Temporary Repair and Fix for Infected AVTECH CCTV Equipment

Here are some observation for Faulty AVTECH CCTV DVR infected by the ELF IMEIJ  malware and their usability.

There are also some tips and advises for temporary repair or fix the issues caused by the ELF IMEIJ malware so that you can regain temporary control and retrieve your CCTV recording from the infected DVR.

1. Network Settings had been modified to some weird settings.

This is most likely why you are no longer able to access your system remotely as the network settings had been changed.

Use the Videoviewer (AVTECH Program) scan function to scan your local network for the CCTV DVR.

Change the network settings back to your original settings. The remote monitoring function should work thereafter.

Login to your DVR go to the configuration menu to change the DNS2 back to your original. The DNS2 settings cannot be changed from the scan function.

If your router settings and everything remains the same, you should be able to to view your AVTECH CCTV system from the network.

2. Additional Unknown Users

Check on your CCTV Account Settings. You might see multiple unknown users, in this case tveth in the Account configuration set as Supervisor Level.

Remove them. There might be multiple users with the same username. You’ll have to repeat the delete process multiple time in order to remote all unauthorised users from the CCTV system.

Click on another menu item, and then click back to Account to see if you had remove all unauthorised users. Repeat till all users are deleted.

3. AVTECH DVR Still Recording the CCTV Footage

Even though the AVTECH DVR had been infected by the ELF IMEIJ malware/virus, the AVTECH DVR should still be recording as per normal.

If the harddisk and the AVTECH DVR is working fine, the recording should still be there and ongoing.


Do note that we recommend that you stop using the AVTECH CCTV System immediately.
These are just temporary fix while you schedule for an replacement. If possible, disconnect it from the network and use it as a standalone recorder so that hackers no longer have access to your system.

Your INFECTED DVR would still be doing the following

  1. Allow for hackers to access your AVTECH CCTV system remotely and view your CCTV footage, download past recording, etc.
  2. Allow for hackers to control your AVTECH DVR system and use it to conduct attack against other server (DDOS, etc attack)
  3. Allow for hackers to access your internal network through your AVTECH CCTV System, and access to unsecure confidential files, photos, video, images, etc.
  4. Continuing to scan the internet looking for other uninfected system and attempt to infect them with the malware. This is how it continue to spread.

If your AVTECH CCTV equipment is an old discontinued model without updated security firmware dated 20 March 2017 and later, there is no fix/repair/cure/patch for the security flaw and weaknesses in the firmware. You will just need to replace it. Otherwise even if you fix it temporary like the guides above, it is still in the control of the hackers. You should STOP using it immediately and get it replaced.

For other FAQ on the AVTECH Malware problem, you can refer to this link.

We had cease support for AVTECH System as it is not feasible to tell if any problem you have is due to the Malware infection or any other issues.

As there is no solution from the AVTECH manufacturer for these old discontinued system, it is not feasible for us to spend time troubleshooting the system.

We also no longer have any customers using AVTECH CCTV System that are still under warranty/maintenance/subscription, therefore support for AVTECH system will cease.

For all tickets open for AVTECH equipment, options for customers will be sent. Here are the options. http://www.lakson.com.sg/options-avtech-cctv-equipment-users/