Talk:Technical support scam/Archives/2014

Latest comment: 10 years ago by TheChampionMan1234 in topic IP Editor


How to make registry backups

I don't know if this belongs in the article; too detailed, an advertisement? If anybody thinks it belongs, it would be good to add it.

There is a free program called ERUNT (Emergency Recovery Utility NT) that makes backups of the registry. There may be others; I'm not trying to promote the program, just to suggest a resource; I use it, and it has saved me from registry problems a few times. ERUNT makes backups of the registry; unlike Windows System Restore it doesn't create huge backups of the entire system. While in principle System Restore would allow the encrypted SAM to be reinstated from a good version (not trivial if the machine won't boot), the scammers often delete this. Windows also maintains a backup copy of the registry; this can be maliciously deleted, and also becomes overwritten if the locked machine is rebooted (not necessarily at the first reboot, it is always worth checking for a SAM dated before the attack). All these things require booting from a boot CD; a naïve user is best advised to leave the machine switched off until an expert can see it.

Anyway, ERUNT makes backup copies of the registry each time the computer is booted on a different day. It keeps the latest 30 (by default) backups. Reinstating the registry requires booting from an external Windows boot CD and executing a command-line program.

A user with no expertise is unlikely to do make these precautions, but if someone sets up the computer to run ERUNT (totally invisible to the user) and removes syskey.exe (or replaces it by an innocuous program with the same name, maybe displaying in huge letters "SCAM! Disconnect NOW!), there is considerable protection against the computer being irreversibly locked. Of course, malefactors can delete the ERUNT backups, but they probably won't know about them. Pol098 (talk) 11:11, 10 November 2014 (UTC)

IP Editor

I was editing under the IP 202.52.36.56 (talk · contribs) because the Wikipedia Mobile App had trouble logging in. Thank you for your understanding. - TheChampionMan1234 06:00, 11 November 2014 (UTC)