You are Here:
Linux Lite 6.4 RC1 Released - See the Release Announcements Forum section



Using LinuxLite to repair Win 7 password

Author (Read 11526 times)

0 Members and 1 Guest are viewing this topic.

Re: Using LinuxLite to repair Win 7 password
« Reply #24 on: October 16, 2015, 11:44:59 AM »
 

firenice03

  • Rockin' the FREE World
  • Global Moderator
  • Platinum Level Poster
  • *****
  • 1847
    Posts
  • Reputation: 283
  • Linux Lite Member

  • Linux Lite: 5.8 64bit

  • CPU: AMD E2//Atom X5//AMD Phenom II X2

  • MEMORY: 4Gb

  • VIDEO CARD: AMD Mullin Radeon R2//Intel//AMD/ATI RS880

  • Kernel: 5.x
@avj / others
I think the OP may have ended up re-installing Win7... Just as an FYI
The other thread:
https://www.linuxliteos.com/forums/installing-linux-lite/lite-not-finishing-loading/msg18143/?topicseen#msg18143


Hello
I have Lite and Win-7 dual booting which have been  working OK  for over a year

After a problem with Win-7 I reinstalled it after which I could not boot into Lite (black screen with Flashing cursor

I used  Boot-Repair Disk to mend the boot menu

I can now boot to Win-7 OK .

 When I try to boot to Lite the Lite-Splash screen comes up - the progress bar goes normally for a 3rd of the way  but then goes very slowly to the end . The PC then hangs

Colin
« Last Edit: October 16, 2015, 11:47:09 AM by firenice03 »
LL4.8 UEFI 64 bit ASUS E402W - AMD E2 (Quad) 1.5Ghz  - 4GB - AMD Mullins Radeon R2
LL5.8 UEFI 64 bit Test UEFI Kangaroo (Mobile Desktop) - Atom X5-Z8500 1.44Ghz - 2GB - Intel HD Graphics
LL4.8 64 bit HP 6005- AMD Phenom II X2 - 8GB - AMD/ATI RS880 (HD4200)
LL3.8 32 bit Dell Inspiron Mini - Atom N270 1.6Ghz - 1GB - Intel Mobile 945GSE Express  -- Shelved
BACK LL5.8 64 bit Dell Optiplex 160 (Thin) - Atom 230 1.6Ghz - 4GB-SiS 771/671 PCIE VGA - Print Server
Running Linux Lite since LL2.2
 

Re: Using LinuxLite to repair Win 7 password
« Reply #23 on: October 16, 2015, 11:39:17 AM »
 

avj

  • Gold Level Poster
  • *******
  • 530
    Posts
  • Reputation: 110
  • Linux Lite Member

  • Linux Lite: 2.8 64bit

  • CPU: Dual core Intel Pentium D 2.80GHz

  • MEMORY: 2Gb

  • VIDEO CARD: AMD/ATI RC410 Radeon Xpress 200/1100
If you can get access to the windows command line like suggested by N4RPS It might be worth it to create a new administrator account, which is a two step process outlined in the links below.

http://www.windows-commandline.com/add-user-from-command-line/

http://www.windows-commandline.com/add-user-to-group-from-command-line/

After creating a new admin account you should log into it and revoke admin privileges for the Colin account so it no longer has control.
« Last Edit: October 16, 2015, 11:41:04 AM by avj »
I have not failed. Ive just found 10,000 ways that wont work. - Thomas Edison
 

Re: Using LinuxLite to repair Win 7 password
« Reply #22 on: October 16, 2015, 09:49:27 AM »
 

N4RPS

  • Donator
  • Platinum Level Poster
  • **********
  • 1149
    Posts
  • Reputation: 155
  • Knows JUST ENOUGH Linux to be DANGEROUS
    • Orphans for Christ, Self Advocates of Mecklenburg

  • Linux Lite: 2.6 64bit

  • CPU: Several Different 32-bit & 64-bit CPUs, 2-8 GB RAM

  • MEMORY: 8Gb

  • VIDEO CARD: Several Different AMD and Intel GPUs
Hello!

Bless your heart, Colin. Before you 'nuke it and start over', if you can, you might want to try this:

http://www.howtogeek.com/96630/how-to-reset-your-forgotten-windows-password-the-easy-way/

UPDATE: I tried the procedure in the link, and it DOES WORK. I haven't tried this on a PC with a hiberfil.sys file yet, but that shouldn't affect how this works, as you're not trying to read the registry under Linux. Will update this again if it turns out to be an issue.

Additionally, you will need to have an install DVD that matches the version of Windows (Home Premium, Professional) you have installed, or a Windows recovery CD created by the PC you are trying to access. To prevent future anguish, you may want to create one NOW, so you'll have it on hand when you need it.


I know this is Windows 7 we're dealing with here, but for Windows 8/8.1/10 users, let me throw this in, if you're trying to do this under Linux:

If you have not disabled hibernation beforehand with the powercfg command, Linux will NOT let you access what you need to change - which you probably already know, if you've tried accessing such a Windows drive from Linux itself.

Colin, you may also want to contact whatever agency you folks have over there to report cybercrimes to. In the US, it's the FBI:

http://www.ic3.gov

Not that this will help you personally, but it MIGHT get the scumbags one step closer to getting busted...

73 DE N4RPS
Rob
« Last Edit: October 16, 2015, 11:45:48 AM by N4RPS »


A gun in your hand is worth more than a whole police force on the phone.
 

Re: Using LinuxLite to repair Win 7 password
« Reply #21 on: October 16, 2015, 04:40:06 AM »
 

Colin23erk

  • Forum Regular
  • ***
  • 212
    Posts
  • Reputation: 13
  • Linux Lite Member

  • Linux Lite: 2.6 32bit

  • MEMORY: 256mb
Thanks to All for trying to help but every step I try is like " Opening a Can of Worms . and I get a new set of problems to solve -
Even www.linuxliteos.com  went off the Web so I could not seek help from the Forums 

Colin
I Learn something new Every Day !
An "example" is worth a 1000 words
 

Re: Using LinuxLite to repair Win 7 password
« Reply #20 on: October 15, 2015, 01:52:04 PM »
 

paul1149

  • PayPal Supporter
  • I come here a lot
  • *****
  • 316
    Posts
  • Reputation: 42
  • Enjoying Linux

  • Linux Lite: 3.6 64bit

  • CPU: C2D

  • MEMORY: 6Gb

  • VIDEO CARD: nVidia
Yes, superb catch, avj. Colin, forget everything I wrote unless chntpw fails on the actual username. I've used this many times in the form of NT offline PW changer, and the command line is indeed case sensitive.
 

Re: Using LinuxLite to repair Win 7 password
« Reply #19 on: October 15, 2015, 12:19:58 PM »
 

Wirezfree

  • PayPal Supporter
  • Platinum Level Poster
  • *****
  • 1484
    Posts
  • Reputation: 405
  • Linux Lite "Advocate"

  • Linux Lite: 2.8 64bit

  • CPU: i7-4790S

  • MEMORY: 16Gb

  • VIDEO CARD: Intel HD4600 (Integrated)
@avj, nice one.. Have noted this in case any of my Win using friends ever get stuck ;)
Upgrades WIP 2.6 to 2.8 - (6 X 2.6 to 2.8 completed on: 20/02/16 All O.K )
Linux Lite 3.0 Humming on a ASRock N3070 Mobo ~ btrfs RAID 10 Install on 4 Disks :)

Computers Early days:
ZX Spectrum(1982) , HP-150 MS-DOS(1983) , Amstrad CPC464(1984) ,  BBC Micro B+64(1985) , My First PC HP-Vectra(1987)
 

Re: Using LinuxLite to repair Win 7 password
« Reply #18 on: October 15, 2015, 11:05:15 AM »
 

avj

  • Gold Level Poster
  • *******
  • 530
    Posts
  • Reputation: 110
  • Linux Lite Member

  • Linux Lite: 2.8 64bit

  • CPU: Dual core Intel Pentium D 2.80GHz

  • MEMORY: 2Gb

  • VIDEO CARD: AMD/ATI RC410 Radeon Xpress 200/1100
The problem now appears to be that you entered: 
Code: [Select]
chntpw -u colin SAM  that line looks like it should read
Code: [Select]
chntpw -u Colin SAM, capitallization is important. 
Quote
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03e8 | Colin                          | ADMIN  |          |
| 01f5 | Guest                          |        | dis/lock |
I have not failed. Ive just found 10,000 ways that wont work. - Thomas Edison
 

Re: Using LinuxLite to repair Win 7 password
« Reply #17 on: October 15, 2015, 08:45:41 AM »
 

firenice03

  • Rockin' the FREE World
  • Global Moderator
  • Platinum Level Poster
  • *****
  • 1847
    Posts
  • Reputation: 283
  • Linux Lite Member

  • Linux Lite: 5.8 64bit

  • CPU: AMD E2//Atom X5//AMD Phenom II X2

  • MEMORY: 4Gb

  • VIDEO CARD: AMD Mullin Radeon R2//Intel//AMD/ATI RS880

  • Kernel: 5.x
> The problem was created because of a Ransom attack

My guess is the attack crippled your user account. At what point are they demanding the ransom? At the Welcome screen? IAC, if I am correct the SAM hive, and perhaps others as well, is corrupted and you must either revert to a restore point, use last known good config, or restore the registry manually the way I described (and maybe not just the SAM file either, though I would start there). Best would be if you keep up to date system images offline. The alternative would be to try to rescue data and settings, if they're not backed up, and then do a fresh install. At least, that's how I would approach it. Perhaps a malware expert would have a lower level way to solve the problem.

Seen one once, where it used the web cam took a pic and then locked for ransom (think it was saying from FBI)..
I may still have notes, but it wasn't fun...
Had to create a usb with files, boot to the usb run said files.. scan, scan and scan some more...

I'll see what I can dig up, but some info..
http://www.trendmicro.com/vinfo/us/security/definition/Ransomware
https://www.f-secure.com/en/web/labs_global/removing-police-themed-ransomware

These are samples... Try to nail down which your infected by to properly remove...
Some scanners, some require manual deletion of registry keys...
Back up your stuff first..
May want to try some online scanners through LL on the Windows partition...
 
LL4.8 UEFI 64 bit ASUS E402W - AMD E2 (Quad) 1.5Ghz  - 4GB - AMD Mullins Radeon R2
LL5.8 UEFI 64 bit Test UEFI Kangaroo (Mobile Desktop) - Atom X5-Z8500 1.44Ghz - 2GB - Intel HD Graphics
LL4.8 64 bit HP 6005- AMD Phenom II X2 - 8GB - AMD/ATI RS880 (HD4200)
LL3.8 32 bit Dell Inspiron Mini - Atom N270 1.6Ghz - 1GB - Intel Mobile 945GSE Express  -- Shelved
BACK LL5.8 64 bit Dell Optiplex 160 (Thin) - Atom 230 1.6Ghz - 4GB-SiS 771/671 PCIE VGA - Print Server
Running Linux Lite since LL2.2
 

Re: Using LinuxLite to repair Win 7 password
« Reply #16 on: October 15, 2015, 06:59:42 AM »
 

paul1149

  • PayPal Supporter
  • I come here a lot
  • *****
  • 316
    Posts
  • Reputation: 42
  • Enjoying Linux

  • Linux Lite: 3.6 64bit

  • CPU: C2D

  • MEMORY: 6Gb

  • VIDEO CARD: nVidia
> The problem was created because of a Ransom attack

My guess is the attack crippled your user account. At what point are they demanding the ransom? At the Welcome screen? IAC, if I am correct the SAM hive, and perhaps others as well, is corrupted and you must either revert to a restore point, use last known good config, or restore the registry manually the way I described (and maybe not just the SAM file either, though I would start there). Best would be if you keep up to date system images offline. The alternative would be to try to rescue data and settings, if they're not backed up, and then do a fresh install. At least, that's how I would approach it. Perhaps a malware expert would have a lower level way to solve the problem.
 

Re: Using LinuxLite to repair Win 7 password
« Reply #15 on: October 15, 2015, 04:57:54 AM »
 

Colin23erk

  • Forum Regular
  • ***
  • 212
    Posts
  • Reputation: 13
  • Linux Lite Member

  • Linux Lite: 2.6 32bit

  • MEMORY: 256mb
Thanks
Tried what you said


[/code]

[email protected]:/media/sda1/Windows/System32/config$ chntpw -l SAM
chntpw version 0.99.6 110511 , (c) Petter N Hagen
Hive <SAM> name (from header): <\C:\Windows\system32\config\sam>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 203/15264 blocks/bytes, unused: 11/5056 blocks/bytes.




* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03e8 | Colin                          | ADMIN  |          |
| 01f5 | Guest                          |        | dis/lock |


-------------------------------------------------------------------------------------------


[email protected]:/media/sda1/Windows/System32/config$ chntpw -u colin SAM
chntpw version 0.99.6 110511 , (c) Petter N Hagen
Hive <SAM> name (from header): <\C:\Windows\system32\config\sam>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
File size 262144 [40000] bytes, containing 5 pages (+ 1 headerpage)
Used for data: 203/15264 blocks/bytes, unused: 11/5056 blocks/bytes.




* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03e8 | Colin                          | ADMIN  |          |
| 01f5 | Guest                          |        | dis/lock |


---------------------> SYSKEY CHECK <-----------------------
SYSTEM   SecureBoot            : -1 -> Not Set (not installed, good!)
SAM      Account\F             : 0 -> off
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
Syskey not installed!
Cannot find value <\SAM\Domains\Account\Users\Names\colin\@>


Hives that have changed:
 #  Name
None!


[email protected]:/media/sda1/Windows/System32/config$




Code: [Select]
[font=Verdana][size=78%] not sure where to go n --Concerned about this line ( [/font][/size][font=Verdana][size=x-small]Cannot find value <\SAM\Domains\Account\Users\Names\colin\@>)[/font][/size]
[font=Verdana][size=x-small]
[/font][/size]
[font=Verdana][size=x-small]The problem was created because of a Ransom attack (my own slip up )[/font][/size]
[font=Verdana][size=78%]
[/font][/size]
I Learn something new Every Day !
An "example" is worth a 1000 words
 

Re: Using LinuxLite to repair Win 7 password
« Reply #14 on: October 14, 2015, 08:07:44 PM »
 

firenice03

  • Rockin' the FREE World
  • Global Moderator
  • Platinum Level Poster
  • *****
  • 1847
    Posts
  • Reputation: 283
  • Linux Lite Member

  • Linux Lite: 5.8 64bit

  • CPU: AMD E2//Atom X5//AMD Phenom II X2

  • MEMORY: 4Gb

  • VIDEO CARD: AMD Mullin Radeon R2//Intel//AMD/ATI RS880

  • Kernel: 5.x
This thread is fascinating.  I'm learning some stuff.  Good teamwork here.

I too got giddy when it worked ;)
This is a great little tool, specially combined with a Live USB. I could of used it many times over the years...
LL4.8 UEFI 64 bit ASUS E402W - AMD E2 (Quad) 1.5Ghz  - 4GB - AMD Mullins Radeon R2
LL5.8 UEFI 64 bit Test UEFI Kangaroo (Mobile Desktop) - Atom X5-Z8500 1.44Ghz - 2GB - Intel HD Graphics
LL4.8 64 bit HP 6005- AMD Phenom II X2 - 8GB - AMD/ATI RS880 (HD4200)
LL3.8 32 bit Dell Inspiron Mini - Atom N270 1.6Ghz - 1GB - Intel Mobile 945GSE Express  -- Shelved
BACK LL5.8 64 bit Dell Optiplex 160 (Thin) - Atom 230 1.6Ghz - 4GB-SiS 771/671 PCIE VGA - Print Server
Running Linux Lite since LL2.2
 

Re: Using LinuxLite to repair Win 7 password
« Reply #13 on: October 14, 2015, 08:01:21 PM »
 

torreydale

  • PayPal Supporter
  • Platinum Level Poster
  • *****
  • 1581
    Posts
  • Reputation: 261
  • * Forum Moderator *

  • Linux Lite: 6.2 64bit

  • CPU: Intel i5-5300U (4) @ 2.900GHz

  • MEMORY: 8Gb

  • VIDEO CARD: Intel HD Graphics 5500

  • Kernel: 5.x
This thread is fascinating.  I'm learning some stuff.  Good teamwork here.
Want to thank me?  Click my [Thank] link.
 

Re: Using LinuxLite to repair Win 7 password
« Reply #12 on: October 14, 2015, 07:27:10 PM »
 

firenice03

  • Rockin' the FREE World
  • Global Moderator
  • Platinum Level Poster
  • *****
  • 1847
    Posts
  • Reputation: 283
  • Linux Lite Member

  • Linux Lite: 5.8 64bit

  • CPU: AMD E2//Atom X5//AMD Phenom II X2

  • MEMORY: 4Gb

  • VIDEO CARD: AMD Mullin Radeon R2//Intel//AMD/ATI RS880

  • Kernel: 5.x
Ok so I installed chntpw... I was getting the same errors as you...

I was able to get it to work...

TYPE the command into terminal - Don't copy and paste... chntpw -l SAM
I copied and pasted = failed
Manually entered = success

Its the "-" copied its the longer typed its the shorter... Why this makes a difference I don't know...

I retyped and tested the below... It did seem to work...
Code: [Select]
chntpw -l SAM
Code: [Select]
chntpw -u user SAM
I'll toss in some screenshots...

Shots:
Failed

Success:
« Last Edit: October 14, 2015, 08:11:36 PM by firenice03 »
LL4.8 UEFI 64 bit ASUS E402W - AMD E2 (Quad) 1.5Ghz  - 4GB - AMD Mullins Radeon R2
LL5.8 UEFI 64 bit Test UEFI Kangaroo (Mobile Desktop) - Atom X5-Z8500 1.44Ghz - 2GB - Intel HD Graphics
LL4.8 64 bit HP 6005- AMD Phenom II X2 - 8GB - AMD/ATI RS880 (HD4200)
LL3.8 32 bit Dell Inspiron Mini - Atom N270 1.6Ghz - 1GB - Intel Mobile 945GSE Express  -- Shelved
BACK LL5.8 64 bit Dell Optiplex 160 (Thin) - Atom 230 1.6Ghz - 4GB-SiS 771/671 PCIE VGA - Print Server
Running Linux Lite since LL2.2
 

Re: Using LinuxLite to repair Win 7 password
« Reply #11 on: October 14, 2015, 06:03:37 PM »
 

paul1149

  • PayPal Supporter
  • I come here a lot
  • *****
  • 316
    Posts
  • Reputation: 42
  • Enjoying Linux

  • Linux Lite: 3.6 64bit

  • CPU: C2D

  • MEMORY: 6Gb

  • VIDEO CARD: nVidia
Sorry, I messed up the location of regback. It's under system32/config.
 

Re: Using LinuxLite to repair Win 7 password
« Reply #10 on: October 14, 2015, 05:50:57 PM »
 

Colin23erk

  • Forum Regular
  • ***
  • 212
    Posts
  • Reputation: 13
  • Linux Lite Member

  • Linux Lite: 2.6 32bit

  • MEMORY: 256mb
Hi Paul
Thanks for the idea but I cannot find
RegBack
Quote
../system32/RegBack over to the ../config folder.


I am getting the feeling that the only way to go is to Reinstall Win7 .


Fortunately I keep all my own Data / files in a separate Partition so they should not be affected as I can use them with LinuxLite .
I have always kept them separate  from Windows from the days when crashes were a fact of life


Colin
I Learn something new Every Day !
An "example" is worth a 1000 words
 

 

-->
X Close Ad

Linux Lite 6.4 RC1 Released - See the Release Announcements Forum section