LoJax Removal Guide

Do you know what LoJax is?

LoJax is a malicious program that installs itself and connects to the Internet without the user’s permission. Therefore, the malware falls under the classification of Trojans. However, our computer security specialists report, the infection also has rare rootkit capabilities that make it very difficult to remove, and the truth is the threat should be deleted at once. The research shows it can auto-start with the operating system and hide while the hackers behind the malware could execute malicious codes needed for particular tasks. LoJax is capable of many things as it could record information, execute more Trojans or other infections, etc. What’s more, our specialists say it is doubtful cybercriminals would use such a tool to attack home users, which means it is more likely the threat could be targeted at various companies. For more information, we recommend reading the rest of the article. At the end of it, you will find our short removal guide, as unfortunately, there is only a couple of options to get rid of the malicious application and sadly both of them might be rather drastic.

Same as many various threats, LoJax could be spread through malicious email attachments, unsecured Remote Desktop Protocol connections, and so on. Thus, it is important to both stay away from questionable content downloaded or received via the Internet, and to eliminate all possible system’s vulnerabilities. Our specialists say, what could help the most is updating the computer’s BIOS/UEFI Firmware and enabling the Secure Boot option from BIOS/UEFI because it seems the vulnerability that allows the threat to install itself and stay on the computer is more likely to be found on old and misconfigured systems.

Based on the malicious application’s complexity and capabilities, as well as similarities to other threats from the same hackers, we suspect the cybercriminals may use the Trojan to attack various companies again instead of targeting home users. Like we said earlier, LoJax could be capable of anything, and we can only guess what it could do after infecting the targeted computers, e.g., copy, edit, or delete files on them, drop other malicious applications, and so on. Naturally, the sooner it is removed, the less damage the computer’s owners might receive. The only problem is the LoJax’s rootkit capabilities makes this task extremely difficult. Not to mention, the device’s user may not realize he is installing the Trojan as the malware might pretend to be a legitimate program known by a similar name (LoJack).

If you discovered this malicious application on your system, there are only two options to remove it. First, the malware could be deleted by replacing the device’s motherboard. This option is highly recommended for home users as the second option is extremely complicated. What we have in mind is flashing the BIOS/UEFI firmware since it is where the Trojan settles in. If you have no experience in this, you could make the situation much worse, so this option is advisable only to organizations that have technicians who could successfully perform it.

Eliminate LoJax

  1. Home users should simply replace the infected computer’s motherboard.
  2. Organizations that have needed technicians could flash the infected device’s BIOS/UEFI firmware.

In non-techie terms:

LoJax is a Trojan with rootkit capabilities that should be targeted at various companies and government organizations the malware’s creators might be interested in. Our computer security specialists claim the cybercriminals behind the malware can execute various malicious commands and so it is difficult to say what the hackers might do. For instance, it is possible they could destroy or copy data on the infected computer, infect the system with more Trojans or other malicious applications, and so on. Needless to say, if the targeted device has access to sensitive information the consequences of coming across this threat could be enormous. Knowing this, our specialists advise not to waste any time if there is even the slightest suspicion the infection could be on the system. It needs to be erased as quickly as possible. The bad news is there are not a lot of options to eliminate it. Those who can employ experienced IT specialists could try to flash the device’s BIOS/UEFI firmware. Due to complexity or the task and the fact it could go wrong if the user does not know what he is doing this option is unadvisable for home users. For regular computer users, the safest option would be to replace the device’s motherboard.