How to remove Computrace Lojack
I bought two new Gateway PC's a few weeks ago. Typically I first uninstall all the bloatware/trialware right away. Then I shut down all unecessary services and remove loads of entries in the registry that are starting unwanted programs. When I was done with all of this, one process remained in task manager that I didn't recognize. rpcnet.exe. Now I know that there is a service called Remote Procedure Call so I looked in the services. It listed Remote Procedure Call as "C:\WINDOWS\system32\svchost -k rpcss" and also Remote Procedure Call (rpcnet.exe) by computrace. Figuring this was more bloatware so I disabled it and rebooted. It was back! I started thinking it was a virus/trojan/spyware. I downloaded hijackthis which let me shut it off. Reboot. It's back! Found the files rpcnet.exe, rpcnetp.exe rpcnet.dll rpcnetp.dll and deleted them and rebooted. It's back! Those files are back too! Now it really looks like a virus. So I google computrace and found out it is some program used to track stolen computers. Strange! I didn't order that on my computer. So I set out to remove it. Many google hits indicated it lived in the mbr so I did a series of fdisk's and fdisk /mbr and reinstalls of Windows XP. Rpcnet.exe came back running every time. Some Google hits also indicate that it may live in the bios. I save a copy of my bios to disk and look at it with cbrom. I got cbrom from http://www.biosmods.com/download.php I had to try several different versions till I found one that worked with my computer/bios.
So I ran...
cbrom32_149 gtgn105.bin /D - (cbrom crashed but still showed all the file names.)
Then I look at all files with hex editor, specifically for something that would indicate computrace.
Found optromg.rom listed at OEM2 CODE. Hex editor showed the string "computrace".
ran cbrom32_149 gtgn105.bin /oem2 release
checked with cbrom32_149 gtgn105.bin /D
Yep, optromg.rom is gone.
So upload new bios....
Reboot. kill rpcnet.exe
delete rpcnet.exe
delete rpcnetp.exe
delete rpcnet.dll
delete rpcnetp.dll
disable service rpcnet.exe
done
Rpcnet.exe is no longer running as a process! Yeah!
(BTW - This procedure has risks that include making your computer non-functional)
UPDATE! I posted optromg.rom in case anyone wants to look at it with a hex editor or try to disassemble it.
| Attachment | Size |
|---|---|
| OPTROMG.ROM | 24 KB |
Comments
BIOS DEACTIVATION OF
BIOS DEACTIVATION OF COMPUTRACE
I found a program called dstcd search on torrents I think I got it off Piratebay but not sure. What this program does is allow you to change the service tag on any portable dell system. By changing the service tag it will automatically deactivate the computrace in bios allowing you to completely disable the computrace permanently.
Unless computrace has some way of activating it again. My friend states that they use it at his job. He stated that they basically gave computrace the Mac addresses to the systems they registered and that is how they are able to locate you anywhere and how they can take over your system if it comes up stolen. If that is the case then changing the nic cards should fix that. I do know that the dstcd does allow you to change the setting in bios for computrace and I have had no further problems since I did this. I hope this helps those that believe like I do that privacy is our God given right and those that do in the dark will be exposed in the light for all to see.
DigitalSpeed1
Ok guys to the not so tech
Ok guys to the not so tech guys lets put it this way.
Just do this.
1) Install Windows XP or Vista or Win7 as you normally would.
2) After it is installed do not install any other programs.
3) Click START then Run or just Windows key and "R" then Notepad.
4) Type anything you want like Hello there and save the file on the desktop as example : test.txt
5) Copy test.txt to the C:\Windows\System32 filder on Winxp case.
6) Click START go to RUN then type CMD hit enter.
7) From the command line type "CD \Windows\System32" without the quotes and hit enter.
8) Now just type this four commands.
8.1 "copy test.txt rpcnet.exe" its going to ask you if you want to replace the file say yes.
8.2 "copy test.txt rpcnet.dll" enter replace yes.
8.3 "copy test.txt rpcnetp.exe" enter replace yes.
8.4 "copy test.txt rpcnetp.dll" enter replace yes. All this commands without the quotes.
9) Now this other four commands.
9.1 "attrib rpcnet.exe +r" then hit enter.
9.2 "attrib rpcnet.dll +r" hit enter.
9.3 "attrib rpcnetp.exe +r" hit enter.
9.4 "attrib rpcnetp.dll +r" hit enter. Again all the commands above without quotes.
10)Now the files can't be overwritten by the BIOS and you have empty files when windows starts and tries to run them nothing will happen as they are not real DLL or exe files and you will get rid of the LOJACK.
11) ENJOY AND HAVE FUN.
Ed
To anyone who thinks
To anyone who thinks Computrace Lojack is a good idea, think about how much information you are giving out (i.e. they will have years of data of everywhere you used your computer) and about how Computrace can install any software on your computer that they want to. They can control your computer *as they wish*.
You might think this is ok if Computrace are an honest company, which I'm sure they are. But what happens if someone like Rupert Murdoch or a foreign government buys it up? Or what if an employee turns bad and decides to install software that lets them look around your computer?
It is really not a good idea to have something on your computer that could control your computer without your permission. It's like giving a complete stranger the keys to your house.
Thanks for sharing very good
Thanks for sharing very good information on How to remove Computrace Lojack that will be really so helpful........
Or just install Linux - exe's
Or just install Linux - exe's wont run...
Thanks for the helpful
Thanks for the helpful post.
KimkasJKK
I bought a brand new Acer
I bought a brand new Acer laptop early this year. I never paid for a subscription. I didn't even know I had their damned spyware installed in my BIOS (or in whatever other piece of hardware it is). No one informed me. I've never even been invited to subscribe. Yet my firewall one fine day warned me that rpcnet.exe was trying to access the net. I googled it, and that's the only reason I know what it is.
So when Absolute says their spyware "lies dormant" in your BIOS until activated, they're LYING.
AND DON'T BELIEVE THEM WHEN THEY SAY THEY HAVE DEACTIVATED IT.
Think about it:
1) They've already stolen from you. Computer manufacturers pay them for this "enhancement" -- or at least somebody does. Obviously the cost gets passed onto the consumer who buys the laptop. And you were never informed it was there, so they MADE you buy it without your consent. That's fraud. Even if you weren't paying for it, they are giving you something dangerous to your right to privacy, and without your consent, or even knowledge. That's criminal deception.
2) This stuff is installed in BIOS, and maybe even in the motherboard. They can't uninstall anything unless they come to your house and do it manually. So obviously they're lying when they say they can. They just want to get you off their back. They may actually deactivate it, but if they can, then they can also reactivate it -- or maybe some hacker can. The only assurance you have that they won't access your computer without your permission is their own word. How much is the word of a thief and liar worth, hey?
This firmware/hardware trojan can do a HELL of a lot of things you don't want anyone but yourself to be able to do (that is, if you have any common sense and knowledge of human nature). It can physically locate the comp by triangulation, monitor all your activities, erase all or part of your hard disk to U.S. government security standards, and God knows what else. Those things are only what the company ADMITS to on its own website.
Which liars and thieves do you want to trust, the ones at Absolute or the ones in the street?
Answer: Neither. But I'd feel a lot more comfortable if the thief in the street gets my comp. Chances are pretty good he won't be as computer literate as the "friendly" professionals at Absolute Sukware.
I've already spent well over one entire working day trying to find a reliable and permanent way to get their poison out of my system, and I'm not nearly done yet. I'm faced with tampering with the BIOS or worse. Time is money, and that's another way these bar stewards have ripped me off. These people need to be sued right out of their scam business.
Check out these links, and get pissed, and keep making noise to these axhole manufacturers who permit this stuff to be installed without your consent:
From their website:
http://www.absolute.com/en/lojackforlaptops/technology.aspx The technology behind Absolute Software’s products is the Computrace Agent, a small software client that is embedded into the BIOS firmware of most computers at the factory. Or you can easily install yourself.
The Agent in your computer maintains daily contact with the Absolute Monitoring Center. If you report your computer stolen, Agent contact will increase to every 15 minutes. Increased contact allows us to obtain specific details like the physical location of your computer, any activity that has occurred post-theft, and other important data that will aid us in working with local law enforcement to catch the thief and return your property to you. Regardless of recovery status, you can remotely delete data to remove some or all of the information stored on your computer. It uses GPS or Wi-Fi to map your laptop’s current and past locations.
[Any activity? Other important data? Remote delete? And past locations? That’s pretty damned wide open!]
This http://www.absolute.com/en/partners/bios-compatibility.aspx lists all manufactures that install it in the BIOS.
http://www.absolute.com/Shared/FAQs/L4L-FAQ-E.sflb.ashx says Flashing the BIOS will not remove it. Computrace works through firewalls. Apparently it does not work through dial-up, and the software must indeed be installed to get recovery services – but of course all that means is that you must pay if YOU want any advantage from the BIOS installation. Meanwhile THEY still have access to your computer through the BIOS, if they want it, regardless – though of course they won’t tell you that). "(Upon theft notification) increased contact will allow the Absolute Theft Recovery Team to forensically mine your computer using a variety of procedures including key captures, registry and file scanning, geolocation, and other investigative techniques to determine who has your computer and what they’re doing with it."
No one with more than two brains cells to rub together wants to give this much power over their lives to ANYONE, and especially not to thieves, liars and sneaks like these people.
I will call Absolute, but it won't be to find out how to remove their s***. I'm on my own on that since only a fool would believe a word they say about anything. I may end by returning my computer. Thought it might be useful to some to know what I've done so far, after reading the friendly tips posted here. Certainly Absolute Sukware is constantly upgrading the "persistence" of this damm trojan, so how things are on a later model with Win7 may be helpful.
I first of all tried F2 on startup and disabling it through Security, as suggested by the entry above, Tue, 2009-08-04 22:25. That didn’t work. There simply were no options available.
I then tried what was suggested in Mon, 2008-11-17 02:10. First of all I noted that a standard search through the Start menu did not reveal the files, even though I have the comp set to show hidden files. But a direct search of C drive did find
rpcnet.dll
rpcnetp.dll
rpcnetp.exe/system 32
rpcnet.exe/syswow64
rpcnetp.exe/syswow64
When I tried to change permissions on these files (as administrator), the Deny could be selected, but the default Allow remained checked, although grayed out. Windows did give a dialog box on applying that said “Deny entries take precedence over Allow entries. A user that is a member of 2 groups, one allowed, one denied, will be denied.”
Permissions window for these files later showed System, Administrator and Users all both denied & allowed. Effective Permissions tab showed all boxes empty, but grayed.
When I closed Properties for these files, boxes came up “Error…access denied”. Rechecking Properties showed permissions I had set were still in place, except that I had checked Read Only, and this was now unchecked again. Apparently there’s no way to set these files as Read Only.
When rechecking permissions for rpcnetp/sys32, additionally I found another User that hadn’t been there before, called Authenticated User. Very interesting. I set that to Deny as the others.
On reboot, rpcnet, rpcnetp and rpclocator show in Taskmanager, but as stopped, whereas before they were always running. So far so good.
Searched also for the file called agremove, but did not find it, even under similar names: Agremove & remove.exe.
On another reboot, found in Task Manager something running called igfxpers.exe, description: Persistence Module, and Services shows something called RpcSs (Remote Procedure Call), and RpcEptMapper (RPC Endpoint Mapper) running. Don’t know what these are, but they surely look suspicious.
In any case, Event Viewer in Administrative Events shows that rpcnet.exe and rpcnetp.exe failed to execute because “access is denied”. Moreover, the time stamp shows this happening right at start up, and not repeated later.
Event Viewer Windows Logs:
‘Applications’ shows no events for RPC (it does show friggin Google updater trying and failing to update every half hour – I recently uninstalled the Google toolbar)
Security shows nothing.
System, at startup, shows The RPC Endpoint Mapper service entered the running state. The Remote Procedure Call (RPC) service entered the running state. Not good. These occurred before Avast anti-vi started, and sometime later, the firewall starts. Immediately after firewall starts we see: The Remote Procedure Call (RPC) Net service failed to start due to the following error: Access is denied., and The rpcnetp service failed to start due to the following error: Access is denied. Sometime later, the WLAN (net access) was started, so it seems that Computrace is stymied. By the time internet access is enabled, it’s already stopped, so it can’t talk to the criminals at Absolute. Yes!
However, all this was from a startup where WLAN startup had been reset to manual. This meant that WLAN did not start on startup, and I had to start it later manually. This is inconvenient, so I reset it to automatic, and checked startup logs again. Results were same as before, with one critical difference:
System, at startup, shows The RPC Endpoint Mapper service entered the running state. The Remote Procedure Call (RPC) service entered the running state. WLAN AutoConfig service has successfully started. These occurred BEFORE Avast anti-vi started, and sometime later, the firewall started. Immediately after, we see again: The Remote Procedure Call (RPC) Net service failed to start due to the following error: Access is denied., and The rpcnetp service failed to start due to the following error: Access is denied.
So, it seems possible that Computrace may have had enough time to communicate with the net, because it wasn’t stopped until after the WLAN was up and running.
This means you have to set WLAN to manual in Services (right click>Properties), and, after the computer has fully booted, manually start it in Services when you want to use wifi. Automatic start will result in at least the possibility that Computrace will at least reveal your computer’s location. It probably won’t be able to do anything else before being shutdown by the later denial of permission to run, but even that’s not certain. I still don’t like those greyed out Allow checkmarks in permissions for Computrace’s files.
Note: WLAN has RPC Endpoint Mapper listes as a dependency in Services>Properties>Dependencies. I'm not even sure if the RPC Endpoint Mapper or the Remote Procedure Call (RPC) services are connected to Computrace's functionality or not.
Because of these doubts, I will eventually totally reinstall BIOS. And I'll have to be sure it's a TOTAL reinstall, and that Computrace isn't living somewhere else on my hardware as well. If I can't be, I will demand a refund of the computer, plus payment for the time out of my life that has been stolen from me.
I also bought my toshiba
I also bought my toshiba legally, with vista, but moved back to romania ... and because my XP is "no longer supported"
on my laptop and now I cant even go back to my legal vista...
changing files it didn't work - i used edited files of same size too (I do have the hidden service partition)
(Stop svc, delete keys in registry, replace files, reboot with switch - NO GO) and now my audio hardware won't work...
I would really appreciate if someone would help out - i'm not too savvy but i could manage rewriting a BIOS if I had the right advice and tools ...
If figures out an easier way
If figures out an easier way to remove this thing or a program that will do so, please let me know.. I bought my computer at QVC and have the receipt to prove it. This stupid rpcnet.exe takes up half my CPU's resources. Computer Lojack Service!
myriad angel@yahoo.com With out the space <----------------
Anony-you OBVIOUSLY don't
Anony-you OBVIOUSLY don't have enough techi skills to be playing around with it. It's clear from your question, so just leave it alone. You'll break the damn thing.
All of you trying to disable
All of you trying to disable this thinking it is the software by itself are idiots!
It's not just the software and you don't have to be on-line to be traced with a stolen computer that contains LoJack.
If you steal a Car protected by LoJack do you think the car dials up the Internet and then tells the owner where it is, of course it does not.
USE YOUR BRAIN IF YOU HAVE ONE, ITS WHY GOD GAVE YOU IT!
If you try to disable a LoJack activated Bios you will Hose the computer, meaning it will destroy itself for security reasons.
All these people stressing
All these people stressing over LoJack that claim they are not criminals with stolen laptops are doing so uselessly. "IF" the laptop is not stolen, the service phones in ONCE day to do a test call, and that's it. Nothing else. It uses no resources, does not slow down your machine, NOTHING! The only time it constantly calls in, is IF the machine has been REPORTED Stolen!! Then it reports constantly yes. But it has to actually be REPORTED STOLEN first! If no one reports the laptop stolen, it doesn't do anything. So all the hype against computrace is just because the criminals are upset they can't so easily beat it. I for one am glad. And the service is not free. So if you didn't pay for anything, I guarantee it's not doing anything. Just sitting there waiting to be activated after you pay for the service, unless you get a 6 mos free with a new machine or something. Worth every penny I say.
donnasander, No offense, but
donnasander, No offense, but you're wrong, rpcnet.exe runs every time you start your computer. I bought my computer 3 years ago on QVC, and rpcnet.exe is still running. I can't get rid of the D*&n thing. I wish there was a way to get rid of it. I try to shut it down from processes and a few other things and of course it doesn't let me.
Why I'm trying to shut it down? I didn't buy Lojack and they have no right using my CPU's resources, it bogs my computer down. I have a program that shows computer resources. This thing uses half of my CPU resources constantly. It's a bunch of B.S.
If anyone can tell me exactly how to get rid of it without messing my computer up I'd appreciate it. There ought to be a law against them forcefully keeping something running on your computer. It should be the users choice to either keep it or get rid of it, out of the box.
If I choose to keep it I'd understand why it's still running even though I don't use the service. But I said no from the day turned this thing on since they wanted to charge me so much for the service. Not worth it to me for the amount of money they wanted to charge!
Nothing personal, but you
Nothing personal, but you know nothing of human nature, and you lack common sense.
How do you know "the service phones in once a day...unless the machine is reported stolen"?
Answer: Absolute Sukware told you.
Yet these same people sold you their trojan without even informing you. That's fraud.
They say it "lies dormant" until activated with a subscription. That's CERTAINLY a dammed lie, because my firewall caught it trying to access the net, and I didn't have a subscription. I didn't even know that Computrace existed until that happened.
These people themselves are criminals, but yet you want to trust their word.
Go ahead.
But those with common sense don't have to follow your foolish example.
hi all I'm from chile and I
hi all I'm from chile and I got a laptop or notebook HP EliteBook 6930p and I can not enter the bios I get a message such a jak and I will not let me use the mandaronp or parcel as I can clean the bio to solve this problem or will I have to leave it idle help please
I used the info in the last
I used the info in the last post. But I had to set to disabled instead of automatic. I didn't have the stop option available. May be due to killing it fisrt with Sysinternals Process Explorer. XP Pro SP3 on Dell XPS M1730. It works after reboot it's not running. I found this problem when the program was using 50% of CPU time.
I dont know if any of these
I dont know if any of these is the program or not ?
rpcdiag
rpcepmap
rpchttp
rpcndfp
rpcns4
rpcnsh
rpcping
rpcrt4
rpcrtremote
rpcss
rpc
I have a friend who just
I have a friend who just bought an HP mini 2133. How do we know if the Computrace LoJack is activated or not? If it is, can anyone tell me how to deactivate it, or how to get into the BIOS? Help Please!
Erasmios K
That's fishy. How to tell if
That's fishy.
How to tell if it's activated. ASK your friend! You have to pay for the service.
I permit myself to post
I permit myself to post information about rpcnet.exe from Absolute Software Corp to ease information queries in Google.
I sent an email to Absolute Software Corp. (www.absolute.com) and asked what is the process rpcnet.exe and procedures to remove it.
Here's the exchange I had with Chris Librel , working for Absolut Software Corp support .
From: Me to Absolut Software Corp
Sent: Friday, April 09, 2010 11:01
Subject: What is rpcnet.exe
Hi,
I have on my computer a spyware from your company called rpcnet.exe
What is it exactly and how did it arrived on my laptop?
How can I uninstall it?
Cordially,
From: Absolut Software Corp to Me
Sent: Friday, April 09, 2010 14:47
Subject: Re : What is rpcnet.exe
Hi,
Rpcnet.exe deals with the Computrace asset tracking and asset recovery software. Computrace may have been purchased with your machine and pre-installed at the factory. Please provide the serial number associated with your machine.
If you did not purchase Computrace, please scan and email a copy of the receipt showing the purchase of the machine and we can then flag the machine for removal to remove Computrace once we can confirm that you are the owner of the machine.
Regards,
Chris Librel
Global Support | Absolute Software Corporation
From: Absolut Software Corp to Me
Sent: Saturday, April 10, 2010 13:43
Subject: Re : Re : What is rpcnet.exe
Hi, thanks for your answer :
> Computrace may have been purchased with your machine and
> pre-installed at the factory
After buying the computer (at first it was on Windows Vista), I format and
install my own personal of Windows XP PRO, and install just the minimals driver
with no add-on software and advertising software. So this might be impossible.
> Please provide the serial number associated with your machine.
>
> If you did not purchase Computrace, please scan and email a copy of the
> receipt showing the purchase of the machine and we can then flag the machine
> for removal to remove Computrace once we can confirm that you are the owner
> of the machine.
I don't know you, and I will not sent to you a scan of the receipt.
Do you have the right to monitor my computer without my knowledge?
I am sure you don't.
Do you have the right to refuse to help me to remove your spyware?
I have not been warned that I will have spyware on my computer.
Please indicate me the procedure to remove rpcnet.exe without giving you my
serial number, or any other personal information.
Otherwise I'll forward your message on the forums that talks about this process,
and also transmit it to the authority in effect for the protection of consumers.
Cordially,
I hope that I am not the only one to complain, and you know where to contact them now, if you have the spyware rpcnet.exe to survey your computer.
kopax
i am not so concerned about
i am not so concerned about the computrace software being on laptops as i am about getting a computer with it already activated....the laptop came from a computer repair and service store..
There's your problem. You
There's your problem. You just don't know what Compu-trace is doing on your computer, and you're alarmed when you hear the words "computer" & "trace" used together, (or you're afraid you have a virus
1) Computrace is NOT Spyware, Malware, nor Adware.
2) Computrace is NOT self-installing, however it *is* possible that it comes with your computer as firmware - on one of the motherboard chips, so that it naturally re-installs, regardless of the formatting & new O/S install.
(I freely admit I don't know the policy of the company that manufactures that specific lojack, there could be an "added up-grade feature", like chip-set on the motherboard, requested by the manufacturer & used as a bonus feature. )
3) Computrace is one of the lojack programs. When you log on the internet, the Lojack "phones home", updates that it's still here by checking in with the server, basically saying "Hi Ma, I'm at IP ADDRESS: 255.255.255.200 (for example. I work for an ISP, I understand the whole "IP Schema". Please don't try to school me.)
Pay attention, because this next part is the part that bother's you, and it is important.
4) The ONLY TIME COMPUTRACE, or any other Lojack, would ever use more than the minimum required effort & Clock tics worth of ATTENTION TO YOUR COMPUTER, is when the software phones home, & it it fails the interrogative handshake.
(Hi Mom, I'm at XXX.XXX.XXX.XXX.) The server goes through an interrogative handshake, which looks Vaguely like this: IF THIS, Definition +a True/False response; THEN (Action)= ELSE = Send an alert to the operator queue for human intervention.
So, breaking it down for ya'all,
The Laptop checks-in initiates an interrogative handshake & UPDATES STATUS to Server *PING* (This is who I am, Who I belong to, Where I am, And someone is using me.)
IF : (UPDATE OF STATUS) = CONDITION
* STATUS = I Am "Here"
* SERVER COMMAND = VERIFY EITHER T/F
LISTED AS LOST OR STOLEN = True or False CONDITION
CONDITION: (Lost or Stolen) =
THEN : = IGNORE
ELSE: Condition = TRUE
THEN: TRIANGULATE LOCATION
AND: CONTACT AN OPERATOR with UPDATE ALERT:
"Hey, I've got a Lojack that failed Verification"
"Here's a window bullet items &/options"
[POP-UP WINDOW FOR OPERATOR]
"Hey, Bob Smith!
A COMPUTER LOJACK is CALLING HOME, AND CONDITION = TRUE
I highlighted which option you need to click.
A) Why is Lojack Server asking for Operator intervention?
B) Registered Equipment Info (Cell phone, Laptop, Car Kindle)
C) Registered Owner(s)/User(s) Info
D) Lojack Registry w/user account highlighted
1) Registry Is/ Current: T/F
2) Renew Registration
3) Recently Sold: New Owner/Change of Owner Form
4) Register New Users
5) Cancel Registered Account
6) Miscellaneous
E) Incident Report
1) Ticket number
2) Incident Date & Status
F) Police Report
1) Ticket number
2) Incident Date & Status
3) Police Report Number
G) Registered Customer Report
1) Registry Current: T/F
2) Renew Registry
3) Ticket/Action Number
4) Incident Date & Status
H) Registered User's Report
I) Miscellaneous information
J) Account Activity Log (updated by operator with status after each operator/Client r consult)
5) Then, Police, or a detective, or SOMEONE will come around to pick up the computer, & it's user. The computer goes into evidence, and is soon returned to the owner, just like a lojacked car, after a hijacking
Lojack is great, man. IF THEY CAN'T RECOVER your computer,THEY REPLACE YOUR COMPUTER! I'm buying it for 2 laptops I just bought. I just dropped $620.99 APIECE for them. I'm going to keep them within my personal circle of influence, so I doubt they will get stolen. **BUT** If either of them DOES happen to get stolen, I'm counting on the Lojack Company to get the laptops back for me, or replacing them if they fail to recover them!
I was thinking about why it took up so much CPU. There are 2 reasons that would take up 50% of your CPU.
One reason is that if you were fussing with the software I would bet that it's supposed to call home, and hold the line, While it "flashes a beacon saying, for all intent and purpose: "HELP! I've been kidnapped", all while notifying local law enforcement to hunt it down. I don't know, I wasn't there, & didn't see what it was doing, & I don't know how long you were fussing with it. If I were Corporate I wouldn't tell anyone that was how my lojack system worked, & if *I* were doing the coding I guarantee you that my software would automatically assume that being it was being fussed with was an attempt to get around an automatic anti-theft mechanism by the thief, himself!!!
It might just call home and say "Help me Daddy, I've been kidnapped and some fool is trying to take away my cell phone so I can't call for help"
6) I'm glad to hear that the company didn't just give you the info you asked for. They were well & perfectly within appropriate boundaries asking you to provide them with solid documentation that you IN FACT own the machine. By denying to share harmless information cost you the assistance you were asking for, and for hella good cause, AND you antagonized them for no good reason.... Basically you stood there & shouted" F*CK YOU Lojack!" for the entire world to hear, then you come here, pounding your chest, strutting like you're some kind of big bad boogy-man, bad-ass, and brag about how you lost a fight with a potential ally, and then shit on him. That company is the one that would have to replace your laptop, if it was stolen and could not be recovered.
Now you've violated their warranty and completely fucked yourself because I'll bet that by damaging it and disabling it they are not any longer constrained to recover OR replace your laptop if it's stolen.
Frankly, I'm NOT convinced you came by that laptop, as a new, out of the box, computer that you took home to set up. I've been wrong, I could be wrong now, but refusing to provide that information tells me all I need to know about your character.
7) By the way,
Computrace is a piece of STORE BOUGHT SOFTWARE, unless it is bundled with your computer. That means THEY SELL IT!!! They aren't 't going to go giving it away free to people like you. Tell me, did you have to work very hard to be this intelligent, or was it just an accident of birth?
It will not self install it on your machine for without a payment of some kind, so, somewhere, some how, it got bought and paid for by someone who wanted their computer protected and traced when it got stolen. A company like that expects to earn money writing that software, and they sell it to people, who want to protect their computers, so that they can earn money for stock-holders.
Where did you ever get the idea it was spyware? You see, if you had BOUGHT the machine, you'd have known it was a value added feature, and not come in here telling us what a Johnny Bad-ass you think you are, cuz you called some tech support guy a Wanker, when he offered to help you, and all he asked for was for you to confirm the serial number that THEY ALREADY HAD ASSIGNED TO THAT COMPUTER, AND THEN THEY'D HAVE HAD YOU id YOURSELF WITH THE WARRANTY INFORMATION THAT WE ALL PROVIDE WHEN WE BUY AND PAY FOR A MACHINE.
Some people's children.
There isn't any kind of freedom, or privacy you give up. It's a harmless verification call, made by either a hardware or software Lojack, to verify that the person using it actually owns it. If you own it the server and the company basically benignly ignores you UNTIL THE NEXT TIME YOU TURN THE COMPUTER ON AND GO ONLINE. tHEN IT WILL RE-VERYFYING THAT IT WASN'T STOLEN, AND GO BACK TO IGNORING YOU.
You, sir, sound like a
You, sir, sound like a policeman. Your tone is very similar to that of another who posted here: arrogant and patronizing, with that Liberal attitude that you know better than other people what is good for them. It was disturbing to read on Absolute's website that many of their employees are ex-law enforcement officers, for it goes to show that they are infected with a Hitlerian notion of morality: the end justifies the means, and if "authority" says it's good, then it is good, never mind obvious reality.
Answer me this: If Absolute has already stolen my money by making me pay for something I didn't even know existed, and stolen my time by making me spend literally days trying to get rid of their stinking trojan, and has told absolutely undoubtable lies about the capabilities or nature of what this thing does, how are they any better than any thief that might steal my laptop?
You forget to mention that they only guarantee a return of a stolen machine under their premium subscription, which costs over $50 PER YEAR, if I recall correctly. The standard subscription isn't much cheaper.
Let's do a little math.
Let's say I have a $700 machine. The moment I start to use it, it has already depreciated by about a $100, and it's values goes down, say as a conservative estimate, $75 per year thereafter.
So I pay $50 to protect this investment, which is worth $600 at the time I do so. Well, that $50 now has to be subtracted from the value of the machine, like a "cost of carry", because if I tried to resell it, I'd be out that amount, so my comp is really worth only $550 now. Next year it depreciates another $75, and I pay another $50 for theft protection. Now it's worth $425.
Need I go on?
You will say that it's not the value of the machine, but of what's on it, that counts.
I agree. But chances are that a thief is going to get my information before the police get him, and who knows where he has put it or to whom he has already transferred it?
If you want to protect your information, there are far better and cheaper ways than lojack. The problem with this country is we have forgotten the principle of individual responsibility that the nation is founded on. As someone here said, the best protection is simply to keep your machine under your surveillance and control, and/or encrypt the contents, and/or purchase insurance. But no, we want to turn our personal responsibilities over to Big Brother.
That's what the Germans did to Hitler, the Russians to Lenin, etc., the Chinese to Mao, and so on.
They paid a HUGE price for the priviledge of not having to think, and their supposed security was in reality their greatest danger.
As someone else said: "Wake up, you dead sheep!".
Computrace can be stopped:
Computrace can be stopped: Do the following:
1) START>SETTINGS>CONTROL PANEL> ADMINISTRATIVE TOOLS> SERVICES> find RPC ( Remote Procedure Call ) NET and/or Service. Right click and Properties, set to Automatic and stop the serive.
2) C:\WINDOWS\SYSTEM 32\ Find these 4 files RPCNET.dll + RPCNETP.DLL + RPCNET.EXE + RPCNETP.EXE ( Do the following to each file )
3) Delete each file. DO NOT REBOOT. Open WORD PAD. Type and "Save As" ( without quotes ). Name the file as the one it will replace above. Do this for all 4 files. Once they are all replaced with the "VOID" (bogus file ) Right click on each file and change the attribute to READ ONLY > APPLY > OK.
To check and make sure it has worked, reboot your machine. Go to Services and check your RPC process and see if it has re started. If it restarted then you did something wrong with the above files, retry and reboot and recheck. Remember, if you delete one or all the files without stopping the service the files WILL come back automatically. Also you will not be able to delete RPCNET.exe if the service IS started. It must be done in the order above.
I know this works because i've tested it. Keep in mind, even with the above done correctly Computrace WILL still show in BIOS but will pretty much be a dummy computrace.
I did this but I am afraid
I did this but I am afraid to go on the Internet, how can I confirm that this really works?
Okay, people have been
Okay, people have been asking this question but nobody has answered. I have a Dell Studio 1737 and it has a pheonix bios. Computrace is set active in the bios. I recently bought a new hard drive because my old one crashed. The four files you speak of do not show in my system 32 folder. Is it safe to say that computrace is not active?
I had just bought a new Dell
I had just bought a new Dell Studio 17 Laptop for christmas and I went to the bios screen to choose the disable option. Upon restarting my laptop I went to check if it had been disabled successfully, and the F***ing thing had set itself to "Activated"!!!!
This piece of software/firmware is a major security and privacy breach, and its so badly made it can't tell the differance between the disable and activate functions!
LOOOOOL i've only read a
LOOOOOL i've only read a page so far but why are you all so worried? The way to remove any tracking hard/soft/firm-ware is simple!
1, Find where it is (they tell you its in the bios on the "how it works" page of their website)
2, remove it (only way to remove something from your bios is edit an new version yourself or download a new version from the motherboard manufacturer, Flush your bios, load your bios.. job done)
3, check, if its not gone it means it has a backup installation somewhere highly unlikey for the moment.
all else fails buy a new motherboard (not a stolen one dipstick)
The only way you can find me with all your stolen laptops is when i try to sell it back to you! If they install a hardware device i'll remove it by cutting the power track on the board, if they modify the bios I'll modify the bios.
Plus the only way you can track me is by;
GPS- impossiable without an active GPS chip connected and installed
Cellular triangulation-impossiable GSM chip connected to a network.
Trapping my IP when I put it online and tracing me- again here you'll have an issue from my house as i use annoymous proxy servers and spoof my home IP, good luck finding the right header in 50,000 packets!!
(I have a very high powered cisco router 2900 connected to 2 adsl lines (balanced) and thats stolen too! and all your laptops pay for my adsl lines)
How dumb would I be to go online with a stolen laptop? I'll just take your details, wipe it, sell it in a pub!
lojack is used to catch dumb criminals and take money from the scared masses, not to protect you from people like me! If its sole purpose was to help you why do they charge you for the service? I dont charge when i help an old lady cross the street!
So where is the soloution and prevention?
Hacking is a powerful tool, why should I not get paid for my work when i'm not doing it for fun?
would you work for free?
Lastly please computrace if your reading, make this harder!! Altho I am working on hacking N3 (3.37) at the moment so give it a while first! Thanks
Ways around anything if you look hard enough
(except mobile phones)
as if this company will
as if this company will decide one day to track one of you...It is a forum about "I am only in the world "Or some geeks plans of hacking LoJack system?
First of all I don't
First of all I don't remember enabling this piece of software and yet it's Actived on my computer. I called Lojack and the lady said they would disable it... Weeks later no disabling... I hate waiting on the phone for like an hour to speak to a rep... We need to set up a website to hack these things out of our bioses and warn people about this product... It's a massive spy tool/security threat and it should be freaking everyone out! I am no longer buying Dell laptops because of it!
If you are going to make a creepy product like this, make sure legitimate owners can easily get rid of it... Otherwise expect a backlash!
if it was made easy to get
if it was made easy to get rid of, wouldnt that defeat the purpose? Wouldnt you rather get your stolen computer back
Just delete it on startup,
Just delete it on startup, it doesn't come back until you reboot anyways. so as soon as you login, it runs and deletes the files.
make this into a batch file by right clicking on your desktop, selecting new, selecting text document, then copying all the following in it:
@echo off
TASKKILL /F /IM "rpcnetp.exe"
TASKKILL /F /IM "rpcnet.exe"
TASKKILL /F /IM "upgrd.exe"
del "C:\Windows\System32\UPGRD.exe"
del "C:\Windows\System32\rpcnetp.exe"
del "C:\Windows\System32\rpcnetp.exe"
del "C:\Windows\System32\rpcnetp.dll"
del "C:\Windows\System32\rpcnet.dll"
click on "save as" in the file menu, then click on the bar that says text documents (*.txt) and change it to all files, and change the name of the file to "anyname.bat" without the quotes, name it anything you want, but make sure you add the .bat extension. after it's been saved, add it to your startup folder. be sure to turn off your wifi or disconnect your ethernet cord whenever you restart though, in case it doesn't delete the file right away.
get the dst iso file from
get the dst iso file from the priatebay just put dell in serch
This is a true statement.
This is a true statement. It's DSTCD. It's an Asset/Service Tag BIOS reset tool. I bought my new Latitude e6520 from craigslist. I didn't check BIOS or anything prior to buying. I buy all the time and never look, now I know to. anyway, after trying to make different settings in BIOS to get my Hackintosh to boot, I notice a Computrace feature? this is news to me and I'm not new to computers. Just new to Dell I guess. This tool can be useful for the right people yes but for someone that just paid $400 that took a month to save up for (full-time student) I wasn't about to lose my money. Anyway, I called and Computrace hadn't received any stolen reports on it. I want this off of my new computer (I'm not going to pay for a service when I take good care of my possesions and keep a watchful eye. I someone steals it from home, they will get shot in the back as they try to leave. Renter's insurance will cure it all when or if it goes missing. Online data backup is key. Why do I need computrace? Oh yeah, lazy people that dont understand what real security is. So, I havent tried to run the tool yet. I'm still in the middle of DBAN 2.2.6 process to wipe the drive. Once that is done I will report back on my status.
Seriously why dont you
Seriously why dont you suckers wake the heck up, do you really think that this company gives a shit whether or not you loose your laptop, this is just an excuse to load this bloatware onto new laptops.
Funny how nearly every single "Free offer" is clearly advertised, why are they not making it clear that this spyware is on the computer, BECAUSE THEY DONT WANT YOU TO KNOW. Wake the hell up you mentally dead sheep, even in the film surrgoate's you have some fat geeky dude at a central system controlling everything. Yeah sure just a film right...
I am disgusted that my laptop's privacy has been vulnerable all this time, some of those geeky ignorant devils at the company must have some fun knowing they have the power to do whatever they wish.
Welcome to Big brother, it is here among us now, but it is inevitable that it will be bought down. God is watching over us.
The truth is that this bloatware can be removed, dont listen to the lies and deception of those working within the system, computrace would never admit to such a flaw, like you said yourself its a million dollar business. The companies intention is not to protect your laptop, it is to spy on you this is just their cover.
I just am pissed that I did not know about this rootkit,spyware/virus whatever the hell you want to call it, If i had purchased this then fine but they done this without my authorization or consent.
If you dont mind working on a laptop that is open for the world to see, then go ahead and promote this crap. There is only one way to bring such a company down, and I am sure someone somewhere is planning.
A while back I read an article about microshit planning on introducing a system called "zeus" i think, the plan was to have everybodies computer hooked up to a main central system owned by them and everytime you do something on your computer it would have to refer back to "zeus" for comfirmation. Computrace have set the foundation, all these millions of people are unknowlingly being traced, after all it is what this software does.
As for all you ass's that think tracing a laptop is going to help you recover it, then you are being mislead, if someone stills a laptop and turns it on to find a load of warning messages do you really think they are going to hand it in to the local police station, or do you think they will throw it off a building.
They could have at least had the decency to setup a clear way to remove the program, or at the very least put a sticker on the laptop to inform us that it is being spyed on.
But thats not what they want, the less people know the better, the truth is the only way to bring big brother down hence the reason they have programmed all of you with TV, posion in the water, EMF's and all this other unnatural shit in this world.
But I am sure some of you will have something to say about the conspiracy theory that is being mentioned here.
I am a police detective and
I am a police detective and I can tell you firsthand that this system works. We just recovered three stolen laptops yesterday because of Computrace, and it's the second time in the past few months that we've worked with Computrace to recover stolen property. I'm sure the owners of those laptops would disagree with all the negative comments.
My question is - If you
My question is - If you never register or activate lojack when you get your computer, does it still phone back to compuserve?
How about something simple,
How about something simple, Find all of the registry entries for rpcnet and change the permissions on them and then delete them. After that reboot the computer and search for all of the files named rpcnet and then remove them. Create 6 new txt files and name them the same thing as the 6 files you just removed and place them where the other files were, set them as read only and encrypted.
Reboot the Computer all you want and the root kit can run itself as much as it wants but the files will not get back to their original size as they already exists under another name. Now the windows service for this has also stopped running itself and no longer shows up, Seems to easy to work but it does.
sorry - it didn't work - i
sorry - it didn't work - i used edited files of same size too
Stop svc, delete keys in registry, replace files, reboot with switch - NO GO
i know it sounds dumb but i
i know it sounds dumb but i got a dell inspiron e5400 from the flea market and now after reading this i am scared mind may be hot, is there someone here that can show me a step by step guide to use CBROM to take that bios off and put a new one on, i ran DTS iso and set computrace to DISABLED and i reloaded the WINXPPRO and i don't see the rpcnet files in the system32 folder BUT want to make sure that the X-Files men don't kick in my door.
i know it sounds dumb but i
i know it sounds dumb but i got a dell inspiron e5400 from the flea market and now after reading this i am scared mind may be hot, is there someone here that can show me a step by step guide to use CBROM to take that bios off and put a new one on, i ran DTS iso and set computrace to DISABLED and i reloaded the WINXPPRO and i don't see the rpcnet files in the system32 folder BUT want to make sure that the X-Files men don't kick in my door.
How to remove Computrace
How to remove Computrace LoJack on Windows 7:
If you use the GPT partition scheme on your hard drive it will end the BIOS's ability to load files into Windows. Use GParted or something to do this. Then install Windows 7 which supports GPT.
No software is futureproof.
lapski
Is there the svctag..exe
Is there the svctag..exe equivalent for a dell desktop?
I am surprised no one yet
I am surprised no one yet has figured out how to defeat this rootkit!
look for a filename that start with upd... in your c:\windows\system32\ folder. the property of the file tells you it belongs to absolute software. Also, one of the property tabs should give you a clear indication on how the (rpcnet, rpcnetp....) filed are recreated each time you restart the notebook. Also, you need to look for the hidden oem partition on your hd.
Removing the "installation software" and "hidden partition" is a bit tricky but with the right tools it can be accomplished easy!
Ali Baba
YOU ARE DUMB...i did
YOU ARE DUMB...i did indeed...there is heavy mention of the file in this forum alone.
my way of getting it
my way of getting it done:
end the process called rpcnetp.exe or rpcnet.exe
find your way into " \windows directory\system32\ "
1) delete rpcnetp.exe rpcnet.exe rpcnetp.dll rpcnet.dll ..
2) create new text files and rename it to be exactly as the file deleted which are rpcnetp.exe rpcnet.exe rpcnetp.dll and rpcnet.dll << all four files
3) make sure to make these files to be read only
4) you're done
so whenever your computer runs, it will try to open the dummy files.
sorry - it didn't work - i
sorry - it didn't work - i used edited files of same size too
Stop svc, delete keys in registry, replace files, reboot with switch - NO GO
under win7 files are set to
under win7 files are set to archive , rpcnetp also re-appears in windows\SYSWOW64\rpcnetp.exe - also found them in the registry, where i did a search then deleted them. instead of a text file from wordpad, i used a simple text editor to modify /mes up the original files leaving archive bit and security settings unchanged - this messing felt SO much better (work with this "system34" directory buddy!)
and it worked... thanks for previous posts... as for the good vs. bad debate:
Don't you mess with Mr. USER: (hard /soft) because legal or not, he gets hurt where can he find you? running from the vengeful hacker, i hope... I also vote for simpler and more efficient ways to protect your property... who paid for it may benefit - somewhat and it's OK... who didn't should NOT... but Computrace should say upfront terms, conditions, hidden costs, etc... and not mess with Mr. USER without his assent, they might as well come in my bedroom and put a tag on my wife's vibrator - and it's ok until her boss - a very religious and suspicious character who pays detectives to check on employees will find out and fires her ... then what? - seriously, there's more potential harm in getting labeled as a "porno site surfer" for example than losing a good laptop... and (i think) lojack reports more than just location....
verified+works for me
verified+works for me
Well after messing with my
Well after messing with my partitions in windows mainly a big no no i needed to call a data recovery company but got that all sorted out and really thinking about just moving everything to ubuntu and getting rid of xp.