then, I was watching a ton of scammer expose videos these days so I am fully aware of this syskey thingy. Very annoying.
    To remove it, you need tools to reset SAM to remove syskey password. I forgot where to find these tools though.
    If your IT department has spare time, let them develop a fake syskey, and let those scammers enter whatever password they like. This is used to replace the real syskey so that next time those scammers would not be able to just lock users out.
     
  3. keysofanxiety thread starter macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #3
    Ah yeah, not to worry as we're versed in how to remove it. Just wondering if it can be activated without anybody actively doing it remotely? As in, is the only way SysKey can be activated is by opening SysKey and setting a password?

    Or can it be scripted, then the user just blindly clicks "OK" on the UAC prompt, and it's locked down?

    Just trying to figure if they're telling porkies about somebody remote accessing their computer, or if malware/PUPs are getting cleverer. :)
     
  4. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #4
    Hmm, the only way I know to put syskey is through graphical interface, not any programming method.
    And the worst case of putting a syskey is losing all files encrypted using EFS without certificate backup. So this could not cause much actual harm, I think.
     
  5. keysofanxiety thread starter macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #5
    Thank you for taking the time to respond to my queries. Just as I thought -- it's likely that somebody got access to their computer and they were a little confused about who it was (as we frequently use remote access as well). So no need to keep on my toes with a new type of nasty malware!

    Best wishes and hope you have a great weekend. :)
     
  6. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #6
    Hope you have a great weekend too.
     

Share This Page