My Dell LapTop removed my 3 users at Login and made up a different one.

Jimmybatts1

Commendable
Dec 15, 2016
6
0
1,510
I turned my computer on tonight and usually I have 3 users. This showed none of them when I turned it on, and had a random user that is similar to my email address. None of my passwords worked so I can't login. I need all of the info on one of the previous users as well. How can I get them back. Please help.
 
Which version of Windows does it run?

If Windows 7 or earlier, tap the Function 8 key while powering up the laptop and see if you can start it in Safe Mode with Command Prompt.

If you can, at the prompt, type
rstrui.exe
and hit the Enter key. With luck, you might be able to run System Restore and take the system back to a working point.
 

Jimmybatts1

Commendable
Dec 15, 2016
6
0
1,510
It is windows 7. I will try this and see if it works. Thank you.




 

bignastyid

Splendid
Moderator
Sounds like ransomware. Seen similar attacks before.

If you are lucky all they did was change the user info. What I usually do is remove the drive and attach it to another system(with full updated virus,spyware and ransomware protection) as a secondary drive to recover data. Then nuke and pave(format and reinstall) since the os has been compromised.

Worst case they encrypted the data and its pretty much gone without the encryption key.
 

Jimmybatts1

Commendable
Dec 15, 2016
6
0
1,510
Sounds terrible. How the heck do I fix this.




 

Jimmybatts1

Commendable
Dec 15, 2016
6
0
1,510
So I went into safe mode at prompt and it came up with the same login page with the user that was created. Don't know how to get to safe mode prompt. Any suggestions. Or is there a way to have somebody extract all of my info out of this computer and just buy a new one to load it into??
 

bignastyid

Splendid
Moderator
No need to buy a new computer. The hardware is fine.
To recover data remove the hdd or ssd from the system and attach it to a working system with upto date virus and malware protection and see if you can find and copy your data. Of the data has been encrypted then your kinda boned.

To get the system up and ruuning after such an event I suggest a clean reinstall. This will require oem win 7 install media.

 
I can't see how it could have altered a facility that only takes effect outside the Windows OS. It didn't start in Safe Mode so in case you didn't tap F8 soon enough or often enough, try again and continuously tap it before you touch the power button.

My hope is that the Administrator account will be on offer and you can work in that to see what happened. While you're there, cjheck eth Service list in Control Panel>Administative Tools and check if you have the Volume Shadow Service set to Automatic and is running. That could be the saviour of your data.
 

Jimmybatts1

Commendable
Dec 15, 2016
6
0
1,510
Thank you. I ended up calling Dell and they're walking me through everything. Thanks again.