Windows 10 BSOD 0xc0000022

[Big Jim]

@Big Jim Did you look at that link?

"Working Together Beautifully "

That's a VERY Chinese or Korean thing... that's not western in the least. So I suspect you're right, and she got scammed or paid an untrusted source to do some work. Either way... I'm leaning much harder on the nuke and pave button. Going to have to contact the client first of course.

Yes I found the company website via the software.
I'm 50/50 wether they are legit or not, they are based in Derbyshire and there is a link to a company onedrive folder on this laptop that is based in Derby, I am not sure what our customers link to that company is but at some point that IT company mentioned above could have been legit support for this device, equally it could be a scam site as all the wording on that site is very generic non specific

 

[nlinecomputers]

That script looks like it has the instruction to cause that BSOD code if it doesn't get the privileges it wants.
I have no idea what the script wants to do, but it certainly doesn't look legitimate so removing that task should solve that problem. The question remains as to how much other crap is on there and what has been/may have been compromised

Im not sure it does anything other than cause a BSOD. Which I can see a scammer doing just to break it in order to fix it.

 

[Sky-Knight]

Im not sure it does anything other than cause a BSOD. Which I can see a scammer doing just to break it in order to fix it.

Doesn't matter, someone had root access to the device other than the owner. The install can no longer be trusted, N&P is the only path forward.

 

[nlinecomputers]

Doesn't matter, someone had root access to the device other than the owner. The install can no longer be trusted, N&P is the only path forward.

That’s my policy as well.

 

[britechguy]

Doesn't matter, someone had root access to the device other than the owner. The install can no longer be trusted, N&P is the only path forward.

Not without the owner's consent it isn't. I subscribe to what you propose, for the most part, but have had occasions where the owner insisted on "cleanup only." In those cases, they sign something stating that the recommendation was for a completely clean reinstall, but that recommendation was declined and they understand the possible risks.

I can say, for myself, two times in many decades I've taken this approach, once to my own machine way, way back, and once to one that belonged to my partner. This was well before I "got religion" and started backing up routinely, both full system image and user data, and there was way, way, way too much to be lost by a N&P. The risks of doing a thorough cleanup using multiple tools and getting a clean bill of health that way was vastly preferable, even considering possible risks.

 

[nlinecomputers]

Not without the owner's consent it isn't. I subscribe to what you propose, for the most part, but have had occasions where the owner insisted on "cleanup only." In those cases, they sign something stating that the recommendation was for a completely clean reinstall, but that recommendation was declined and they understand the possible risks.

I can say, for myself, two times in many decades I've taken this approach, once to my own machine way, way back, and once to one that belonged to my partner. This was well before I "got religion" and started backing up routinely, both full system image and user data, and there was way, way, way too much to be lost by a N&P. The risks of doing a thorough cleanup using multiple tools and getting a clean bill of health that way was vastly preferable, even considering possible risks.

I never nuke a system without a full image backup. I’ll keep it for 30 days or the client can buy a drive. I either zero out the drive and reinstall, Fabs data and settings back, carefully checking the browser settings, and reinstall apps or just drop in anew drive and fabs from the original.

 

[nlinecomputers]

Also the SolarWinds and Kaseya events make the scorched earth policy an easier sell.

 

[Sky-Knight]

@britechguy Then they can have it back. I won't "fix" a system like this, too much liability.

 

[britechguy]

@britechguy Then they can have it back. I won't "fix" a system like this, too much liability.

A perfectly reasonable approach. I have said, repeatedly, that I choose the work I will or will not do. You, obviously, should too.

No two of us in this venue likely have precisely the same parameters for what we will and will not do in every respect. Nor should we.

My attitude is if they sign something that says, in effect and in actuality, that while best effort will be made absolutely no guarantee is given that's more than enough wiggle room. Of course, I haven't been faced with this in the years since cleaning infections was one of the major aspects of my overall work. I just very, very seldom get calls related to infections of any kind these days. The last one I did see was, ironically, on an iPhone where, somehow, the owner was mysteriously subscribed to a calendar that was nothing but ads. Easy enough to fix, but strange.

 

[sapphirescales]

if they sign something

This isn't a courtroom, it's real life. What matters in the end is what the client thinks of you, not who's dotted their i's and crossed their t's on paper. If a client thinks you've ripped them off and writes a bad review, what they've signed doesn't matter in any practical sense. You can be completely in the right legally speaking, but if your client is unhappy then they'll make your life miserable. Better to just avoid the minefield.

 

[Big Jim]

This isn't a courtroom, it's real life. What matters in the end is what the client thinks of you, not who's dotted their i's and crossed their t's on paper. If a client thinks you've ripped them off and writes a bad review, what they've signed doesn't matter in any practical sense. You can be completely in the right legally speaking, but if your client is unhappy then they'll make your life miserable. Better to just avoid the minefield.

1 bad review in a list of 50 good ones doesn't really hold much weight though does it ?
especially if you write a reply to explain your side of the story.

 

[PaulTech]

Run the Windows RAM test and/or the manufacturers built-in hardware test if available before doing a in-place repair or clean install. Make sure to get a official response from the customer that they have a backup or have a disclaimer on the intake form. Either way, do a image based backup plus something like a fabs backup.