If you see this message when starting your PC then you have been infected with Syskey encryption.
The most likely cause of this is if you have allowed a individual access to your system via a telephone scam.
Remember there are no legitimate companies that will call you about your PC performance or security out of the blue. Any such phone call is a scam.
So what can you do to recover from this?
If you are lucky then you may find that you can use a Windows 8 Recovery USB or boot from a Linux (Puppylinux/Ubuntu etc;) to repair using the process detailed here…
However, if your PC is like the one I’m working on you may find that the criminals have gone one stage further and prevent you running the Linux solution necessitating reinstalling Windows 8. If this is the case for you you will find that when you restart your PC it automatically goes straight into a unusual looking Check and Repair loop bringing you back to the criminals System Login prompt again.
Of course the rebuilding of Windows 8 is relatively straight forward but what about that valuable data on the PC that you cannot access? If you have a backup saved off somewhere then all well and good but if not then try this method of copying your user folder.
The first thing you need is a Windows 8/8.1 recovery USB flash drive (memory stick).
Hopefully you’ve created one, if not you’ll need to create one from someone with Windows 8 installed. Just type ‘Create Recovery Drive’ and have a blank memory stick to hand.
- Armed with this put it in the infected PC and restart the PC.
The idea is to now boot (startup) your system from that recovery stick. To do this you may need to edit your system BIOS to set the PC to boot from the USB drive. To get into your system BIOS look for the message on start up that identifies the setup key (often Delete or f2). Once in your BIOS you need to find the Boot options and set the first boot device to the USB drive. Once done Save your settings (usually f10) and reboot the system
- When prompted from the reboot select United Kingdom ( or your region)
- Next click on Troubleshoot
- Then Advanced
- Then boot to a Command Prompt
- Take a second memory stick, large enough to backup your user folder and insert this into another USB port.
Your now going to have to find the new memory stick as it will have a drive letter assigned.
- Type in the CMD prompt wmic logicaldisk get deviceid, volumename, description
- From the table find your external drive
Note too that if you type the drive letter (e.g; G:) on the CMD prompt it will flash when you hit the enter key.
Now that we know our external USB drive letter (in the example it is G:) we can use the command xcopy to copy the contents from the C: drive user folder to the G: drive.
Before we copy we’ll check the user accounts on the system
- Type cd C:\users
- type dir
In this example we have only one user (excluding Public).
Now create a new folder on the destination memory stick
- type mkdir G:\username
- On the command line type the following:
xcopy c:\Users\yourusername g:\yourusername /S
Your system will now make a backup of the source location
When complete you will see something similar to the following
- Repeat this process for every user on the system
You now have a backup of your user data and you can safely recover your system with a rebuild.
Be wary about applications, like Outlook and Sage, which save their data in locations outside your main Documents etc;.
If I find a more delicate way of recovering from this version then I will add it below. In the meantime this should at least protect your personal data.