How to remove Computrace Lojack

I bought two new Gateway PC's a few weeks ago. Typically I first uninstall all the bloatware/trialware right away. Then I shut down all unecessary services and remove loads of entries in the registry that are starting unwanted programs. When I was done with all of this, one process remained in task manager that I didn't recognize. rpcnet.exe. Now I know that there is a service called Remote Procedure Call so I looked in the services. It listed Remote Procedure Call as "C:\WINDOWS\system32\svchost -k rpcss" and also Remote Procedure Call (rpcnet.exe) by computrace. Figuring this was more bloatware so I disabled it and rebooted. It was back! I started thinking it was a virus/trojan/spyware. I downloaded hijackthis which let me shut it off. Reboot. It's back! Found the files rpcnet.exe, rpcnetp.exe rpcnet.dll rpcnetp.dll and deleted them and rebooted. It's back! Those files are back too! Now it really looks like a virus. So I google computrace and found out it is some program used to track stolen computers. Strange! I didn't order that on my computer. So I set out to remove it. Many google hits indicated it lived in the mbr so I did a series of fdisk's and fdisk /mbr and reinstalls of Windows XP. Rpcnet.exe came back running every time. Some Google hits also indicate that it may live in the bios. I save a copy of my bios to disk and look at it with cbrom. I got cbrom from http://www.biosmods.com/download.php I had to try several different versions till I found one that worked with my computer/bios.

So I ran...
cbrom32_149 gtgn105.bin /D - (cbrom crashed but still showed all the file names.)

Then I look at all files with hex editor, specifically for something that would indicate computrace.

Found optromg.rom listed at OEM2 CODE. Hex editor showed the string "computrace".

ran cbrom32_149 gtgn105.bin /oem2 release

checked with cbrom32_149 gtgn105.bin /D

Yep, optromg.rom is gone.

So upload new bios....

Reboot. kill rpcnet.exe

delete rpcnet.exe
delete rpcnetp.exe
delete rpcnet.dll
delete rpcnetp.dll

disable service rpcnet.exe

done

Rpcnet.exe is no longer running as a process! Yeah!

(BTW - This procedure has risks that include making your computer non-functional)

UPDATE! I posted optromg.rom in case anyone wants to look at it with a hex editor or try to disassemble it.

AttachmentSize
OPTROMG.ROM24 KB

Comments

Computrace can be stopped: Do

Computrace can be stopped: Do the following:

1) START>SETTINGS>CONTROL PANEL> ADMINISTRATIVE TOOLS> SERVICES> find RPC ( Remote Procedure Call ) NET and/or Service. Right click and Properties, set to Automatic and stop the serive.

2) C:\WINDOWS\SYSTEM 32\ Find these 4 files RPCNET.dll + RPCNETP.DLL + RPCNET.EXE + RPCNETP.EXE ( Do the following to each file )

3) Delete each file. DO NOT REBOOT. Open WORD PAD. Type and "Save As" ( without quotes ). Name the file as the one it will replace above. Do this for all 4 files. Once they are all replaced with the "VOID" (bogus file ) Right click on each file and change the attribute to READ ONLY > APPLY > OK.

To check and make sure it has worked, reboot your machine. Go to Services and check your RPC process and see if it has re started. If it restarted then you did something wrong with the above files, retry and reboot and recheck. Remember, if you delete one or all the files without stopping the service the files WILL come back automatically. Also you will not be able to delete RPCNET.exe if the service IS started. It must be done in the order above.

I know this works because i've tested it.

I had just bought a new Dell

I had just bought a new Dell Studio 17 Laptop for christmas and I went to the bios screen to choose the disable option. Upon restarting my laptop I went to check if it had been disabled successfully, and the F***ing thing had set itself to "Activated"!!!!

This piece of software/firmware is a major security and privacy breach, and its so badly made it can't tell the differance between the disable and activate functions!

LOOOOOL i've only read a

LOOOOOL i've only read a page so far but why are you all so worried? The way to remove any tracking hard/soft/firm-ware is simple!

1, Find where it is (they tell you its in the bios on the "how it works" page of their website)
2, remove it (only way to remove something from your bios is edit an new version yourself or download a new version from the motherboard manufacturer, Flush your bios, load your bios.. job done)
3, check, if its not gone it means it has a backup installation somewhere highly unlikey for the moment.
all else fails buy a new motherboard (not a stolen one dipstick)

The only way you can find me with all your stolen laptops is when i try to sell it back to you! If they install a hardware device i'll remove it by cutting the power track on the board, if they modify the bios I'll modify the bios.

Plus the only way you can track me is by;
GPS- impossiable without an active GPS chip connected and installed
Cellular triangulation-impossiable GSM chip connected to a network.
Trapping my IP when I put it online and tracing me- again here you'll have an issue from my house as i use annoymous proxy servers and spoof my home IP, good luck finding the right header in 50,000 packets!!
(I have a very high powered cisco router 2900 connected to 2 adsl lines (balanced) and thats stolen too! and all your laptops pay for my adsl lines)

How dumb would I be to go online with a stolen laptop? I'll just take your details, wipe it, sell it in a pub!

lojack is used to catch dumb criminals and take money from the scared masses, not to protect you from people like me! If its sole purpose was to help you why do they charge you for the service? I dont charge when i help an old lady cross the street!

So where is the soloution and prevention?

Hacking is a powerful tool, why should I not get paid for my work when i'm not doing it for fun?
would you work for free?

Lastly please computrace if your reading, make this harder!! Altho I am working on hacking N3 (3.37) at the moment so give it a while first! Thanks

Ways around anything if you look hard enough
(except mobile phones)

as if this company will

as if this company will decide one day to track one of you...It is a forum about "I am only in the world "Or some geeks plans of hacking LoJack system?

First of all I don't

First of all I don't remember enabling this piece of software and yet it's Actived on my computer. I called Lojack and the lady said they would disable it... Weeks later no disabling... I hate waiting on the phone for like an hour to speak to a rep... We need to set up a website to hack these things out of our bioses and warn people about this product... It's a massive spy tool/security threat and it should be freaking everyone out! I am no longer buying Dell laptops because of it!

If you are going to make a creepy product like this, make sure legitimate owners can easily get rid of it... Otherwise expect a backlash!

if it was made easy to get

if it was made easy to get rid of, wouldnt that defeat the purpose? Wouldnt you rather get your stolen computer back

Just delete it on startup,

Just delete it on startup, it doesn't come back until you reboot anyways. so as soon as you login, it runs and deletes the files.

make this into a batch file by right clicking on your desktop, selecting new, selecting text document, then copying all the following in it:

@echo off

TASKKILL /F /IM "rpcnetp.exe"
TASKKILL /F /IM "rpcnet.exe"
TASKKILL /F /IM "upgrd.exe"
del "C:\Windows\System32\UPGRD.exe"
del "C:\Windows\System32\rpcnetp.exe"
del "C:\Windows\System32\rpcnetp.exe"
del "C:\Windows\System32\rpcnetp.dll"
del "C:\Windows\System32\rpcnet.dll"

click on "save as" in the file menu, then click on the bar that says text documents (*.txt) and change it to all files, and change the name of the file to "anyname.bat" without the quotes, name it anything you want, but make sure you add the .bat extension. after it's been saved, add it to your startup folder. be sure to turn off your wifi or disconnect your ethernet cord whenever you restart though, in case it doesn't delete the file right away.

get the dst iso file from

get the dst iso file from the priatebay just put dell in serch

Seriously why dont you

Seriously why dont you suckers wake the heck up, do you really think that this company gives a shit whether or not you loose your laptop, this is just an excuse to load this bloatware onto new laptops.

Funny how nearly every single "Free offer" is clearly advertised, why are they not making it clear that this spyware is on the computer, BECAUSE THEY DONT WANT YOU TO KNOW. Wake the hell up you mentally dead sheep, even in the film surrgoate's you have some fat geeky dude at a central system controlling everything. Yeah sure just a film right...

I am disgusted that my laptop's privacy has been vulnerable all this time, some of those geeky ignorant devils at the company must have some fun knowing they have the power to do whatever they wish.

Welcome to Big brother, it is here among us now, but it is inevitable that it will be bought down. God is watching over us.

The truth is that this bloatware can be removed, dont listen to the lies and deception of those working within the system, computrace would never admit to such a flaw, like you said yourself its a million dollar business. The companies intention is not to protect your laptop, it is to spy on you this is just their cover.

I just am pissed that I did not know about this rootkit,spyware/virus whatever the hell you want to call it, If i had purchased this then fine but they done this without my authorization or consent.

If you dont mind working on a laptop that is open for the world to see, then go ahead and promote this crap. There is only one way to bring such a company down, and I am sure someone somewhere is planning.

A while back I read an article about microshit planning on introducing a system called "zeus" i think, the plan was to have everybodies computer hooked up to a main central system owned by them and everytime you do something on your computer it would have to refer back to "zeus" for comfirmation. Computrace have set the foundation, all these millions of people are unknowlingly being traced, after all it is what this software does.

As for all you ass's that think tracing a laptop is going to help you recover it, then you are being mislead, if someone stills a laptop and turns it on to find a load of warning messages do you really think they are going to hand it in to the local police station, or do you think they will throw it off a building.

They could have at least had the decency to setup a clear way to remove the program, or at the very least put a sticker on the laptop to inform us that it is being spyed on.

But thats not what they want, the less people know the better, the truth is the only way to bring big brother down hence the reason they have programmed all of you with TV, posion in the water, EMF's and all this other unnatural shit in this world.

But I am sure some of you will have something to say about the conspiracy theory that is being mentioned here.

I am a police detective and

I am a police detective and I can tell you firsthand that this system works. We just recovered three stolen laptops yesterday because of Computrace, and it's the second time in the past few months that we've worked with Computrace to recover stolen property. I'm sure the owners of those laptops would disagree with all the negative comments.

My question is - If you

My question is - If you never register or activate lojack when you get your computer, does it still phone back to compuserve?

How about something simple,

How about something simple, Find all of the registry entries for rpcnet and change the permissions on them and then delete them. After that reboot the computer and search for all of the files named rpcnet and then remove them. Create 6 new txt files and name them the same thing as the 6 files you just removed and place them where the other files were, set them as read only and encrypted.

Reboot the Computer all you want and the root kit can run itself as much as it wants but the files will not get back to their original size as they already exists under another name. Now the windows service for this has also stopped running itself and no longer shows up, Seems to easy to work but it does.

i know it sounds dumb but i

i know it sounds dumb but i got a dell inspiron e5400 from the flea market and now after reading this i am scared mind may be hot, is there someone here that can show me a step by step guide to use CBROM to take that bios off and put a new one on, i ran DTS iso and set computrace to DISABLED and i reloaded the WINXPPRO and i don't see the rpcnet files in the system32 folder BUT want to make sure that the X-Files men don't kick in my door.

i know it sounds dumb but i

i know it sounds dumb but i got a dell inspiron e5400 from the flea market and now after reading this i am scared mind may be hot, is there someone here that can show me a step by step guide to use CBROM to take that bios off and put a new one on, i ran DTS iso and set computrace to DISABLED and i reloaded the WINXPPRO and i don't see the rpcnet files in the system32 folder BUT want to make sure that the X-Files men don't kick in my door.

How to remove Computrace

How to remove Computrace LoJack on Windows 7:

If you use the GPT partition scheme on your hard drive it will end the BIOS's ability to load files into Windows. Use GParted or something to do this. Then install Windows 7 which supports GPT.

No software is futureproof.

lapski

Is there the svctag..exe

Is there the svctag..exe equivalent for a dell desktop?

YOU ARE DUMB...i did

YOU ARE DUMB...i did indeed...there is heavy mention of the file in this forum alone.

my way of getting it

my way of getting it done:

end the process called rpcnetp.exe or rpcnet.exe
find your way into " \windows directory\system32\ "
1) delete rpcnetp.exe rpcnet.exe rpcnetp.dll rpcnet.dll ..
2) create new text files and rename it to be exactly as the file deleted which are rpcnetp.exe rpcnet.exe rpcnetp.dll and rpcnet.dll << all four files
3) make sure to make these files to be read only
4) you're done

so whenever your computer runs, it will try to open the dummy files.

verified+works for me

verified+works for me

ok so all this talk and

ok so all this talk and stuff and nobody has come up with a fullproof way to remove the computrace. please help me!!! btw that link doesnt work. :(

I honestly don't think this

I honestly don't think this would get it done. Since working with laptops with this feature, I've looked up a little on what exactly computrace does.

I know that it's in the BIOS, I'm not sure if maybe older versions of this software are in the OS itself, but in these new laptops purchased in '08, it's all in the bios.

I understand that ability to protect assets to a company is very important, but wouldn't it be VERY simple just to flash the BIOS? Would that not remove the CompuTrace code in the BIOS?

Unless they use hardware like LoJack in cars, with a radio transmitter and maybe something hidden built into the LAN/WLAN cards, which I heard mentioned in a few articles.

I have had three laptops

I have had three laptops stolen in the last month and I am pissed that I did not have lojack activated on them because I know I will never see them again. IF lojack is so bad then please someone develop a better way to protect people like me who are not geeky from loosing our machines, photos, documents and privacy. thanks! And finally, may those who stole from me be cursed with boils, confusion and impotence until they return my equipment and pay for my lost peace of mind and the price of moving.

The point is with LoJack

The point is with LoJack installed you have NO privacy. The best protection against laptop theft is caution, regular backups and purchasing insurance. LoJack is not the answer if you value your privacy in the least.

Please tell us HOW they

Please tell us HOW they remove your privacy? In knowing where you are located???? Have you ever looked at the header of ALL of your emails? What about website server logs, they list every visitor and can be easily traced back. Often these logs even show your computer and/or user name.

Any facts to back up your comment?

I bought the lojack software

I bought the lojack software and enable the computrace. Then something strange happened. I could no longer run scandisk/chkdsk. After several frustrating weeks trying to find the problem, I narrowed it down to the lojack software. After contacting them, they confirmed that it would interfere with scandisk/chkdsk. So I told them the likelyhood of my computers hard drive getting corrupted was many times that of the laptop getting stolen and that I needed scandisk/chkdsk more than I did lojack, they agreed to a refund. So I uninstalled everything, and was able to run chkdsk one time. Great, I was happy. But now I can't run it again. It seems "something" it still running and thats from the command prompt in safe mode. I tried going into the bios and disable the computrace, but as others have said, once it's enabled, there is no way to disable it.

So while I liked the lojack feature, not being able to maintain the HD is a greater threat. Unfortunately, now I can't do either.

Computer is a dell laptop. bought new from dell.

A silly question. I dislike

A silly question.

I dislike the whole 'big brother' slant our society is leaning towards, but that is another topic.

I have a daughter who is heading off to college in the morning, with her brand new lap top.....living in a dorm. I really don't want to replace a stolen laptop and was considering the price of lojack to protect her investment. My thoughts are that the chance of her laptop walking off in the next year are statistically higher and worth the money and invasion of privacy that comes with the software.

Her computer will be for school work, music and Facebook, etc.......so there relly isn't any personal information to harvest.

Is it would the investment in your computer saavy eyes?

Thanks.......

Try removing main CPUs.

Try removing main CPUs. Leave it in static-free environment. Remove CMOS battery (size btwn dime and a quarter). After 30 minutes assmeble back everything again. You may have to reset BIOS. I have gone from a crippled WXP to lightening fast computer with only 256MB with Athlon 500 (PII) CPU.

I knew I had very fast CPU but somehow blamed on MSFT updates. Try this trcik I gained almost 300% increased speed, and that toooooo on a 256MB shared RAM. Go figure. I think of MSFT blocking CPU cycles (or poisoning the CPU cycles) with such BIOS-based poisoning tools.

I do not know whether it was a BIOS rootkit or what, but I am glad I did a stupid cleaning of my 11 years old computer. Can anybody verify this observation? THanks.

this will not help!

this will not help! Computrace is a part firmware code.

Does Computrace provide an

Does Computrace provide an uninstaller for legal owners of the laptop? That would be nice.

GET INTO SYSTEM (HOLD F2

GET INTO SYSTEM (HOLD F2 DOWN WHEN RESTARTING) I FOUND MINE UNDER SECURITY AND HAD TO DISABLE IT. IT TRACKS YOUR HARD DRIVE AND YOU. MSNBC HAD A STORY ON IT AND CALLED IT A MAJIOR SECURITY HOLE. THIS PROGRAM LETS HACKERS IN AND THEY MODIFY COMPUTER SETTINGS AND TAKE CONTROL OF YOUR MACHINE. THEY ALSO HAVE IT IN SOME PHONES AND IN THE WRONG HANDS THEY HAVE EVERY MOVE YOU MAKE. LOOK UP MSNBC.COM JULY 30,09 WE ARE ALL PAYING FOR THIS AND IT TRACKS OUR EVERY MOVE. PEOPLE SHOULD BE AWARE ITS INSTALLED. BOSTON BASED CORE SECCURITY SAID HACKERS LOVE IT. I WANT TO TO MAKE PEOPLE AWARE OF THIS. I AM ONE PERSON WHO HS BEEN TRACKED FOR FOUR YEARS AND JUST FOUND OUT WHY.

I changed the service tag on

I changed the service tag on my dell. will computrace still work? like call corporate? also i just want to remove it completely im on a dell m1710

Contact Absolute Software to

Contact Absolute Software to have it turned off on your machine.

You are all hackers and

You are all hackers and thiefs and should be punished for trying to remove a software thats put on computers for a PURPOSE, if you dont like it too bad...wah wah, try to suck it up with the cops when you get reported for having stolen property. It wont work, i have computrace lojack on this laptop, and ill proudly report anybody that tries to steal this thing, ill never remove it and never turn it off. LONG LIVE LOJACK! ANTI-THEFT RULES!!!!! :D

As for the police officer, thank you sir, show these guys! :)

Yep, another idiot. I am a

Yep, another idiot. I am a security proffessional, and a client gave me his laptop, to set up surveillance. Had it for 2 days. What i didn't know was i was the first to go on the internet with it. It had lojack. when approached and questioned by cops, i turned the laptop over, cooperated, wrote a statement against my client. I still was arrested for possession of stolen property, went to court 7 times to get the case dismissed, and the school district never even claimed it. So now a couple thousand lighter, guilty until the DA felt like doing ther homework, I had to fight a a criminal record. LoJacks response when I contacted them was "we dont get involved" yet they somehow had all my personal information from the investigation. I will enjoy when u turn ion a computer, and hav the same result. big brothers comin :-) F* lojack, and the cops I used to trust.

anyway!!!! It's as easy as

anyway!!!!

It's as easy as booting a PC to PERMANENTLY DISABLE!! Computrace. Yes that's right! and again thats right to all Computrace and Dell techs reading!

I disabled it on my new! E6500 yeah! new!

RUN
EE-CPB.EXE and EE-CPB.EXE from a floppy located @ http://www.download.centre4service.com/software1.html inside the USB download and copy to a boot floppy. (I used an external Dell Floppy drive)

you'll get a message tak complete when you reboot.

Service Tag, Asset Tag, and Computrace will be ready for edit!!

How easy is that!!!
benchmark your times!

link doesnt work.

link doesnt work.

what is the password to

what is the password to unzip the file?

What's the .rar file

What's the .rar file password?

I have purchased a Laptop

I have purchased a Laptop through Dell and they offered a free trial for Computrace.

Well I have to say it's absolute crap!!
for starters:

1. I had to format the HD to remove Vista and install XP SP3
2. there are non of the execution's or dll mentioned in prev posts.
3. there are no related services in services.msc. msconfig (startup) or in the reg.
4. is enabled in bios, however service cannot be integrated due to 3 reasons above.

In my experience Bios task is to turn hardware service on that interact with the SOE eg. USB, Spoilers, IRQ's fan speeds etc. so if there are no services in windows or Slax plus non of the exe's, dll, services.

then my laptop could not be traced!

Do you know where the CMOS

Do you know where the CMOS battery is located on a Dell Latitude D630?
I can't open up this laptop at all

if it is your computer,

if it is your computer, can't you just go into the set up menu when you start the computer. From there, go to the security tab, and go down to computrace and disable it.

Seems simple to me

After activation its not

After activation its not possible to diable it!

You are right on, anonymous.

You are right on, anonymous. I just went to F2 on startup and to Security and down to computrace status. My computer from Dell has computrace deactivated, so I didn't even look at it very long for fear it was sight sensitive. The guy above who went through a 200 step disable?--He had fun and felt real smart after figuring out how to do this--leave him alone.
For those who have this problem of computrace being activated, try f2 to security and down to deactive it. Sounds better than risking a disable of your computer.

Once it's active, you can't

Once it's active, you can't disable it from that menu. It's a security feature so stolen laptops can still be traced.

One question i just cant

One question i just cant seem to get a definative answer to is this:
I bought a used laptop NOT STOLEN
im a little pissed about lojack/computrace working without my permission so i go into the BIOS and there are the 3 options (its currently DeActivated)
1. Enable
2. Disable
3. Activate
I chose Disable
I then get a message telling me that it is permanent and cannot be changed once i select this option...sounds good to me so i choose it!
I reboot a bunch of times and it is still disabled...
Am i freaking done with computrace forever? or does it sometimes mysteriously enable itself?? thats my main prob with ANY prgm just "activateing " itself without my ok...its my dang comp and if i want it to do something ill tell it to!
thanks for the response

stll need help with this?

stll need help with this?

How to quickly and easily

How to quickly and easily get rid of computrace FOREVER on a dell laptop, and simultaneously reset all bios passwords and security settings:

1. Download the latest version of the DST disk iso, from any of the various sources online (google it).
2. Burn the iso to a disk.
3. Boot from the disk.
4. Change the service tag to something new.
5. Reboot and hold F2 to get into bios to verify results.
6. You're done. At this point the bios passwords and security settings should be reset to empty, and computrace set to "deactivated". You can now change the computrace setting from "deactivated" to "disabled" which will permanently disable it with no option of ever re-enabling it.

If you can not boot from a cd because the boot sequence is locked and password restricted, no problem, just do this first:

1. Unplug the power cord
2. Remove the laptop battery
3. Remove memory cover from bottom of laptop.
4. Remove cmos battery.
5. Wait a couple of minutes
6. Plug the power cord in
7. Reboot

At this point some of the bios settings such as boot sequence have been reset to default settings allowing you to hold F12 while booting, to select the boot device. now you can boot from your DST cd and knock out the security settings above.

It does not work on DELL

It does not work on DELL Phoenix SecureCore BIOS new style
I have changed the Service Tag and Asset Tag and computrace is still activated :(

I had computrace deactivated but i tried to disable it permanently and it changed the status to activated. so I can't change anything under the Security menu. It is Read Only.

I also tried the following:
http://stephane.emisfr.info/2009/09/08/getting-rid-of-computrace-on-dell-inspiron-mini-10v-inspiron-1011/

but the ee-value is not working ..it says failed to read EEPROM.

I'm giving up on removing the computrace...

References:
http://opsec.cotse.net/opsec/?cat=26
http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=Deactivate_the_Rootkit

Where can I find DST disk?

Where can I find DST disk?

I used your first step and

I used your first step and changed the service tag and disabled computrace. But there is still 2 rcp programs running. Does it mean anything since ive changed the service tag? i still would like to completely remove computrace. but can my computer still be traced even though i changed the service tag?