The following lines were added (+) and removed (-):
Most commonly associated with "This is Microsoft Support" telephone scam.Most commonly associated with "This is Microsoft Support" telephone scam or The [[Microsoft Tech Support Phone Scam]]. As with many of the [[Microsoft Tech Support Phone Scam]]s the goal of the scam artist is to intimidate you into paying money or something very bad will happen to your computer and data. One technique this can be accomplished is by enabling SAM hive encryption after you have been tricked into allowing the scammer remote access, or you have downloaded and installed malicious software.=== Manually Restore Registry Hives ===This is verified to have worked on a system where the automatic backup of the registry was still intact. #Boot from Hiren's boot or a live linux distro via USB or optical media#Mount the Windows partition#Navigate to %SYSTEMROOT%\system32\config #copy the registry hives (these are the damaged ones) to another location or media#Navigate to %SYSTEMROOT%\system32\config\RegBack #copy all the backup registry hives in this folder and paste to the config folder overwriting the damaged registry hives#Reboot You may find that there are no backup registry hives in %SYSTEMROOT%\system32\config\RegBack because the intruder removed them. However, it has been my experience that they are still present.* [https://answers.microsoft.com/en-us/windows/forum/windows_7-security/windows-7-locked-after-scam-call-syskey/5933abb9-4f1b-46cf-bc6a-f81ed33c0a85?auth=1 Windows 7 Locked after scam call - SYSKEY]