From Newsgroup: alt.comp.os.windows-11

Question for a friend, Recent Lenovo laptop running win11, but I don't
think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser. I tell him to hold the power button down in
order to turn off the computer. Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers. He has a flip phone, no smart phone, but
his email address is supposed to do it. After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2)
Security key. He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey. Tap your security key on the
reader, or insert it into a USB port. He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so
I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS account, to find and tell him his 48 character passkey/password?

Laptop still under warranty: Is this something Lenovo should solve for
him? Or is this windows only?
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser. I tell him to hold the power button down in
order to turn off the computer. Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers. He has a flip phone, no smart phone, but
his email address is supposed to do it. After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2) Security key. He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey. Tap your security key on the
reader, or insert it into a USB port. He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so
I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS account, to find and tell him his 48 character passkey/password?

Laptop still under warranty: Is this something Lenovo should solve for
him? Or is this windows only?

If you can get him to give you his MS credentials then yes, you can log into his account
and get his bitlocker key.
--
Mint 22.3, Thunderbird 140.10.2esr, Firefox 150.0.3
Alan K.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K." <alan@invalid.com> wrote:

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't
think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser. I tell him to hold the power button down in
order to turn off the computer. Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers. He has a flip phone, no smart phone, but
his email address is supposed to do it. After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2)
Security key. He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey. Tap your security key on the
reader, or insert it into a USB port. He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so
I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS
account, to find and tell him his 48 character passkey/password?

Laptop still under warranty: Is this something Lenovo should solve for
him? Or is this windows only?

If you can get him to give you his MS credentials then yes, you can log into his account
and get his bitlocker key.

He would eagerly do that if he knew them. I should have said that he
doesn't remember his password. He doesn't even remember if he set up the
MS account or the store he bought the laptop at did.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 5/19/2026 5:00 PM, micky wrote:

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K." <alan@invalid.com> wrote:

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't >>> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser. I tell him to hold the power button down in
order to turn off the computer. Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers. He has a flip phone, no smart phone, but
his email address is supposed to do it. After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2)
Security key. He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey. Tap your security key on the
reader, or insert it into a USB port. He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so >>> I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS >>> account, to find and tell him his 48 character passkey/password?

Laptop still under warranty: Is this something Lenovo should solve for
him? Or is this windows only?

If you can get him to give you his MS credentials then yes, you can log into his account
and get his bitlocker key.

He would eagerly do that if he knew them. I should have said that he
doesn't remember his password. He doesn't even remember if he set up the
MS account or the store he bought the laptop at did.

Backgrounder -- not an answer

No AI was used for this description
*****************************

rowdy@roddy.piper Email Password 1234ABCD <=== This password allows you to read his email
MS Account WHAT8MYPC <=== MS Account uses *different* password
These should be written on your PostIt note.
You're not supposed to use the same password for
both, but boys will be boys.

If you log into the MS Account, there is supposed to be a thing there
that contains the BitLocker key. And, the Bitlocker key could only "go there", if he had defined an MS Account using rowdy@roddy.piper as the email address.
His home directory would have been C:\users\rowdy (the first five letters of the
email address). If your email address is not your name, then the home directory ends up being weird (the five letters might not look sensible).

The Lenovo is booby-trapped, so that it is going to ask for an email
address during OOBE, and as soon as it gets that email address, right
away it will encrypt C: . Your friend would plug in the first piece of "materials" he had to hand, into that email address field.

You cannot look at his disk right now, unless presenting a BitLocker key.
The Bitlocker key (48 characters) is obviously not the same as the
MS Account password (9 characters in my made-up example). .

When you set up a machine like this, the machine pesters you to create
a secondary login method. One of the options is a PIN

PIN 12345 <==== gets me past my lock screen, good choice for my luggage
Biometric
Fingerprint scanner
Windows Hello webcam (visible+IR dualmode camera)
FIDO Passkey (maybe $50, can have a button to press)

But if you're booted off WinRE.wim , how much of this stuff works ?
The environment, at that point in time, cannot extract anything
from C: until the Bitlocker key is revealed. The Bitlocker key
can be stored in the TPM. Lenovo or Dell or HP have the option
of having yet another partition, with recovery materials we don't
know about.

"Systems prompt for BitLocker recovery key after power failure"

https://learn.microsoft.com/en-us/answers/questions/5527037/systems-prompt-for-bitlocker-recovery-key-after-po

"After power failure several systems prompt for the BitLocker recovery key.
There is an option to skip this drive, and the system will boot without the key."

But, what is it booting into then ? Is it just WinRE.wim ? That's cold comfort. WinRE.wim is your X:/ drive, while C: (encrypted) contains the goods.

Normally (machine working), you have stuff like this.

Examples:
manage-bde -status
manage-bde -on C: -RecoveryPassword -RecoveryKey F:\ <== F: is that recovery USB key you made
manage-bde -unlock E: -RecoveryKey F:\84E151C1...7A62067A512.bek <== Some file in F: being used

PS C:\WINDOWS\system32>

Of course, Lenovo doesn't put a USB key in the box, with instructions
to "plug it in so we can save your life", as why should they give
a fuck about having an F: to use? I've heard of people in the past,
sending the machine back to Lenovo for a refund, when they're locked out.

*******

The first thing about using computers, is to "not panic".

If my friend contacts me, and he says the word "Lenovo",
I'm hearing the word "bomb squad" and my response is "I'll
phone you back, if there is anything we can try, leave it powered
for now".

You would normally try to bring up Task Manager, but Task Manager is
not like in WinXP era, where it tended to work when you needed it.
Since Task Manager is an ordinary application, it could easily be
blocked. Even Microsoft blocks it, on the occasions it wants to
piss you off.

And this is a textbook case... of how NOT to design a computer :-/
If you're going to brutalize your customers like this,
give them a paper manual (not that empty box that comes
with the computer), with instructions on what they're supposed to be doing.

I caught the attempt to encrypt my C: drive on the Big Machine,
by the time it was about half-encrypted. Since it is CBC method
(a block crypto, independent blocks of data so only one block
could get corrupted, and you have the NTFS playback journal), it
really should not be "all that damaged". It's the response the
OS made, which is too extreme for the situation. I promptly brought
up an Admin terminal, and reversed the encryption before it could
even finish. You can do that, as it does it block by block, and
it can unwind it in the reverse direction. On these OSes, there
is no Elephant Diffuser (win7 maybe, higher security level),
which likely makes the blocks more independent of one another.

Bitlocker is available on Pro. Oh Home, they can still encrypt
the C: drive, using Seagate/WDC "Full Disk Encryption" or FDE,
as the engine for crypto. And that is implemented inside
the storage device.

Summary: So much of this depends on you being a Boy Scout,
and preparing in advance.

Paul
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026-05-19 23:00, micky wrote:

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K." <alan@invalid.com> wrote:

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't >>> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

Maybe not.

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser. I tell him to hold the power button down in
order to turn off the computer. Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers. He has a flip phone, no smart phone, but
his email address is supposed to do it. After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2)
Security key. He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey. Tap your security key on the
reader, or insert it into a USB port. He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so >>> I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS >>> account, to find and tell him his 48 character passkey/password?

Laptop still under warranty: Is this something Lenovo should solve for
him? Or is this windows only?

No, it is the human to blame.

If you can get him to give you his MS credentials then yes, you can log into his account
and get his bitlocker key.

He would eagerly do that if he knew them. I should have said that he
doesn't remember his password. He doesn't even remember if he set up the
MS account or the store he bought the laptop at did.

Well, then format and install again everything. This time, write down
the MS password.
--
Cheers, Carlos.
ES🇪🇸, EU🇪🇺;
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

micky wrote on 5/19/2026 3:33 PM:

Question for a friend, Recent Lenovo laptop running win11, but I don't think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser. I tell him to hold the power button down in
order to turn off the computer. Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers. He has a flip phone, no smart phone, but
his email address is supposed to do it. After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2) Security key. He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey. Tap your security key on the
reader, or insert it into a USB port. He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so
I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS account, to find and tell him his 48 character passkey/password?

Laptop still under warranty: Is this something Lenovo should solve for
him? Or is this windows only?

Hmm. is his name Jethro 007?


--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 19 May 2026 16:33:39 -0400, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

Offhand, I'd say he was pwned. I went into the office infrequently and on
one trip found my Win11 machine with BitLocker asking for a key. I never
used BitLocker.

The IT guy confirmed the entire company had been hit by ransomware and
they were trying frantically to recover.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 5/19/2026 7:08 PM, Hank Rogers wrote:

micky wrote on 5/19/2026 3:33 PM:

Question for a friend,   Recent Lenovo laptop running win11, but I don't >> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted.  A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser.  I tell him to hold the power button down in
order to turn off the computer.   Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers.  He has a flip phone, no smart phone, but
his email address is supposed to do it.  After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2)
Security key.   He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey.  Tap your security key on the
reader, or insert it into a USB port.  He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so
I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS
account, to find and tell him his 48 character passkey/password?

Laptop still under warranty:  Is this something Lenovo should solve for
him?    Or is this windows only?

Hmm. is his name Jethro 007?

I bet he has backups... that are also encrypted.

I would say Micky is getting a puzzle to solve, in the mail.
In a Lenovo box. I would not forget to ask for the charger,
as the machine might be on for a while.

Micky can phone MSFT Tech Support:

"Ah, yes, you have my data locked in your cloud.
The computer is brown and 17" diagonal and answers
to the name of Larry. Can you provide me with the
48 character code so I can get me files ???

Give me a few codes, and I'll try them one at a time."

*****************************************************

If Micky is still up for it, Bitlocker can be cracked
if it is a BitLocker-TPM one, and does not also use a
PIN to gain access. Only works on Win11 apparently.

https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

Paul


--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 05/19/2026 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser. I tell him to hold the power button down in
order to turn off the computer. Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers. He has a flip phone, no smart phone, but
his email address is supposed to do it. After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2) Security key. He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey. Tap your security key on the
reader, or insert it into a USB port. He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so
I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS account, to find and tell him his 48 character passkey/password?

Laptop still under warranty: Is this something Lenovo should solve for
him? Or is this windows only?

No, Lenovo should not solve the issue you described.
They don't have his 'six'. Nor do you or anyone else atm.

The best approach at this time.
- Suggest he take the machine to reputable data recovery service and
ask if recovery of data is possible in the device current condition and
a quote(how much $$$).
If so, take it to another similar business and ask the same question and
if possible another quote.

The final route with or without data recovery. Wipe the device to bare
metal, reinstall Windows 11, reinstall software, setup the device as desired...move on, proceed forward(pass GO) and stop looking backward.



...w¡ñ§±¤ñ
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 5/19/2026 11:01 PM, rbowman wrote:

On Tue, 19 May 2026 16:33:39 -0400, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't
think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

Offhand, I'd say he was pwned. I went into the office infrequently and on one trip found my Win11 machine with BitLocker asking for a key. I never used BitLocker.

The IT guy confirmed the entire company had been hit by ransomware and
they were trying frantically to recover.

Some people will be very busy, others, not so busy :-)

And this is when you discover the backup/restore system
doesn't have enough bandwidth. The restores are usually
good for "onesey/twosey restores", but when every disk
in the company needs to be paved, it was never designed
for that style of disaster recovery.

Paul
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 5/20/2026 1:45 AM, ....winston wrote:

On 05/19/2026 4:33 PM, micky wrote:

Question for a friend,   Recent Lenovo laptop running win11, but I don't >> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted.  A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser.  I tell him to hold the power button down in
order to turn off the computer.   Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers.  He has a flip phone, no smart phone, but
his email address is supposed to do it.  After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2)
Security key.   He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey.  Tap your security key on the
reader, or insert it into a USB port.  He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so
I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS
account, to find and tell him his 48 character passkey/password?

Laptop still under warranty:  Is this something Lenovo should solve for
him?    Or is this windows only?

No, Lenovo should not solve the issue you described.
They don't have his 'six'.  Nor do you or anyone else atm.

The best approach at this time.
 - Suggest he take the machine to reputable data recovery service and ask if recovery of data is possible in the device current condition and a quote(how much $$$).
If so, take it to another similar business and ask the same question and if possible another quote.

The final route with or without data recovery. Wipe the device to bare metal,
reinstall Windows 11, reinstall software, setup the device as desired...move on,
proceed forward(pass GO) and stop looking backward.

...w¡ñ§±¤ñ

Micky could not have better timing really.

https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

Paul
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

micky wrote:

Recent Lenovo laptop running win11
A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted.

Is there anything of value/importance which is only on the laptop?

If not, then save lots of hassle and just wipe it ...


--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 5/20/2026 2:51 AM, Andy Burns wrote:

micky wrote:

Recent Lenovo laptop running win11
A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. 

Is there anything of value/importance which is only on the laptop?

If not, then save lots of hassle and just wipe it ...

A person like this, will not have backups.

And besides, the problem will be easy to fix, because of this development.

https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

The supposition, is that the operative mechanism for this one, is a back door Microsoft
left in Bitlocker, for law enforcement. Bring the laptop to Microsoft, Microsoft inserts
USB stick, disk is open for the policeman to carry away.

It's a bit tricky, as it requires copying something into a
System Volume Information folder on the USB stick, which you
may find it is easier to do from Linux, than from Windows.
It's best to do this, with the device in front of you, than
to be sending (more than one) USB stick to the recipient.
The trick has something to do with WinRE.wim (suggesting
it may be an automation that is checking for an F: drive
with a recovery key on it. Where there is no recovery key,
and "something else happens" instead.

The reason I like this one, is look at all the middlemen it has eliminated :-) Who needs the Cloud, when you have a Hammer.

Paul
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Paul wrote:

Andy Burns wrote:

Is there anything of value/importance which is only on the laptop?
If not, then save lots of hassle and just wipe it ...

A person like this, will not have backups.

But they may not have anything worth backing up ...

And besides, the problem will be easy to fix, because of this development.

https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

The supposition, is that the operative mechanism for this one, is a back door Microsoft
left in Bitlocker

I've heard some people cautioning against thinking of it as a backdoor,
but then "they" would say that, wouldn't they?
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026-05-19 23:56, Paul wrote:

On Tue, 5/19/2026 5:00 PM, micky wrote:

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K."
<alan@invalid.com> wrote:

...

He would eagerly do that if he knew them. I should have said that he
doesn't remember his password. He doesn't even remember if he set up the
MS account or the store he bought the laptop at did.

Backgrounder -- not an answer

No AI was used for this description
*****************************

rowdy@roddy.piper Email Password 1234ABCD <=== This password allows you to read his email
MS Account WHAT8MYPC <=== MS Account uses *different* password
These should be written on your PostIt note.
You're not supposed to use the same password for
both, but boys will be boys.

If you log into the MS Account, there is supposed to be a thing there
that contains the BitLocker key. And, the Bitlocker key could only "go there",
if he had defined an MS Account using rowdy@roddy.piper as the email address.
His home directory would have been C:\users\rowdy (the first five letters of the
email address). If your email address is not your name, then the home directory
ends up being weird (the five letters might not look sensible).

The Lenovo is booby-trapped, so that it is going to ask for an email
address during OOBE, and as soon as it gets that email address, right
away it will encrypt C: . Your friend would plug in the first piece of "materials" he had to hand, into that email address field.

You cannot look at his disk right now, unless presenting a BitLocker key.
The Bitlocker key (48 characters) is obviously not the same as the
MS Account password (9 characters in my made-up example). .

When you set up a machine like this, the machine pesters you to create
a secondary login method. One of the options is a PIN

PIN 12345 <==== gets me past my lock screen, good choice for my luggage
Biometric
Fingerprint scanner
Windows Hello webcam (visible+IR dualmode camera)
FIDO Passkey (maybe $50, can have a button to press)

But if you're booted off WinRE.wim , how much of this stuff works ?
The environment, at that point in time, cannot extract anything
from C: until the Bitlocker key is revealed. The Bitlocker key
can be stored in the TPM. Lenovo or Dell or HP have the option
of having yet another partition, with recovery materials we don't
know about.

"Systems prompt for BitLocker recovery key after power failure"

https://learn.microsoft.com/en-us/answers/questions/5527037/systems-prompt-for-bitlocker-recovery-key-after-po

"After power failure several systems prompt for the BitLocker recovery key.
There is an option to skip this drive, and the system will boot without the key."

But, what is it booting into then ? Is it just WinRE.wim ? That's cold comfort.
WinRE.wim is your X:/ drive, while C: (encrypted) contains the goods.

Normally (machine working), you have stuff like this.

Examples:
manage-bde -status
manage-bde -on C: -RecoveryPassword -RecoveryKey F:\ <== F: is that recovery USB key you made
manage-bde -unlock E: -RecoveryKey F:\84E151C1...7A62067A512.bek <== Some file in F: being used

PS C:\WINDOWS\system32>

Of course, Lenovo doesn't put a USB key in the box, with instructions
to "plug it in so we can save your life", as why should they give
a fuck about having an F: to use? I've heard of people in the past,
sending the machine back to Lenovo for a refund, when they're locked out.

*******

The first thing about using computers, is to "not panic".

If my friend contacts me, and he says the word "Lenovo",
I'm hearing the word "bomb squad" and my response is "I'll
phone you back, if there is anything we can try, leave it powered
for now".

You would normally try to bring up Task Manager, but Task Manager is
not like in WinXP era, where it tended to work when you needed it.
Since Task Manager is an ordinary application, it could easily be
blocked. Even Microsoft blocks it, on the occasions it wants to
piss you off.

And this is a textbook case... of how NOT to design a computer :-/
If you're going to brutalize your customers like this,
give them a paper manual (not that empty box that comes
with the computer), with instructions on what they're supposed to be doing.

I caught the attempt to encrypt my C: drive on the Big Machine,
by the time it was about half-encrypted. Since it is CBC method
(a block crypto, independent blocks of data so only one block
could get corrupted, and you have the NTFS playback journal), it
really should not be "all that damaged". It's the response the
OS made, which is too extreme for the situation. I promptly brought
up an Admin terminal, and reversed the encryption before it could
even finish. You can do that, as it does it block by block, and
it can unwind it in the reverse direction. On these OSes, there
is no Elephant Diffuser (win7 maybe, higher security level),
which likely makes the blocks more independent of one another.

Bitlocker is available on Pro. Oh Home, they can still encrypt
the C: drive, using Seagate/WDC "Full Disk Encryption" or FDE,
as the engine for crypto. And that is implemented inside
the storage device.

Summary: So much of this depends on you being a Boy Scout,
and preparing in advance.

Paul

Do you want us to have nightmares about this? AHHHH! :-(

(thanks for the summary)
--
Cheers, Carlos.
ES🇪🇸, EU🇪🇺;
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 5/20/2026 2:51 PM, Andy Burns wrote:

If not, then save lots of hassle and just wipe it ...

That's exactly why data and OS should be in separate partitions!
--

@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 5/20/2026 6:23 AM, Carlos E.R. wrote:

Well, then format and install again everything. This time, write down
the MS password.

AND... the 32-character BitLocker Recovery Code! :)
--

@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026/5/20 13:26:59, Mr. Man-wai Chang wrote:

On 5/20/2026 2:51 PM, Andy Burns wrote:

If not, then save lots of hassle and just wipe it ...

That's exactly why data and OS should be in separate partitions!

Is BitLocker partition-specific, or drive-specific?
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

"Grammar is there to help, not hinder." -- Mark Wallace, APIHNA,
2nd December 2000 (quoted by John Flynn 2000-12-6)
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

J. P. Gilliver <G6JPG@255soft.uk> wrote:

On 2026/5/20 13:26:59, Mr. Man-wai Chang wrote:

On 5/20/2026 2:51 PM, Andy Burns wrote:

If not, then save lots of hassle and just wipe it ...

That's exactly why data and OS should be in separate partitions!

Is BitLocker partition-specific, or drive-specific?

Partition-specific, or better drive-*letter* specific.

For example on my (Windows 11 Home) system, 'manage-bde -status'
reports the encryption status of 'Volume C:' and 'Volume M:', which is a
USB memory-stick, which only has one ('Primary') partition.

N.B. My system is Home, so it doesn't have actual 'BitLocker', but
only 'Device encryption', which is sort of a BitLocker Light, but that
doesn't change the answer to your question.

And just for the record, I don't use encryption, so 'manage-bde
-status' says "Encryption Method: None", etc..
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 05/20/2026 2:06 AM, Paul wrote:

On Wed, 5/20/2026 1:45 AM, ....winston wrote:

On 05/19/2026 4:33 PM, micky wrote:

Question for a friend,   Recent Lenovo laptop running win11, but I don't >>> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted.  A well-known scam, right?

He calls me. He can't seem to do anything in the rest of the computer,
can't close the browser.  I tell him to hold the power button down in
order to turn off the computer.   Was this a mistake by me?

He does and when he restarts, he gets a lenovo logo and on the next
screen is a Bitlocker page, telling him to enter his 48 character key.

He can't log in to his MS account and I can't because it asks questions
for which I have no answers.  He has a flip phone, no smart phone, but
his email address is supposed to do it.  After the email address is
entered ***, it gives a choice, 1) Iphone, Ipad, or Android device 2)
Security key.   He has none of option 1, and clicking on 2 - Security
key, it says, Sign in with a pPasskey.  Tap your security key on the
reader, or insert it into a USB port.  He has no passkey, and nothing
that can be tapped on anything.

***I think at this point, more or less, it wanted to send him a code, so >>> I had it send the code, he's let me read his email and I entered the
code

Am I, using a different computer, supposed to be able to log into his MS >>> account, to find and tell him his 48 character passkey/password?

Laptop still under warranty:  Is this something Lenovo should solve for >>> him?    Or is this windows only?

No, Lenovo should not solve the issue you described.
They don't have his 'six'.  Nor do you or anyone else atm.

The best approach at this time.
 - Suggest he take the machine to reputable data recovery service and ask if recovery of data is possible in the device current condition and a quote(how much $$$).
If so, take it to another similar business and ask the same question and if possible another quote.

The final route with or without data recovery. Wipe the device to bare metal,
reinstall Windows 11, reinstall software, setup the device as desired...move on,
proceed forward(pass GO) and stop looking backward.

...w¡ñ§±¤ñ

Micky could not have better timing really.

https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

Paul

Well, reading the Bitlocker encrypted volume in Diskpart, isn't booting
the device.
--
...w¡ñ§±¤ñ
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 20 May 2026 20:28:29 +0800, Mr. Man-wai Chang wrote:

On 5/20/2026 6:23 AM, Carlos E.R. wrote:

Well, then format and install again everything. This time, write down
the MS password.

AND... the 32-character BitLocker Recovery Code! :)

Better yet, skip BitLocker.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 20 May 2026 02:01:56 -0400, Paul wrote:

And this is when you discover the backup/restore system doesn't have
enough bandwidth. The restores are usually good for "onesey/twosey
restores", but when every disk in the company needs to be paved, it was
never designed for that style of disaster recovery.

It was painful. The division I worked for closed down and we'd given the clients a year of support to find another vendor. I agreed to stick around
to fix any problems that came up but only fixed one obscure bug. Since it
was only 3 months left we never bothered to restore the build machines or
my Win 11 box.

According to the IT guy he'd gotten a notification to apply a critical
patch and did so. Later that day he got another notification but thought
it applied to the one he'd already installed. I think it was the next day
when the system was pwned.

It probably was like the Linux kernel. I've been getting a lot of kernel updates even on the distros that aren't on 7 as they try to stay ahead of
the vulnerabilities. Miss one and you're ripe for the picking.

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026/5/20 15:14:37, Frank Slootweg wrote:

J. P. Gilliver <G6JPG@255soft.uk> wrote:

On 2026/5/20 13:26:59, Mr. Man-wai Chang wrote:

On 5/20/2026 2:51 PM, Andy Burns wrote:

If not, then save lots of hassle and just wipe it ...

That's exactly why data and OS should be in separate partitions!

(I have OS and software on C:, data on D:.)

Is BitLocker partition-specific, or drive-specific?

Partition-specific, or better drive-*letter* specific.

Thanks.

For example on my (Windows 11 Home) system, 'manage-bde -status'
reports the encryption status of 'Volume C:' and 'Volume M:', which is a
USB memory-stick, which only has one ('Primary') partition.

N.B. My system is Home, so it doesn't have actual 'BitLocker', but
only 'Device encryption', which is sort of a BitLocker Light, but that doesn't change the answer to your question.

And just for the record, I don't use encryption, so 'manage-bde
-status' says "Encryption Method: None", etc..

Shows None for both mine. (W10-home.) Thanks.
--
J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf

Odds are, the phrase "It's none of my business" will be followed by "but".
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026-05-20 18:25, rbowman wrote:

On Wed, 20 May 2026 02:01:56 -0400, Paul wrote:

And this is when you discover the backup/restore system doesn't have
enough bandwidth. The restores are usually good for "onesey/twosey
restores", but when every disk in the company needs to be paved, it was
never designed for that style of disaster recovery.

It was painful. The division I worked for closed down and we'd given the clients a year of support to find another vendor. I agreed to stick around
to fix any problems that came up but only fixed one obscure bug. Since it
was only 3 months left we never bothered to restore the build machines or
my Win 11 box.

According to the IT guy he'd gotten a notification to apply a critical
patch and did so. Later that day he got another notification but thought
it applied to the one he'd already installed. I think it was the next day when the system was pwned.

It probably was like the Linux kernel. I've been getting a lot of kernel updates even on the distros that aren't on 7 as they try to stay ahead of
the vulnerabilities. Miss one and you're ripe for the picking.

How do they attack machines inside an intranet?
--
Cheers, Carlos.
ES🇪🇸, EU🇪🇺;
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026-05-20 18:14, rbowman wrote:

On Wed, 20 May 2026 20:28:29 +0800, Mr. Man-wai Chang wrote:

On 5/20/2026 6:23 AM, Carlos E.R. wrote:

Well, then format and install again everything. This time, write down
the MS password.

Forgot to say: write it down in a notebook.

AND... the 32-character BitLocker Recovery Code! :)

Better yet, skip BitLocker.

Encryption is not a bad idea for a laptop. My Linux laptop is encrypted,
but it is open source software and things are traceable. I can remove
the disk and plug it on another machine, and it will work with the same password.

If double boot, remove bitlocker.
--
Cheers, Carlos.
ES🇪🇸, EU🇪🇺;
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

In alt.comp.os.windows-10, on Wed, 20 May 2026 07:51:05 +0100, Andy
Burns <usenet@andyburns.uk> wrote:

micky wrote:

Recent Lenovo laptop running win11
A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted.

Is there anything of value/importance which is only on the laptop?

If not, then save lots of hassle and just wipe it ...

There is some email, though maybe it's still on the server OR maybe none
of it is important.

But even wiping it will take someone's time to reinstall windows, and he
lives 3 hours away. But see my reply to Paul, once I write it.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

In alt.comp.os.windows-10, on Wed, 20 May 2026 03:50:06 -0400, Paul <nospam@needed.invalid> wrote:

On Wed, 5/20/2026 2:51 AM, Andy Burns wrote:

micky wrote:

Recent Lenovo laptop running win11
A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. 

Is there anything of value/importance which is only on the laptop?

If not, then save lots of hassle and just wipe it ...

A person like this, will not have backups.

He's 84 y.o., uses his computer for email, listening to music, reading
and probably writing about topics of his interest.

Bought the thing in January iirc but rarely used it because it was 11
and and he had his 10 box set up to look like 7. I was there 7 weeks
ago and was going to punch up this one, but had to leave after 40 hours.
But two or 3 nights ago, his son's friend talked to him on the phone,
and when that didn't work, they took he laptop to his house, and when
that didn't work, he came over to my friend's last night, and I just
learned that he fixed it. All is working.

I asked how he did it, but my friend hadn't asked because he didn't want
to pester the guy who'd put in at least 2 hours already, and because he
figured he wouldn't understand it anyhow. When I asked, he said he'd
ask if he could.

It won't hurt this guy to do a 2-hour favor for his friend, my friend's
son. But if everyone he knows (and I know he knows a lot of people) and
all the people who know those people find out how good he is at this,
he'll be pestered all the time. I don't know if he does this stuff for
a living or not.

And besides, the problem will be easy to fix, because of this development.

https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

I've only read a little part of this, but it sounds very interesting. Is
this so well known that my friend's son's friend would know about it? I
didn't think that was how he did it, but I really have no idea.

I have win11 Pro, with 180 files with the word bitlocker in their names,
so I suppose I have bitlocker, but I think I forced it to turn off using
the Power key and bitlocker did not raise its ugly head. I also know
my MS logon, even though I never log in, since it's the same one I used
for Skype and one year I used Skype a lot. Hint: my password is
mskype.

The supposition, is that the operative mechanism for this one, is a back door Microsoft
left in Bitlocker, for law enforcement. Bring the laptop to Microsoft, Microsoft inserts
USB stick, disk is open for the policeman to carry away.

It's a bit tricky, as it requires copying something into a
System Volume Information folder on the USB stick, which you
may find it is easier to do from Linux, than from Windows.
It's best to do this, with the device in front of you, than
to be sending (more than one) USB stick to the recipient.
The trick has something to do with WinRE.wim (suggesting
it may be an automation that is checking for an F: drive
with a recovery key on it. Where there is no recovery key,
and "something else happens" instead.

The reason I like this one, is look at all the middlemen it has eliminated :-) >Who needs the Cloud, when you have a Hammer.

Paul

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

In alt.comp.os.windows-10, on 20 May 2026 03:01:03 GMT, rbowman <bowman@montana.com> wrote:

On Tue, 19 May 2026 16:33:39 -0400, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't
think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a
phone number or his data will be deleted. A well-known scam, right?

Offhand, I'd say he was pwned. I went into the office infrequently and on >one trip found my Win11 machine with BitLocker asking for a key. I never >used BitLocker.

In this case, bitlocker came later, when resatarting after I told him to
turn it off by holding down the power key. (Not easy to find,
especially over the telephone. Lenovo puts it on the side. )

What he saw was a full screen thing telling him to call some phone
number, not do anything else or he'd lose his data, but as I explained
to Paul, his son's friend got it working last night.

The IT guy confirmed the entire company had been hit by ransomware and
they were trying frantically to recover.

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

In alt.comp.os.windows-10, on Wed, 20 May 2026 00:23:19 +0200, "Carlos
E.R." <robin_listas@es.invalid> wrote:

On 2026-05-19 23:00, micky wrote:

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K."
<alan@invalid.com> wrote:

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't >>>> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a >>>> phone number or his data will be deleted. A well-known scam, right?

Maybe not.

I'm relying on their descriptions -- never saw any of these -- but in
the past 3 years I think 2 other people have told me a similar story.

Still, what else could he do but turn it off, when none of his programs
would run.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026-05-20 21:59, micky wrote:

In alt.comp.os.windows-10, on Wed, 20 May 2026 00:23:19 +0200, "Carlos
E.R." <robin_listas@es.invalid> wrote:

On 2026-05-19 23:00, micky wrote:

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K." >>> <alan@invalid.com> wrote:

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't >>>>> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a >>>>> phone number or his data will be deleted. A well-known scam, right?

Maybe not.

I'm relying on their descriptions -- never saw any of these -- but in
the past 3 years I think 2 other people have told me a similar story.

Still, what else could he do but turn it off, when none of his programs
would run.

I know.
--
Cheers, Carlos.
ES🇪🇸, EU🇪🇺;
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 20 May 2026 20:27:03 +0200, Carlos E.R. wrote:

On 2026-05-20 18:25, rbowman wrote:

On Wed, 20 May 2026 02:01:56 -0400, Paul wrote:

And this is when you discover the backup/restore system doesn't have
enough bandwidth. The restores are usually good for "onesey/twosey
restores", but when every disk in the company needs to be paved, it
was never designed for that style of disaster recovery.

It was painful. The division I worked for closed down and we'd given
the clients a year of support to find another vendor. I agreed to stick
around to fix any problems that came up but only fixed one obscure bug.
Since it was only 3 months left we never bothered to restore the build
machines or my Win 11 box.

According to the IT guy he'd gotten a notification to apply a critical
patch and did so. Later that day he got another notification but
thought it applied to the one he'd already installed. I think it was
the next day when the system was pwned.

It probably was like the Linux kernel. I've been getting a lot of
kernel updates even on the distros that aren't on 7 as they try to stay
ahead of the vulnerabilities. Miss one and you're ripe for the picking.

How do they attack machines inside an intranet?

Very easily. The exploit was against the public facing internet. Once
you're on the LAN you own the whole mess. The irony is we had mandatory training videos cautioning against phishing attacks. Phishing emails were
sent at random times and if you clicked on a link rather than reporting it
as potential phishing you could expect another 1/2 video refresher.
Meanwhile the barn door was left open.

Years ago we did have an attack where someone clicked on an attachment and
the virus spread on the intranet but this targets the main servers.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 20 May 2026 15:56:01 -0400, micky wrote:

https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs- usb-stick-researcher-backdoor/

I've only read a little part of this, but it sounds very interesting. Is
this so well known that my friend's son's friend would know about it? I didn't think that was how he did it, but I really have no idea.

https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html

Microsoft was right on that one. thehackernews.com is a legitimate white
hat site that reports exploits and what needs to be patched.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 5/20/2026 12:14 PM, rbowman wrote:

On Wed, 20 May 2026 20:28:29 +0800, Mr. Man-wai Chang wrote:

On 5/20/2026 6:23 AM, Carlos E.R. wrote:

Well, then format and install again everything. This time, write down
the MS password.

AND... the 32-character BitLocker Recovery Code! :)

Better yet, skip BitLocker.

The user does not know this is happening.

This is not like the user is making a stupid choice.
There is no tick box for this.

That's what manage-bde.exe is for, for checking
whether you've been assaulted. It's one thing
to have an MSA, and the recovery key is shoved in
the MSA on the server. It's quite another for
the device to be encrypted, and no recovery key
or prompt to make a recovery key (F: ), is offered
either (which would be what happened in my case).

If you installed Win11 Pro, you would have a choice
of using software Bitlocker and then the key ceremony
would be out on display. The "sneak attack" method
does not do that. It's a stealth attack. And I stopped
it... because I'd already been alerted about this
via various articles I'd read.

Paul

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 5/20/2026 3:59 PM, micky wrote:

In alt.comp.os.windows-10, on Wed, 20 May 2026 00:23:19 +0200, "Carlos
E.R." <robin_listas@es.invalid> wrote:

On 2026-05-19 23:00, micky wrote:

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K." >>> <alan@invalid.com> wrote:

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't >>>>> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a >>>>> phone number or his data will be deleted. A well-known scam, right?

Maybe not.

I'm relying on their descriptions -- never saw any of these -- but in
the past 3 years I think 2 other people have told me a similar story.

Still, what else could he do but turn it off, when none of his programs
would run.

alt-F4 exits an application which has focus (or has grabbed focus).

alt-F4 brings up the shutdown menu, when the desktop background has focus.

Potentially, two presses of alt-F4 might have worked.

This is how we would QUIT a Windows 8.0 Metro App, is the power of alt-F4.
The Windows 8.0 Metro App, did not have an "X" in the upper right corner.

*******

ctrl-alt-delete can bring up Task Manager, but that seems to be
trivially block-able, so it's no longer our friend. It worked
pretty well... in WinXP days.

*******

You can run Windbg over a serial link. I have the cabling set up for
that, but haven't used it for that purpose. The Test Machine has a
real RS232 serial port on it, even though there is no connector on
the back of the machine. I had to make up my own cable to plug into
the nine-pin header on the motherboard.

You can run Putty over the serial cable. I've run OSes on the
other side of the room that way. If the graphics on the machine
across the room drop out or freeze up, the serial port continues to run.

A real serial port continues to run, when +5VSB is shut off by the
motherboard. We're not sure why the motherboard (and the OS) are doing
this, but some day, I am going to figure this out. I've had two of
those events in the last seven days.

*******

On computing devices that use SATA based storage, the best response
is to push the RESET button. But laptops don't have a RESET button
and some desktops are missing that as well. My home built PCs
all have a RESET button. The SATA drive does not have a RESET input.

3.3 3.3 3.3 gnd gnd gnd 5.0 5.0 5.0 gnd gnd gnd 12.0 12.0 12.0 <=== SATA power cable

gnd TX+ TX- gnd RX+ RX- gnd <=== SATA data, has no RESET input

Using the RESET button, still counts as a dirty shutdown, but
what it does not do, is change the state of the SATA drive.

Other storage devices, might have access to RESET and I don't
know the details off hand (NVMe, eMMC, PCIe Storage card).

Paul

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 5/20/2026 3:56 PM, micky wrote:

In alt.comp.os.windows-10, on Wed, 20 May 2026 03:50:06 -0400, Paul <nospam@needed.invalid> wrote:

And besides, the problem will be easy to fix, because of this development. >>
https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

I've only read a little part of this, but it sounds very interesting. Is
this so well known that my friend's son's friend would know about it? I didn't think that was how he did it, but I really have no idea.

I have win11 Pro, with 180 files with the word bitlocker in their names,
so I suppose I have bitlocker, but I think I forced it to turn off using
the Power key and bitlocker did not raise its ugly head. I also know
my MS logon, even though I never log in, since it's the same one I used
for Skype and one year I used Skype a lot. Hint: my password is
mskype.

As Administrator

manage-bde -status

That will check whether you have encrypted partitions.

By me mentioning the xda-developer article, it was
the excellent timing I was referring to. Microsoft had
not responded yet, and the exploit could have been carried
out by anyone checking the news that day.

Eventually, the opportunity to use it will be blocked.

You can check with your friend now, and run the (as Administrator)
status check, to determine if the situation is still there to
cause trouble.

manage-bde -status

Your friend needs a status check on his hobby-computer, and
you need to get in the habit of checking for that on your
own gear. As when a computer in your room breaks, you do not
need extra challenges preventing your repairs from working.

Paul
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

In alt.comp.os.windows-10, on Wed, 20 May 2026 19:58:08 -0400, Paul <nospam@needed.invalid> wrote:

On Wed, 5/20/2026 3:56 PM, micky wrote:

In alt.comp.os.windows-10, on Wed, 20 May 2026 03:50:06 -0400, Paul
<nospam@needed.invalid> wrote:

And besides, the problem will be easy to fix, because of this development. >>>
https://www.xda-developers.com/new-windows-11-bitlocker-bypass-needs-usb-stick-researcher-backdoor/

I've only read a little part of this, but it sounds very interesting. Is
this so well known that my friend's son's friend would know about it? I
didn't think that was how he did it, but I really have no idea.

I have win11 Pro, with 180 files with the word bitlocker in their names,
so I suppose I have bitlocker, but I think I forced it to turn off using
the Power key and bitlocker did not raise its ugly head. I also know
my MS logon, even though I never log in, since it's the same one I used
for Skype and one year I used Skype a lot. Hint: my password is
mskype.

As Administrator

manage-bde -status

It says that both my volumes are fully decrypted. Why do I feel
violated?

That will check whether you have encrypted partitions.

By me mentioning the xda-developer article, it was
the excellent timing I was referring to. Microsoft had
not responded yet, and the exploit could have been carried
out by anyone checking the news that day.

Eventually, the opportunity to use it will be blocked.

You can check with your friend now, and run the (as Administrator)
status check, to determine if the situation is still there to
cause trouble.

manage-bde -status

Your friend needs a status check on his hobby-computer, and
you need to get in the habit of checking for that on your
own gear.

Is something going to sneak up and encrypt it? Without my intentionally
doing it? Like when the + sign disappears from the tool bar in my
webbrowser (twice now).

As when a computer in your room breaks, you do not
need extra challenges preventing your repairs from working.

That's true.

Paul

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2026-05-20 22:24, rbowman wrote:

On Wed, 20 May 2026 20:27:03 +0200, Carlos E.R. wrote:

On 2026-05-20 18:25, rbowman wrote:

On Wed, 20 May 2026 02:01:56 -0400, Paul wrote:

And this is when you discover the backup/restore system doesn't have
enough bandwidth. The restores are usually good for "onesey/twosey
restores", but when every disk in the company needs to be paved, it
was never designed for that style of disaster recovery.

It was painful. The division I worked for closed down and we'd given
the clients a year of support to find another vendor. I agreed to stick
around to fix any problems that came up but only fixed one obscure bug.
Since it was only 3 months left we never bothered to restore the build
machines or my Win 11 box.

According to the IT guy he'd gotten a notification to apply a critical
patch and did so. Later that day he got another notification but
thought it applied to the one he'd already installed. I think it was
the next day when the system was pwned.

It probably was like the Linux kernel. I've been getting a lot of
kernel updates even on the distros that aren't on 7 as they try to stay
ahead of the vulnerabilities. Miss one and you're ripe for the picking.

How do they attack machines inside an intranet?

Very easily. The exploit was against the public facing internet. Once
you're on the LAN you own the whole mess.

Ok, but how do they get inside the LAN? On a home network, so no public
facing servers.

Maybe gaming computers?

The irony is we had mandatory
training videos cautioning against phishing attacks. Phishing emails were sent at random times and if you clicked on a link rather than reporting it
as potential phishing you could expect another 1/2 video refresher.
Meanwhile the barn door was left open.

Phising emails, yes.

Years ago we did have an attack where someone clicked on an attachment and the virus spread on the intranet but this targets the main servers.

Yes, I remember those.
--
Cheers, Carlos.
ES🇪🇸, EU🇪🇺;
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 5/21/2026 6:20 AM, Paul wrote:

If you installed Win11 Pro, you would have a choice
of using software Bitlocker and then the key ceremony
would be out on display. The "sneak attack" method
does not do that. It's a stealth attack. And I stopped
it... because I'd already been alerted about this
via various articles I'd read.

The scary problem was caused by Windows 11 only and under certain
conditions, possibly during installation. If you didn't let the
installation process touch your existing BitLocker drives, it should be
okay. I haven't tested this though becasue I am still with WIn 10.
--

@~@ Simplicity is Beauty! Remain silent! Drink, Blink, Stretch!
/ v \ May the Force and farces be with you! Live long and prosper!!
/( _ )\ https://sites.google.com/site/changmw/
^ ^ https://github.com/changmw/changmw
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Thu, 21 May 2026 08:59:20 +0200, Carlos E.R. wrote:

On 2026-05-20 22:24, rbowman wrote:

On Wed, 20 May 2026 20:27:03 +0200, Carlos E.R. wrote:

On 2026-05-20 18:25, rbowman wrote:

On Wed, 20 May 2026 02:01:56 -0400, Paul wrote:

And this is when you discover the backup/restore system doesn't have >>>>> enough bandwidth. The restores are usually good for "onesey/twosey
restores", but when every disk in the company needs to be paved, it
was never designed for that style of disaster recovery.

It was painful. The division I worked for closed down and we'd given
the clients a year of support to find another vendor. I agreed to
stick around to fix any problems that came up but only fixed one
obscure bug.
Since it was only 3 months left we never bothered to restore the
build machines or my Win 11 box.

According to the IT guy he'd gotten a notification to apply a
critical patch and did so. Later that day he got another notification
but thought it applied to the one he'd already installed. I think it
was the next day when the system was pwned.

It probably was like the Linux kernel. I've been getting a lot of
kernel updates even on the distros that aren't on 7 as they try to
stay ahead of the vulnerabilities. Miss one and you're ripe for the
picking.

How do they attack machines inside an intranet?

Very easily. The exploit was against the public facing internet. Once
you're on the LAN you own the whole mess.

Ok, but how do they get inside the LAN? On a home network, so no public facing servers.

Read more closely. This was a corporate attack. I don't know the details
but whatever security patch the sysadmin failed to apply thinking he had already done so was the entrance point.

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 5/20/2026 9:18 PM, micky wrote:

In alt.comp.os.windows-10, on Wed, 20 May 2026 19:58:08 -0400, Paul

manage-bde -status

Your friend needs a status check on his hobby-computer, and
you need to get in the habit of checking for that on your
own gear.

Is something going to sneak up and encrypt it? Without my intentionally doing it? Like when the + sign disappears from the tool bar in my
webbrowser (twice now).

I would be mostly concerned, right after an OS installation,
or maybe an upgrade cycle.

I don't think it generally tries anything during
day to day activities.

The behavior does not match the description. We were told Win11 Pro could
use software Bitlocker (CBC XTS or so) as an option. And that Win11 Home
would use FDE as a "Bitlocker Light" if there was a TPM and an MSA. When
it looks like Win11 Home receives CBC XTS for occupied sectors (a form
of software bitlocker), as the crypto choice. Instead of using FDE
(full disk encryption).

The details aren't important, but I don't like having to do experiments
to see how it works like that.

Paul

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

micky <NONONOmisc07@fmguy.com> wrote:

In alt.comp.os.windows-10, on Wed, 20 May 2026 00:23:19 +0200, "Carlos
E.R." <robin_listas@es.invalid> wrote:

On 2026-05-19 23:00, micky wrote:

In alt.comp.os.windows-10, on Tue, 19 May 2026 16:54:40 -0400, "Alan K." >> <alan@invalid.com> wrote:

On 5/19/26 4:33 PM, micky wrote:

Question for a friend, Recent Lenovo laptop running win11, but I don't >>>> think the problem is limited to 11.

A full screen comes on his web browser, I think, telling him to call a >>>> phone number or his data will be deleted. A well-known scam, right?

Maybe not.

I'm relying on their descriptions -- never saw any of these -- but in
the past 3 years I think 2 other people have told me a similar story.

[N.B. I've read that your friend's problem has been fixed, so this is
just for information.]

These things are mostly scareware and not really dangerous *until* you
do what they tell you to do, i.e. click on something, call a phone
number, etc..

Still, what else could he do but turn it off, when none of his programs
would run.

In cases I've seen (only two sofar), only the *browser* is blocked and
covers the whole screen. In the latest case, ('non'-killable) popups
covered the '-', '[ ]' and 'X' on the title bar, so one could not easily terminate the browser.

As to your question, Paul has already pointed to alt-F4 to terminate
the program or Sign out, Shut down, etc..

Paul mentions that Ctrl-Alt-Del might not work to get access to Task
Manager (and terminate the browser that way), but my experience has been
more positive. These scareware guys are mostly lazy or even 'stupid' and
just want to catch the easy victims, so they don't bother trying to
*really* block everything.

HTH.
--- Synchronet 3.21d-Linux NewsLink 1.2