How to remove Computrace Lojack
I bought two new Gateway PC's a few weeks ago. Typically I first uninstall all the bloatware/trialware right away. Then I shut down all unecessary services and remove loads of entries in the registry that are starting unwanted programs. When I was done with all of this, one process remained in task manager that I didn't recognize. rpcnet.exe. Now I know that there is a service called Remote Procedure Call so I looked in the services. It listed Remote Procedure Call as "C:\WINDOWS\system32\svchost -k rpcss" and also Remote Procedure Call (rpcnet.exe) by computrace. Figuring this was more bloatware so I disabled it and rebooted. It was back! I started thinking it was a virus/trojan/spyware. I downloaded hijackthis which let me shut it off. Reboot. It's back! Found the files rpcnet.exe, rpcnetp.exe rpcnet.dll rpcnetp.dll and deleted them and rebooted. It's back! Those files are back too! Now it really looks like a virus. So I google computrace and found out it is some program used to track stolen computers. Strange! I didn't order that on my computer. So I set out to remove it. Many google hits indicated it lived in the mbr so I did a series of fdisk's and fdisk /mbr and reinstalls of Windows XP. Rpcnet.exe came back running every time. Some Google hits also indicate that it may live in the bios. I save a copy of my bios to disk and look at it with cbrom. I got cbrom from http://www.biosmods.com/download.php I had to try several different versions till I found one that worked with my computer/bios.
So I ran...
cbrom32_149 gtgn105.bin /D - (cbrom crashed but still showed all the file names.)
Then I look at all files with hex editor, specifically for something that would indicate computrace.
Found optromg.rom listed at OEM2 CODE. Hex editor showed the string "computrace".
ran cbrom32_149 gtgn105.bin /oem2 release
checked with cbrom32_149 gtgn105.bin /D
Yep, optromg.rom is gone.
So upload new bios....
Reboot. kill rpcnet.exe
delete rpcnet.exe
delete rpcnetp.exe
delete rpcnet.dll
delete rpcnetp.dll
disable service rpcnet.exe
done
Rpcnet.exe is no longer running as a process! Yeah!
(BTW - This procedure has risks that include making your computer non-functional)
UPDATE! I posted optromg.rom in case anyone wants to look at it with a hex editor or try to disassemble it.
| Attachment | Size |
|---|---|
| OPTROMG.ROM | 24 KB |
Comments
anyway!!!! It's as easy as
anyway!!!!
It's as easy as booting a PC to PERMANENTLY DISABLE!! Computrace. Yes that's right! and again thats right to all Computrace and Dell techs reading!
I disabled it on my new! E6500 yeah! new!
RUN
EE-CPB.EXE and EE-CPB.EXE from a floppy located @ http://www.download.centre4service.com/software1.html inside the USB download and copy to a boot floppy. (I used an external Dell Floppy drive)
you'll get a message tak complete when you reboot.
Service Tag, Asset Tag, and Computrace will be ready for edit!!
How easy is that!!!
benchmark your times!
I have purchased a Laptop
I have purchased a Laptop through Dell and they offered a free trial for Computrace.
Well I have to say it's absolute crap!!
for starters:
1. I had to format the HD to remove Vista and install XP SP3
2. there are non of the execution's or dll mentioned in prev posts.
3. there are no related services in services.msc. msconfig (startup) or in the reg.
4. is enabled in bios, however service cannot be integrated due to 3 reasons above.
In my experience Bios task is to turn hardware service on that interact with the SOE eg. USB, Spoilers, IRQ's fan speeds etc. so if there are no services in windows or Slax plus non of the exe's, dll, services.
then my laptop could not be traced!
Do you know where the CMOS
Do you know where the CMOS battery is located on a Dell Latitude D630?
I can't open up this laptop at all
if it is your computer,
if it is your computer, can't you just go into the set up menu when you start the computer. From there, go to the security tab, and go down to computrace and disable it.
Seems simple to me
I have a friend who just
I have a friend who just bought an HP mini 2133. How do we know if the Computrace LoJack is activated or not? If it is, can anyone tell me how to deactivate it, or how to get into the BIOS? Need Help Please!
One question i just cant
One question i just cant seem to get a definative answer to is this:
I bought a used laptop NOT STOLEN
im a little pissed about lojack/computrace working without my permission so i go into the BIOS and there are the 3 options (its currently DeActivated)
1. Enable
2. Disable
3. Activate
I chose Disable
I then get a message telling me that it is permanent and cannot be changed once i select this option...sounds good to me so i choose it!
I reboot a bunch of times and it is still disabled...
Am i freaking done with computrace forever? or does it sometimes mysteriously enable itself?? thats my main prob with ANY prgm just "activateing " itself without my ok...its my dang comp and if i want it to do something ill tell it to!
thanks for the response
How to quickly and easily
How to quickly and easily get rid of computrace FOREVER on a dell laptop, and simultaneously reset all bios passwords and security settings:
1. Download the latest version of the DST disk iso, from any of the various sources online (google it).
2. Burn the iso to a disk.
3. Boot from the disk.
4. Change the service tag to something new.
5. Reboot and hold F2 to get into bios to verify results.
6. You're done. At this point the bios passwords and security settings should be reset to empty, and computrace set to "deactivated". You can now change the computrace setting from "deactivated" to "disabled" which will permanently disable it with no option of ever re-enabling it.
If you can not boot from a cd because the boot sequence is locked and password restricted, no problem, just do this first:
1. Unplug the power cord
2. Remove the laptop battery
3. Remove memory cover from bottom of laptop.
4. Remove cmos battery.
5. Wait a couple of minutes
6. Plug the power cord in
7. Reboot
At this point some of the bios settings such as boot sequence have been reset to default settings allowing you to hold F12 while booting, to select the boot device. now you can boot from your DST cd and knock out the security settings above.
I know this is a strange
I know this is a strange question because most people want to get rid of Computrace which works incredibly well by the way. I have a machine that was left for repair in my store and the owner never came back to pick it up or call 2 years ago- my store is now closed its a Dell D630 and I WANT to activate Computrace and pay for it BUT the previous owners have it disabled (permanently) what is the point of being able to disable it permanently ? Does that mean I can never enable it via the BIOS and only have it running on the HD (I like the BIOS option as I can have a bios password too) So CAN I ENABLE THE DISABLED COMPUTRACE
For those people that think COMPUTRACE does not work - IT DOES !!
Back in 2001 I bought a used machine with Computrace on it - I had no idea about it and never heard of it - I formated the laptop and sold it to my friend for $100 more than I paid. They logged on to the internet at home and a day later the cops came to their house with a search warrant !! Turns out the machine was stollen. My friend called to tell me what happened and that she told them she bought it from me, they were not charged. 3 months later the cops came to see me and charged me, I went to court the charges were droped but the laywer cost 3 grand !! At the time (and I still do) I ran a computer buisiness and had no idea it was stollen, I deal with so many used computers through the years BUT after I learnt about Computrace I recomended it to every buisiness I dealt with. One of those buisiness later had it's laptops stollen and recovered by Computrace back in 2002 - laptops were not cheap then. I think this program is great, the average thief or person buying a stollen laptop certainly does not have the savy or know how to remove it or own a HEX editor (program) !!
I bought a Dell 1720 at the
I bought a Dell 1720 at the flea market great deal on it, I explained this to a friend and he mentioned the lojack thang. I turned on computer it had someones name still on it, so I booted it up from Bios and went to security and it says it was active, does this come installed like this? I did read unless the person who bought this activated it then it won't work. From what i've read I'm screwed and should have never bought it should have known. I know you can't delete it but can you disable, someone mentioned buying new mother board from manufacturer that dell gets it from and it wont be on it, any suggestions??
Re: From what i've read I'm
Re: From what i've read I'm screwed and should have never bought it should have known.
You suspected, yet....
RE: I know you can't delete it but can you disable, someone mentioned buying new mother board from manufacturer that dell gets it from and it wont be on it
So, knowing the laptop might be stolen you want to disable the countermeasures.
So, how does it feel to be a thief and a criminal anyways?
how does it feel to be self
how does it feel to be self righteous and judgemental anyways?
so if computrace is set to
so if computrace is set to disable can they still see my laptop
How do we know if computrace
How do we know if computrace is active? If rpcnet.exe is running in the task list does that mean its is activly being monitored?
My son is in college and
My son is in college and bought a dell xps 1330. He said he wanted to pay for because I wouldn't spring the extra money for gamer capabilities on a "college" computer. Anyway, he stopped making payments and the computer started having problems. I tried to fix it for him when he came home on break. I don't get the "run" option in the start window. I wanted to check his registry for errors but now I can't. Also when I go into BIOS I cannot change the boot order to allow me to reload Vista. I was reading some of the posts about computer trace programs and was wondering---did Dell remotely disable his computer due to lack of payment? I mean they can control it remotely. I don't want responses that that say "well he should have paid for it and it wouldn't have happened" That's his bag, so don't lecture me. My concern is - if they can do that, then they can do pretty much anything remotely' can't they. I have a laptop also and always assumed it was private. I'm not big on conspiracy theories, but I do know that some rights can be infringed upon without leaving a trace of who infringed. If you can answer -- please do.
Yes, this is real. Sounds
Yes, this is real. Sounds like a tin foil hat thing for conspiracy theorists, but technically everything is a theory before it's proven. This is starting to become wide spread. Manufactures are calling it a "Kill-Pill" and its installed in many newer-ish laptops to turn them off if you miss a payment (or if you make a contract with an isp when you buy it and cancel it etc).
Google "Kill Pill" and see for yourself. This is a huge violation of privacy in my opinion, because even if you did make 100% of the payments, then its YOUR laptop, but they somehow believe its still necessary to have this on there controlling your expensive computer, that again, is YOURS not theirs. here's one of many articles: http://www.geekwithlaptop.com/computer-kill-pill-invented
the whole 'kill pill' theory
the whole 'kill pill' theory falls apart when you consider that some people may never connect the computer to the internet.
i've identified rpcnet.exe on my hp 2133 and to be honest i'm all for it. If my laptop gets nicked (which I doubt it will but anyway) that provides a better chance of getting it back. I have nothing on my computer to hide anyway and if I found someone snooping around inside it (yeah right, who the hell is interested anyway?!) I'd probably stop and say hi!
Naah. Sounds more like a
Naah.
Sounds more like a virus/spyware issue. They often disable things like Run/Task Manager, etc.
The boot-order in BIOS however you should be able to change. Make sure you are using the correct keys to alter the values.
Also, some BIOSes have a "read-only" feature, if you only enter the "startup" BIOS-password, instead of the "system" BIOS-password. Can you change any values whatsoever? If not, you are probably using the wrong password.
In Vista, they replaced the
In Vista, they replaced the run option with a search window, which is just above start when you click on the start menu. I was a little confused also. I just typed run in the help window and that's the explanation that I got. As for disabling it remotely, anything is possible today.
actually that is untrue
actually that is untrue about the Run Command
Right Click Start Button
Properties
Start Menu Tab
Cutomize
click the checkbox to show the Run command
I BOUGHT A LAPTOP FROM A
I BOUGHT A LAPTOP FROM A PERSON I DONT KNOW AND NOW I CAME TO KNOW THERE IS A THING CALLED COMPUTRACE AND I DONT LIKE JAILS :) .CAN ANY ONE EXPLAIN IN SIMPLE STEPS HOW TO DETERMINE IF A LAPTOP HAS LOWJACK INSTALLED ON IT AND IF IT IS ON THERE, HOW DO DISABLE IT STEP BY STEP. PLEASE HELP
RAJA
ok i have a newer laptop and
ok i have a newer laptop and it has these files, but i cant find anything that says computrace and when i get into the BIOS there is nothing there about computrace. The security chip is disabled. I even went into regedit and deleted the rpcnet file. I have done several reboots and go to task manager and look at the services and they are showing disabled. I should be fine right?
go to start run msconfig in
go to start run msconfig in services check the box at the botom for microsoft then check if you have absolute solutions in there if so you have a lojac program running
how do find out if it has
how do find out if it has lojack
Hello. I have Levono
Hello. I have Levono ThinkPad X61 notebook I bought off of Craigslist.
It has computrace installed and i've been reading all these posts and nothing seems to work for me.
I ONLY have rpcnetp.exe and rpcnetp.dll.
the other two are not in my System32 folder or anywhere else i know of.
i cannot delete, modify, change these files.
i believe it lets me move them, but obviously on a restart the files reappear.
rpcnetp.exe is also the only process running.
i tried updating the BIOS, and then when i went back to the BIOS it still warns me that Computrace is installed.
So my question is, how do I remove/disable this permanently?
also will just ending the process every time i turn my laptop one prevent computrace from working?
Let me first say, that I an
Let me first say, that I an a network adminstrator, and I have deployed Computrace to over 150 Lenovo T60/61 laptops and have been working with it for over 2 years now.
Computrace doesn't do anything until the laptop makes a connection to the internet. Once it does, it reports EVERYTHING ABOUT YOUR LAPTOP back to the main database at Absolute (they make Computrace). It does a full asset scan of your laptop, and keeps on record everything, including the IP address of all network cards. IF someone reports this laptop stolen, I can assure you that the police WILL come to your house. I have had to report a few of these stolen, and it WORKS. The company guarantees that they will recover the laptop within a certain time span or you'll get your money back.
So you can do all you to try to remove the software from your laptop, (stop services, delete files, format and re-install OS, but nothing will work, because it is embedded into the BIOS. Actually, there is one way, get a new motherboard. But still then, Computrace will still know the location of the laptop because of the last time it reported.
Oh also, I can send a remote command to any one of the laptops that report to Computrace to wipe the hard drive, and evertime the machine turns on, it will format the hard drive. No joke! It's cool as hell!!
Well, just my 2 cents!
Well actualy that's not
Well actualy that's not entirely true...........
Hirens boot cd saves one from having to hunt all over the internet for the needed tools.....
One must erase the host protected area (HPA) of the hardrive - many tools do that. Then one simply uses a bios-editor to "repack" the bios.
I'v had a lot of people who buy laptops at flea markets or "whatever" and I'v done it many times in a few minutes. Demonstrated it to a computrace employee at a party and he had to reinstall it again on his machine to his disbelief. All in all most theives just turn it on, go to the internet and get busted - so it is a good program though
One more easy way to stop
One more easy way to stop Computrace activity for Win XP with NTFS file system users. SOrry for my English, and some wordings may differ as I'm using non-English version of XP but I'll try to explain...You just need to go to system32 folder, locate rpcnetp.exe, rpcnetp.dll, agremove.exe (if exists) and remove permissions for these files. BIOS Computrace program does not rewrite these files once OS boots. So, right click on properties of each file, open Security tab, remove all groups/users/permissions from the list by clicking on Advanced button below, then untick "Inherit from parent blah blah.." which is under permission list on the Permission tab thus clearing this list. Click Yes to close the pop-up warning that says something like "Nobody will be permitted to have an access to this file...". So, finally these files will remain in system32 folder but will have no groups/users and no permissions to access to and rpcnetp service will not start any more. It worked fine for me and I'm no longer notified by my antivirus about this.
now what, come to find out
now what, come to find out that i bought a stolen t60 lenovo from craiglist. im a going to get arested?
how did you find out you
how did you find out you have a stolen laptop. Does something pop up saying its stolen. From my understanding all lenovo t60 come with the software installed in the bios but its only good if you pay for the service.
I hope you didnt get
I hope you didnt get arrested
are you in nebraska?
are you in nebraska?
why?:-D
why?:-D
I read all the comments
I read all the comments because I also have the Computrace
agent embedded in BIOS of my Lenovo 3000 N200, which is normally
set to Disable, but every now and then it changes to Enabled,
and becomes active WITHOUT any obvious reason. Since I dont need
that software, never bought it, dont use it and dont want it,
I wrote to Computrace for a solution. Since I never got an answer
from them, and concluded that they are a bunch of liars, stating
on their web site:
"The BIOS agent remains in a dormant state until our LoJack for
Laptops software is installed on the hard drive."
Ha ha "dormant", they should lookup the meaning of that word...
So I decided to remove the obtrusive trojan soft myself.
I found a method that is much simpler and equally effective,
because the complete set of files (the 4 mentioned here)
rpcnet.exe rpcnetp.exe rpcnet.dll rpcnetp.dll are
deleted before they can execute the rpcnet service and start
sending data to Computace servers.
First I discovered how their agent in BIOS creates the 4 files
in Win\System32 folder, starts rpcnet service, communicates
with their server, stops the rpcnet service, and removes
the 4 files from System32 folder. To do that a 5th file
is created, which to my surprise nobody mentioned. This
file is Agremove.exe. Sometimes this file remains in System32
folder, and sometimes it is also removed. To capture that
file is the key to the solution that I am using. Simply copy
the file to Windows folder from where it will not be removed
by Comutrace proces and run it at every boot from startup.
I run it from: (line in registry)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Agremove"="C:\\Windows\\agremove.exe"
but it can be simply run from Startup folder in Programs menu.
Run from any of those places it will erase all files created
by Coputrace agent in BIOS before they become active. The rpcnet
service does not even start.
The file agremove.exe is 44.544 bytes long, and it runs once
does it job and shuts down, so it is not resident.
From properties of Agremove.exe:
Product name: agremove
Product version: 0, 0, 0, 0
Company name: Absolute Software Corp.
File description: agremove.exe
File version: 0, 0, 0, 0
Internal name: agremove.exe
Legal copyright: Copyright (c) 2005 Absolute Software Corp.
Legal trademarks:
Original filename: agremove.exe
Language: Language Neutral
Comments: Installation/Management Application
If any of you need this file for testing purposes, and cannot
capture it youself, I can upload it to any share service....
GREAT JOB THE COMPUTRACE DID WITH THEIR ANTI THEFT SOFTWARE,
THAT CAN EASILY DISABLE ITSELF :-D
Kef
So i Have a question. I dont
So i Have a question.
I dont see computrace in my bios. but there is somethign call tmp
under securty. would it be a good idea to run that Agremove.exe
just to be safe. as far as i know computrace is not in the hard drive either.
yeah if you could post it up
yeah if you could post it up somewhere, because i apparently can't catch up to it.
I purchased a used Mac
I purchased a used Mac laptop. How do I check to see if Computrace lojack is on it or not? Does anyone know what are the file names of Computrace program for a Mac and where these files are located? J. Locust
This is very disturbing to
This is very disturbing to have such software in the new laptop. I prefer those standalone ones.
Will a firewall prevent
Will a firewall prevent computrace from contacting home base?
Does anybody have solution
Does anybody have solution to remove Computrace NOW?
I have C300 200 i cant open bios Rom with cbrom.
How do I check if my Mac has
How do I check if my Mac has Computrace Lojack installed? Does anybody know what are the file names of the Computrace program for a Mac and where are they located?
i have a vostro 1400 with
i have a vostro 1400 with computrace activated but do not see:
rpcnet.exe
rpcnetp.exe
rpcnet.dll
rpcnetp.dll
I saw a previous post with a similar question, but was never answered. Is it safe to assume my computer does not have Lojack or anything Computrace related? Is there a way to check, my BIOS does say that it is active.
So I purchased a xps with a
So I purchased a xps with a lo jack and honest to god even though im very much computer savvy i didnt bother to check if the laptop i purchased at craigslist would be stolen ( i know very stupid) i blame the price which the guy sold me for 1/4 of the original price which i guess blocked my senses, anyways i m stuck with this laptop. i want to turn it in but turning in wouldnt bring my money back and honestly i m a student money is very important to me and hard to make. but also i realise that almost impossible to break the lojack and even if i break it, it would make me feel guilty for now i know its stolen. if it turn it in what guarantee do i have that they will actually believe me and i cant really prove my story. so what should someone like me do.?
If you turn it in you are
If you turn it in you are being a good citizen in the eyes of the cops. If they track you down before you do that, then it will be game over. I am a cop in a southern state, and I can tell you that if you turn it in you won't be in trouble at all. But it will be too late once they come knocking on the door. I just cleared my first case on a guy that was caught by LoJack, he was QUITE computer savvy and even tried to find and disable the program. Needless to say when the cell door slammed shut he knew he didn't succeed. The bottom line is if you have stolen property, you can be charged with RECEIVING STOLEN PROPERTY, they don't have to prove you stole it. So knowing something is stolen and keeping it is just ASKING to get locked up. The money you save on the purchase of the laptop isn't going to be cost effective compared with the cost of your bail. Think it over. It's all nice in theory to sit here and talk about how you think you can disable the software, but from a law enforcement perspective I can tell you it is a LOT more persistent than you know and it does a whole lot more than you think it does.
ur safe because computrace
ur safe because computrace is not free u have to purchase their services if you go into ur bios you can find it under security you can disable it but like i said their not going to trace it unless they pay for the services and i think you have to pre order their services
how would you know that the
how would you know that the person lost his/her laptop don't have a paid computrace service? how would you know they didnt not called the computrace after they lost the laptop? as long as the software and the chip installed it can be traced anytime. if you think you got jacked becasue you bought a laptop with lojack return it or report it to proper administration so atleast you dont get in to trouble........hope everyone understand buying used expensive laptop for cheap could cost you BIG time....dnt doit
Hey I was wondering if this
Hey I was wondering if this lojack removal method works on a dell xps m1730. I want to use the mothod of replacing the rpcnet.exe, rpcnet.dll, rpcnetp.exe and rpcnetp.dll files with a 0kb read only file. Let me know if this is a good idea or not. Thanks much.
I have a m1730 that comes
I have a m1730 that comes with a 18 month version ov lojack for laptops. I check the site and see that everytime i boot it up it signals compuserve when a wireless network is available. Good luck trying to get around that. got about 18 months worth of waiting to do. I paid $3600 for this laptop and the day it gets stolen is the day I start notifying compuserve.
So if my computer does not
So if my computer does not have any of the 4 listed files, is it safe to assume my computer does not have Lojack or anything Computrace related?
Thanks!
Any ideas on what program I
Any ideas on what program I can use to backup the BIOS for a Lenovo X60S laptop so that I can use the cbrom utility? Has anyone removed Computrace from a Lenovo device before?
WELL IF I WAS THESE PEOPLE I
WELL IF I WAS THESE PEOPLE I WOULD STOP MESSING ABOUT TRYING TO HACKING THE LAPTOP GET A LIFE AND STOP CAUSING STRAIN ON THESE FIRMS U WILL GET CAUGHT OUT AND WITHOUT THESE PEOPLE TRYING TO HACK THESE FIRMS WOULDNT BE RUNNING SO KEEP IT UP AS U WILL GET CAUGHT OUT AND SENT TO PRISON OR A FINE.?
REGARDS
PETER H
Post new comment