A friend of mine made the sad mistake of downloading an app that has locked out his Win 7 laptop. It keeps giving him and "iTec Alert" warning. It locks out the internet and access to msconfig and won't allow programs like Malwarebytes to be installed. I tried running Malwarebytes Chameleon but it can't access the internet (I really wish Malwarebytes would allow Chameleon to access it downloadable rules file).
I ripped the drive out of the laptop and put in in an external enclosure and ran Malwarebytes from my computer. After over 3 hours it found a bunch of stuff and I had it removed. However after reinserting the drive back in it system the program was apparently wicked enough to re-install itself and everything reverted back to where it was.
Ripping it out again and viewing it on my system, I'm seeing three partitions, the system backup partition, and the main system apparently split in two, unless this is normal for Windows 7. I don't have access to files like those under My Pictures, but that may have something to do with the fact that he uses a password upon boot-up.
Another freaky thing was that after I took the system to work on, the owner of the laptop got a phone call from the scammer! He was telling him his system was infected and he needed to have it checked out by them! I have no idea how he got his number and knew who he was. Too nuts.
So anyway, does anyone have any idea how this virus/trojan/backdoor/etc can be eliminated? Is there a way to access another system's msconfig and modify it from another computer? I think between that and running Malwarebytes it may do it, not sure. If anyone has specific info, please let me know. Thanks.
I ripped the drive out of the laptop and put in in an external enclosure and ran Malwarebytes from my computer. After over 3 hours it found a bunch of stuff and I had it removed. However after reinserting the drive back in it system the program was apparently wicked enough to re-install itself and everything reverted back to where it was.
Ripping it out again and viewing it on my system, I'm seeing three partitions, the system backup partition, and the main system apparently split in two, unless this is normal for Windows 7. I don't have access to files like those under My Pictures, but that may have something to do with the fact that he uses a password upon boot-up.
Another freaky thing was that after I took the system to work on, the owner of the laptop got a phone call from the scammer! He was telling him his system was infected and he needed to have it checked out by them! I have no idea how he got his number and knew who he was. Too nuts.
So anyway, does anyone have any idea how this virus/trojan/backdoor/etc can be eliminated? Is there a way to access another system's msconfig and modify it from another computer? I think between that and running Malwarebytes it may do it, not sure. If anyone has specific info, please let me know. Thanks.
Facebook
Twitter
Instagram