How to fix the error “This computer is configured to require a password in order to start up” on XP Machines

xp password virusThis guide covers how to actually fix the “This computer is configured to require a password in order to start up” error that has been popping up on many XP machines.  This process only takes a few minutes for an expert user but could take some additional time for inexperienced users. Interestingly this process also works for many other purposes such as restoring the Windows registry after corruption when a drive has bad sectors.


From what we’ve seen this appears to be related to a virus that enables SAM (registry file) encryption.  Because of this, using standard password changing tools such as NT PWD Reset wont fix this issue.   What we need to do is to restore the registry files to their pre-infected state.  Even many experienced users aren’t aware that Windows XP stores nearly daily registry backups hidden in a folder on the root of the drive called “System Volume Information”.

Obviously you can’t boot this computer from the hard drive because of the password, so you’ll either need to boot from a live CD or remove the hard drive and attach it to another PC.  Once you have access to the Hard Drive go into the “System Volume Information” folder.  If you get access denied errors you may need to take ownership of the folder first.  You can google “Take ownership” for plenty of guides on that step.root system volume information

Once in the folder you will see another folder called “_restore…” followed by a bunch of gibberish, open that folder. sys vol root


Once inside you will see a list of folders, these contain registry backups and system restore data, sort by date to see what date ranges are available for recovery.  Typically I choose a date about a week before the incident happened just to be safe.sys vol date

Once you choose a date to restore from, enter that folder and it will look like this… we want to open the snapshot foldersys vol 2nd to lastAlmost done, You will now see 4 files which are copies of the Windows registry from the date you selected.  The 5 registry files we are interested in are highlighted but must be renamed before they can be restored to the Windows directory.

sys vol snapshot



I created a custom batch file to do all of this work for me automatically which is at the bottom of this article but for simplicity you can rename the highlighted files by simply right clicking and renaming:

Rename “_REGISTRY_USER_.DEFAULT” to  “default”
Rename “_REGISTRY_MACHINE_SECURITY” to  “security”
Rename “_REGISTRY_MACHINE_SOFTWARE” to  “software”
Rename “_REGISTRY_MACHINE_SYSTEM” to “system”
Rename “_REGISTRY_MACHINE_SAM” to  “sam”

Now select those 5 files you just created (default, security, software, system, sam) and paste them into the “Windows\system32\config” folder and overwrite the existing files.

You have now restored your Windows registry to the date you selected.  As long as the date you selected was prior  to the infection Windows should boot normally.  If you still see the password prompt and need to go back to a further date you can simply repeat this process and select an older date.


Here is a batch file to automate the process, simply run it from within the snapshot folder.  It assumes the hard drive is plugged into a test bench and is the “d” drive, you can modify the drive letter for whatever drive yours is.


@echo off
Echo copy registry batch file
echo place this batch file into the system volume information directory you want to use
ren d:\windows\system32\config\system system.old
ren d:\windows\system32\config\software software.old
ren d:\windows\system32\config\sam sam.old
ren d:\windows\system32\config\security security.old
ren d:\windows\system32\config\default default.old
copy default d:\windows\system32\config\default
copy security d:\windows\system32\config\security
copy software d:\windows\system32\config\software
copy system d:\windows\system32\config\system
copy sam d:\windows\system32\config\sam
echo Done

Comments are closed.