So the title says it all. I am aware that anything i might do to defeat the malware (removing lojack would be impossible i believe since its hardcoded) could possibly damage the computer irreversibly.To make the story short. There are 2 persistant rpc services that have greyed options in there properties box. None of the mandatory OS services are registering consistantly, I cant stop several other services and there are services such as print spooler an p2p plus others that will restart from a disabled state.
I was able to find the fbi ransomware install log. Oddly enough its dated 9 months BEFORE i bought this laptop (hp-2000-299, win7 home prem. with intel T3500 processor, InsydeH20 f.33 bios ) . Thanks alot for selling me a refurbished laptop labeled new WAL-MART.
Now i want to rename all the offending MS .dll's and .exe's but trusted installer wont let. If there was a way to disable trusted installer i could rename the corrupted files and then replace them with good ones right? IDK but i'm bound to find out.
Another option is to tweak the partition call table for the corrupt files locations. It would make them be bad sectors at the least i'm sure and might be irreparable damage as i don't know if those specific offsets are dedicated to those specific files ect. Lots of unknowns on this option.
I really dont care about the lojack itself even though i dont like the idea of a built in back door and the fact that i never activated the service. But now that malware has taken it over and it virtualizes my user account (this virtualization can be gotten around temporarily i have found which means i can escape it for good if i do something just right in just the right way) i truly despise it for how easy it made this infection to be persistant. The malware helper in another forum thread here gave up as he couldn't do anything without actually saying that or figuring the problem out. Its not really his fault since he can only get second hand info from me and my scan from a virtualized account.
If anybody thinks they can be of assistance or have any usefull directions or ideas please contribute. Thank you bleepingcomputer for the help thus far.
Here is a link for work done in the last week or so on this issue.
To any mods i also had this same issue posted in the windows 7 forum as the bleeping computer help guy instructed. However i thought it would be better here in the general maleware discussion. If i'm wrong on doing this just let me know.