Syskey.exe is part of the Microsoft Windows operating system – or was until October 2018. Introduced in Windows NT 4.0 SP3 in the 90s, Microsoft stopped shipping Syskey in 2018. As of Windows 10 version 1709 it is missing, and you can also look for it in Windows Server 2016 in vain. But it is still included in all other Windows versions. There, scammers like to use it to lock their victims out of the PC. Money is then paid to unlock them. Should it be removed?
What is Syskey?
Syskey encrypts Windows’ SAM database. This is the database that Windows uses to store usernames and passwords. The user usually doesn’t know anything about it. It is common practice since Windows XP to encrypt the account database. However, the key for decrypting the database is generated by the system itself and is stored locally on the hard disk. Until the end, this has not changed. But this is where Syskey comes into play.
What does Syskey do?
Syskey can be used to manage this encryption routine. The key mentioned above can also be saved to a … floppy disk via Syskey, for example. Then you have the good old Windows 98 startup disk again – which you never found when you needed it. (One should mention here that Syskey was never updated or redesigned until the end). But you can also assign a password instead of the key to encrypt the SAM database. This is the method that trolls and scammers like to use. Because of this, and because Syskey’s encryption method is ancient and therefore no longer up-to-date or secure, Microsoft has abandoned the old tool.
Still scammers try to use the tool to lock users out of their own computers. For as old as Syskey’s encryption is – It works, and prevents the entire Windows startup. System recovery does not work with a Syskey password either, because it requires Windows to be restarted, which does not work without a password. There are manual methods to disconnect a system from its syskey password. But if you are not careful, the whole SAM will be lost, which is a kind of Armageddon for Windows. Then you can forget your user account. So there are several reasons to ban sykey.exe from your Windows, or at least rename and move it.
Under the current Windows 10 you don’t have such problems anymore, because syskey.exe doesn’t exist there. In all other Windows versions or older Windows 10 version (older than 1709) syskey.exe still exists.
Insofar you should consider renaming the application. If a “bad” person manages to get into your Windows, he will look for syskey.exe in vain. And Windows doesn’t care if syskey.exe is there or not. At the most, some antivirus programs might fail because it is missing.
If you want to annoy the scammers a little bit, you can download our FakeSyskey application here.
Fake Syskey is almost identical to the original application. There are only a few tiny visual differences: minimal different window sizes, no title bar buttons (no X in the title bar), and for some texts the line breaks are not identical. However, in my opinion, these are things that can only be seen after closer comparison. It is not immediately noticeable.
However, the fake syskey is just a visual clone that does not make any changes. The application disguises itself as a Syskey version modified by Microsoft in 2017. The program does not allow you to save the settings you have made. If you click “OK” to save your settings, you will receive an error message:
Fake-Syskey is causing trouble for scammers (from Indian call centers, etc.) or as they call themselves, “official Microsoft supporters”.
In order for Fake-Syskey to save the settings, your Windows must connect to the Microsoft Partner Support Server of the call center.
However, no one can do that because such a software, and such a server, does not exist.
A layman who fell for the scammer may now become suspicious. “Why doesn’t an official Microsoft supporter have the software that my Windows is asking for?”
And even if the layman does not get suspicious after all and prefers to disconnect, the scammer does not get anywhere. Fake-Syskey will always throw out this message because it can do nothing else! The application does nothing except to throw off the scammer with error messages – nothing more.
Sounds good? You want to have it? Good, it’s free!
How to get FakeSyskey
The whole thing is as simple as can be:
- Download the ZIP package (click here to download)
- If Explorer can’t extract it, use 7-Zip.
- Then move the contents to the Windows\System32 directory. LOOK AT THE “RES” FOLDER – IT IS IMPORTANT!
- If there is still a syskey.exe on your Windows, then follow these instructions, to get the permissions, then rename the file to “syskey.dll”.
- That should be it. Do the test: press WINDOWS+R on the keyboard.
- Type „syskey“.
- Hold down the SHIFT or CTRL key and click on the icon.
- If an info dialog appears, Windows has started the fake syskey.
(If not the original syskey.exe application has been started. Check that you have done everything as described.)
Fake Syskey might be detected as a virus by your antivirus scanner (e.g. by Trapmine and VBA32). I promise you: It is not one. 😉
By the way, the original Syskey doesn’t work unless it’s called “syskey.exe” because it can’t find its MUI file. There is a way to change this, but I won’t go into that here. You can read about it on the internet. Micorosft has buried Syskey forever anyway.