Did you know that QuickFix has a whole residential side of IT department? We do not only help businesses but also home users!
Well, yesterday a QuickWatch residential customer dropped off her laptop with the symptom that it “wouldn’t boot.” As part of standard procedure, we test the solid state drive first and found random errors. It backed up successfully, though, and we restarted the machine.
The first thing that came up on the screen was a statement that the hard drive was protected by a password. When Kreela called the customer, she was taken by surprise. She had set no hard drive password on her work machine. We incorrectly surmised that the drive firmware or chip might be failing.
Brad, who worked on Windows NT way back in the day, immediately corrected the tech and said that was an early Windows kernel request. So we googled the message and found that the customer’s machine had been accessed by FAKE Tech Support, which is a common way to hold the machine hostage if the customer fails to pay.
The fix requires pulling the drive and manually copying the registry hive from its backup folder, something only a Geek can love. We were successfully able to bypass the unknown password and restore the machine to working condition in minutes. Kreela then confirmed the hack by starting the run command and seeing the word “SYSKEY”, which we would never do that because it encrypts the SAM registry, locking out all users.
Often the FAKE Tech Support person can delete the system restore points so that the operating system would have to be reinstalled. Without a backup, all her documents and pictures would have been lost. But our customer had Quickwatch! With QuickWatch backups, we would have easily restored all her data, settings, and programs; it simply would have taken much longer than 10 minutes (plus time to scan for viruses).
In the end, Kreela was able to call and give the customer the good news: everything is back the way she liked…but she needed to find out who used her computer, and which credit card might be compromised.
If you have any questions or think that your computer has been compromised, please reach out. We would love to help you as well.