here’s a simple 2-line batch script I just wrote that you can use to syskey-proof your VM, which is perfect for this scammer. to use, all you need to do is copy this into a .bat file within your VM and run it as an administrator:
echo msgbox "The SAM Lock Tool cannot be opened because" ^& chr(13) ^& "the remote user has a tiny penis.", 4112, "Error">%windir%\System32\syskey.vbs
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syskey.exe\" /V Debugger /D "wscript.exe %windir%\System32\syskey.vbs"
the first line writes a simple one-line script to a .vbs file that will be placed in system32 next to the actual syskey exe. the VBScript file simply pops up an error-style message box when run (the message will be on two lines, the “chr(13)” is a linebreak. the quoted “Error” is for the titlebar. feel free to make the message whatever you want)
the second line will put a key in the registry that will cause any attempt to run syskey to instead run the fake error script.
I also did the same thing to Event Viewer in my VM, but with that the title bar says “This is real.” and the message is “System report: Everything is fine. Nothing is ruined.”