How to remove Computrace Lojack

I bought two new Gateway PC's a few weeks ago. Typically I first uninstall all the bloatware/trialware right away. Then I shut down all unecessary services and remove loads of entries in the registry that are starting unwanted programs. When I was done with all of this, one process remained in task manager that I didn't recognize. rpcnet.exe. Now I know that there is a service called Remote Procedure Call so I looked in the services. It listed Remote Procedure Call as "C:\WINDOWS\system32\svchost -k rpcss" and also Remote Procedure Call (rpcnet.exe) by computrace. Figuring this was more bloatware so I disabled it and rebooted. It was back! I started thinking it was a virus/trojan/spyware. I downloaded hijackthis which let me shut it off. Reboot. It's back! Found the files rpcnet.exe, rpcnetp.exe rpcnet.dll rpcnetp.dll and deleted them and rebooted. It's back! Those files are back too! Now it really looks like a virus. So I google computrace and found out it is some program used to track stolen computers. Strange! I didn't order that on my computer. So I set out to remove it. Many google hits indicated it lived in the mbr so I did a series of fdisk's and fdisk /mbr and reinstalls of Windows XP. Rpcnet.exe came back running every time. Some Google hits also indicate that it may live in the bios. I save a copy of my bios to disk and look at it with cbrom. I got cbrom from http://www.biosmods.com/download.php I had to try several different versions till I found one that worked with my computer/bios.

So I ran...
cbrom32_149 gtgn105.bin /D - (cbrom crashed but still showed all the file names.)

Then I look at all files with hex editor, specifically for something that would indicate computrace.

Found optromg.rom listed at OEM2 CODE. Hex editor showed the string "computrace".

ran cbrom32_149 gtgn105.bin /oem2 release

checked with cbrom32_149 gtgn105.bin /D

Yep, optromg.rom is gone.

So upload new bios....

Reboot. kill rpcnet.exe

delete rpcnet.exe
delete rpcnetp.exe
delete rpcnet.dll
delete rpcnetp.dll

disable service rpcnet.exe

done

Rpcnet.exe is no longer running as a process! Yeah!

(BTW - This procedure has risks that include making your computer non-functional)

UPDATE! I posted optromg.rom in case anyone wants to look at it with a hex editor or try to disassemble it.

AttachmentSize
OPTROMG.ROM24 KB

Comments

I know this is a strange

I know this is a strange question because most people want to get rid of Computrace which works incredibly well by the way. I have a machine that was left for repair in my store and the owner never came back to pick it up or call 2 years ago- my store is now closed its a Dell D630 and I WANT to activate Computrace and pay for it BUT the previous owners have it disabled (permanently) what is the point of being able to disable it permanently ? Does that mean I can never enable it via the BIOS and only have it running on the HD (I like the BIOS option as I can have a bios password too) So CAN I ENABLE THE DISABLED COMPUTRACE

For those people that think COMPUTRACE does not work - IT DOES !!
Back in 2001 I bought a used machine with Computrace on it - I had no idea about it and never heard of it - I formated the laptop and sold it to my friend for $100 more than I paid. They logged on to the internet at home and a day later the cops came to their house with a search warrant !! Turns out the machine was stollen. My friend called to tell me what happened and that she told them she bought it from me, they were not charged. 3 months later the cops came to see me and charged me, I went to court the charges were droped but the laywer cost 3 grand !! At the time (and I still do) I ran a computer buisiness and had no idea it was stollen, I deal with so many used computers through the years BUT after I learnt about Computrace I recomended it to every buisiness I dealt with. One of those buisiness later had it's laptops stollen and recovered by Computrace back in 2002 - laptops were not cheap then. I think this program is great, the average thief or person buying a stollen laptop certainly does not have the savy or know how to remove it or own a HEX editor (program) !!

The point of the article

The point of the article isn't that the software doesn't work. It's that the design is flawed. Due to a lack of strong authentication and the ease of configuration changes, it's a gaping security hole. The design needs to be fixed or the software will continue be a serious security issue. The thing that it does well is also the very thing that can be exploited so easily.

I bought a Dell 1720 at the

I bought a Dell 1720 at the flea market great deal on it, I explained this to a friend and he mentioned the lojack thang. I turned on computer it had someones name still on it, so I booted it up from Bios and went to security and it says it was active, does this come installed like this? I did read unless the person who bought this activated it then it won't work. From what i've read I'm screwed and should have never bought it should have known. I know you can't delete it but can you disable, someone mentioned buying new mother board from manufacturer that dell gets it from and it wont be on it, any suggestions??

Re: From what i've read I'm

Re: From what i've read I'm screwed and should have never bought it should have known.

You suspected, yet....

RE: I know you can't delete it but can you disable, someone mentioned buying new mother board from manufacturer that dell gets it from and it wont be on it

So, knowing the laptop might be stolen you want to disable the countermeasures.

So, how does it feel to be a thief and a criminal anyways?

honestly if i was a computer

honestly if i was a computer hacker i would love it if all laptops come with lojack. If they all had lojack then all i have to do is break into computraces servers and BAM!!!! i can take pictures of everyone who has lojack. I may even be able to get some good nude shots too. What would be even better is if i could make it function like a backdoor and steal all your information. Even better i could just get a job working for computrace get fired and have all the access information to your specific computer.

Translation:
you're dumb. the same software you think is helping you can be turned on you very easily.

Thus far i have been able to remove the hidden partition lojack creates on the hard drive, but i believe flashing the bios is the only way to remove it from the whole system.

how does it feel to be self

how does it feel to be self righteous and judgemental anyways?

Sounds like you already

Sounds like you already know.

so if computrace is set to

so if computrace is set to disable can they still see my laptop

How do we know if computrace

How do we know if computrace is active? If rpcnet.exe is running in the task list does that mean its is activly being monitored?

My son is in college and

My son is in college and bought a dell xps 1330. He said he wanted to pay for because I wouldn't spring the extra money for gamer capabilities on a "college" computer. Anyway, he stopped making payments and the computer started having problems. I tried to fix it for him when he came home on break. I don't get the "run" option in the start window. I wanted to check his registry for errors but now I can't. Also when I go into BIOS I cannot change the boot order to allow me to reload Vista. I was reading some of the posts about computer trace programs and was wondering---did Dell remotely disable his computer due to lack of payment? I mean they can control it remotely. I don't want responses that that say "well he should have paid for it and it wouldn't have happened" That's his bag, so don't lecture me. My concern is - if they can do that, then they can do pretty much anything remotely' can't they. I have a laptop also and always assumed it was private. I'm not big on conspiracy theories, but I do know that some rights can be infringed upon without leaving a trace of who infringed. If you can answer -- please do.

Yes, this is real. Sounds

Yes, this is real. Sounds like a tin foil hat thing for conspiracy theorists, but technically everything is a theory before it's proven. This is starting to become wide spread. Manufactures are calling it a "Kill-Pill" and its installed in many newer-ish laptops to turn them off if you miss a payment (or if you make a contract with an isp when you buy it and cancel it etc).

Google "Kill Pill" and see for yourself. This is a huge violation of privacy in my opinion, because even if you did make 100% of the payments, then its YOUR laptop, but they somehow believe its still necessary to have this on there controlling your expensive computer, that again, is YOURS not theirs. here's one of many articles: http://www.geekwithlaptop.com/computer-kill-pill-invented

the whole 'kill pill' theory

the whole 'kill pill' theory falls apart when you consider that some people may never connect the computer to the internet.

i've identified rpcnet.exe on my hp 2133 and to be honest i'm all for it. If my laptop gets nicked (which I doubt it will but anyway) that provides a better chance of getting it back. I have nothing on my computer to hide anyway and if I found someone snooping around inside it (yeah right, who the hell is interested anyway?!) I'd probably stop and say hi!

Naah. Sounds more like a

Naah.

Sounds more like a virus/spyware issue. They often disable things like Run/Task Manager, etc.

The boot-order in BIOS however you should be able to change. Make sure you are using the correct keys to alter the values.

Also, some BIOSes have a "read-only" feature, if you only enter the "startup" BIOS-password, instead of the "system" BIOS-password. Can you change any values whatsoever? If not, you are probably using the wrong password.

In Vista, they replaced the

In Vista, they replaced the run option with a search window, which is just above start when you click on the start menu. I was a little confused also. I just typed run in the help window and that's the explanation that I got. As for disabling it remotely, anything is possible today.

actually that is untrue

actually that is untrue about the Run Command

Right Click Start Button

Properties

Start Menu Tab

Cutomize

click the checkbox to show the Run command

Or hit Window key + R

Or hit Window key + R

I BOUGHT A LAPTOP FROM A

I BOUGHT A LAPTOP FROM A PERSON I DONT KNOW AND NOW I CAME TO KNOW THERE IS A THING CALLED COMPUTRACE AND I DONT LIKE JAILS :) .CAN ANY ONE EXPLAIN IN SIMPLE STEPS HOW TO DETERMINE IF A LAPTOP HAS LOWJACK INSTALLED ON IT AND IF IT IS ON THERE, HOW DO DISABLE IT STEP BY STEP. PLEASE HELP

RAJA

go to start run msconfig in

go to start run msconfig in services check the box at the botom for microsoft then check if you have absolute solutions in there if so you have a lojac program running

how do find out if it has

how do find out if it has lojack

Hello. I have Levono

Hello. I have Levono ThinkPad X61 notebook I bought off of Craigslist.
It has computrace installed and i've been reading all these posts and nothing seems to work for me.

I ONLY have rpcnetp.exe and rpcnetp.dll.
the other two are not in my System32 folder or anywhere else i know of.
i cannot delete, modify, change these files.
i believe it lets me move them, but obviously on a restart the files reappear.

rpcnetp.exe is also the only process running.

i tried updating the BIOS, and then when i went back to the BIOS it still warns me that Computrace is installed.

So my question is, how do I remove/disable this permanently?
also will just ending the process every time i turn my laptop one prevent computrace from working?

Let me first say, that I an

Let me first say, that I an a network adminstrator, and I have deployed Computrace to over 150 Lenovo T60/61 laptops and have been working with it for over 2 years now.

Computrace doesn't do anything until the laptop makes a connection to the internet. Once it does, it reports EVERYTHING ABOUT YOUR LAPTOP back to the main database at Absolute (they make Computrace). It does a full asset scan of your laptop, and keeps on record everything, including the IP address of all network cards. IF someone reports this laptop stolen, I can assure you that the police WILL come to your house. I have had to report a few of these stolen, and it WORKS. The company guarantees that they will recover the laptop within a certain time span or you'll get your money back.

So you can do all you to try to remove the software from your laptop, (stop services, delete files, format and re-install OS, but nothing will work, because it is embedded into the BIOS. Actually, there is one way, get a new motherboard. But still then, Computrace will still know the location of the laptop because of the last time it reported.

Oh also, I can send a remote command to any one of the laptops that report to Computrace to wipe the hard drive, and evertime the machine turns on, it will format the hard drive. No joke! It's cool as hell!!

Well, just my 2 cents!

That sounds scary. It is no

That sounds scary. It is no joke, but not cool. So one day, once someone hack their server, all laptop on earth with lojack will be formatted. And it'll be as cold as hell. just my 2 cents and paranoia.

Well actualy that's not

Well actualy that's not entirely true...........
Hirens boot cd saves one from having to hunt all over the internet for the needed tools.....
One must erase the host protected area (HPA) of the hardrive - many tools do that. Then one simply uses a bios-editor to "repack" the bios.

I'v had a lot of people who buy laptops at flea markets or "whatever" and I'v done it many times in a few minutes. Demonstrated it to a computrace employee at a party and he had to reinstall it again on his machine to his disbelief. All in all most theives just turn it on, go to the internet and get busted - so it is a good program though

One more easy way to stop

One more easy way to stop Computrace activity for Win XP with NTFS file system users. SOrry for my English, and some wordings may differ as I'm using non-English version of XP but I'll try to explain...You just need to go to system32 folder, locate rpcnetp.exe, rpcnetp.dll, agremove.exe (if exists) and remove permissions for these files. BIOS Computrace program does not rewrite these files once OS boots. So, right click on properties of each file, open Security tab, remove all groups/users/permissions from the list by clicking on Advanced button below, then untick "Inherit from parent blah blah.." which is under permission list on the Permission tab thus clearing this list. Click Yes to close the pop-up warning that says something like "Nobody will be permitted to have an access to this file...". So, finally these files will remain in system32 folder but will have no groups/users and no permissions to access to and rpcnetp service will not start any more. It worked fine for me and I'm no longer notified by my antivirus about this.

now what, come to find out

now what, come to find out that i bought a stolen t60 lenovo from craiglist. im a going to get arested?

how did you find out you

how did you find out you have a stolen laptop. Does something pop up saying its stolen. From my understanding all lenovo t60 come with the software installed in the bios but its only good if you pay for the service.

I hope you didnt get

I hope you didnt get arrested

are you in nebraska?

are you in nebraska?

why?:-D

why?:-D

I read all the comments

I read all the comments because I also have the Computrace
agent embedded in BIOS of my Lenovo 3000 N200, which is normally
set to Disable, but every now and then it changes to Enabled,
and becomes active WITHOUT any obvious reason. Since I dont need
that software, never bought it, dont use it and dont want it,
I wrote to Computrace for a solution. Since I never got an answer
from them, and concluded that they are a bunch of liars, stating
on their web site:
"The BIOS agent remains in a dormant state until our LoJack for
Laptops software is installed on the hard drive."
Ha ha "dormant", they should lookup the meaning of that word...

So I decided to remove the obtrusive trojan soft myself.
I found a method that is much simpler and equally effective,
because the complete set of files (the 4 mentioned here)
rpcnet.exe rpcnetp.exe rpcnet.dll rpcnetp.dll are
deleted before they can execute the rpcnet service and start
sending data to Computace servers.

First I discovered how their agent in BIOS creates the 4 files
in Win\System32 folder, starts rpcnet service, communicates
with their server, stops the rpcnet service, and removes
the 4 files from System32 folder. To do that a 5th file
is created, which to my surprise nobody mentioned. This
file is Agremove.exe. Sometimes this file remains in System32
folder, and sometimes it is also removed. To capture that
file is the key to the solution that I am using. Simply copy
the file to Windows folder from where it will not be removed
by Comutrace proces and run it at every boot from startup.

I run it from: (line in registry)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Agremove"="C:\\Windows\\agremove.exe"
but it can be simply run from Startup folder in Programs menu.
Run from any of those places it will erase all files created
by Coputrace agent in BIOS before they become active. The rpcnet
service does not even start.

The file agremove.exe is 44.544 bytes long, and it runs once
does it job and shuts down, so it is not resident.

From properties of Agremove.exe:
Product name: agremove
Product version: 0, 0, 0, 0
Company name: Absolute Software Corp.
File description: agremove.exe
File version: 0, 0, 0, 0
Internal name: agremove.exe
Legal copyright: Copyright (c) 2005 Absolute Software Corp.
Legal trademarks:
Original filename: agremove.exe
Language: Language Neutral
Comments: Installation/Management Application

If any of you need this file for testing purposes, and cannot
capture it youself, I can upload it to any share service....

GREAT JOB THE COMPUTRACE DID WITH THEIR ANTI THEFT SOFTWARE,
THAT CAN EASILY DISABLE ITSELF :-D

Kef

cmon guys, did you stop to

cmon guys, did you stop to think that maybe this guy is sending you a virus. why is he the only person that ever mentions the file. im not saying its a virus, but do some research before you give away your email and download a random file...

hi kef, can you send me a

hi kef, can you send me a copy of Agremove.exe. to my email.

ttauala@msn.com

thanks
@

So i Have a question. I dont

So i Have a question.
I dont see computrace in my bios. but there is somethign call tmp
under securty. would it be a good idea to run that Agremove.exe
just to be safe. as far as i know computrace is not in the hard drive either.

yeah if you could post it up

yeah if you could post it up somewhere, because i apparently can't catch up to it.

I purchased a used Mac

I purchased a used Mac laptop. How do I check to see if Computrace lojack is on it or not? Does anyone know what are the file names of Computrace program for a Mac and where these files are located? J. Locust

This is very disturbing to

This is very disturbing to have such software in the new laptop. I prefer those standalone ones.

Will a firewall prevent

Will a firewall prevent computrace from contacting home base?

Does anybody have solution

Does anybody have solution to remove Computrace NOW?
I have C300 200 i cant open bios Rom with cbrom.

How do I check if my Mac has

How do I check if my Mac has Computrace Lojack installed? Does anybody know what are the file names of the Computrace program for a Mac and where are they located?

i have a vostro 1400 with

i have a vostro 1400 with computrace activated but do not see:

rpcnet.exe
rpcnetp.exe
rpcnet.dll
rpcnetp.dll

I saw a previous post with a similar question, but was never answered. Is it safe to assume my computer does not have Lojack or anything Computrace related? Is there a way to check, my BIOS does say that it is active.

So I purchased a xps with a

So I purchased a xps with a lo jack and honest to god even though im very much computer savvy i didnt bother to check if the laptop i purchased at craigslist would be stolen ( i know very stupid) i blame the price which the guy sold me for 1/4 of the original price which i guess blocked my senses, anyways i m stuck with this laptop. i want to turn it in but turning in wouldnt bring my money back and honestly i m a student money is very important to me and hard to make. but also i realise that almost impossible to break the lojack and even if i break it, it would make me feel guilty for now i know its stolen. if it turn it in what guarantee do i have that they will actually believe me and i cant really prove my story. so what should someone like me do.?

contact them they will pay

contact them they will pay for the shipping to send it back!

If you turn it in you are

If you turn it in you are being a good citizen in the eyes of the cops. If they track you down before you do that, then it will be game over. I am a cop in a southern state, and I can tell you that if you turn it in you won't be in trouble at all. But it will be too late once they come knocking on the door. I just cleared my first case on a guy that was caught by LoJack, he was QUITE computer savvy and even tried to find and disable the program. Needless to say when the cell door slammed shut he knew he didn't succeed. The bottom line is if you have stolen property, you can be charged with RECEIVING STOLEN PROPERTY, they don't have to prove you stole it. So knowing something is stolen and keeping it is just ASKING to get locked up. The money you save on the purchase of the laptop isn't going to be cost effective compared with the cost of your bail. Think it over. It's all nice in theory to sit here and talk about how you think you can disable the software, but from a law enforcement perspective I can tell you it is a LOT more persistent than you know and it does a whole lot more than you think it does.

ur safe because computrace

ur safe because computrace is not free u have to purchase their services if you go into ur bios you can find it under security you can disable it but like i said their not going to trace it unless they pay for the services and i think you have to pre order their services

how would you know that the

how would you know that the person lost his/her laptop don't have a paid computrace service? how would you know they didnt not called the computrace after they lost the laptop? as long as the software and the chip installed it can be traced anytime. if you think you got jacked becasue you bought a laptop with lojack return it or report it to proper administration so atleast you dont get in to trouble........hope everyone understand buying used expensive laptop for cheap could cost you BIG time....dnt doit

Hey I was wondering if this

Hey I was wondering if this lojack removal method works on a dell xps m1730. I want to use the mothod of replacing the rpcnet.exe, rpcnet.dll, rpcnetp.exe and rpcnetp.dll files with a 0kb read only file. Let me know if this is a good idea or not. Thanks much.

I have a m1730 that comes

I have a m1730 that comes with a 18 month version ov lojack for laptops. I check the site and see that everytime i boot it up it signals compuserve when a wireless network is available. Good luck trying to get around that. got about 18 months worth of waiting to do. I paid $3600 for this laptop and the day it gets stolen is the day I start notifying compuserve.

So if my computer does not

So if my computer does not have any of the 4 listed files, is it safe to assume my computer does not have Lojack or anything Computrace related?

Thanks!

WELL IF I WAS THESE PEOPLE I

WELL IF I WAS THESE PEOPLE I WOULD STOP MESSING ABOUT TRYING TO HACKING THE LAPTOP GET A LIFE AND STOP CAUSING STRAIN ON THESE FIRMS U WILL GET CAUGHT OUT AND WITHOUT THESE PEOPLE TRYING TO HACK THESE FIRMS WOULDNT BE RUNNING SO KEEP IT UP AS U WILL GET CAUGHT OUT AND SENT TO PRISON OR A FINE.?

REGARDS
PETER H

You sound like you work for

You sound like you work for these worthless idiots. It would be VERY expensive and difficult to convict someone. If I buy a latop and dont know its stolen, they cannot prove any ill intent and will NOT get a conviction... and it wouldnt get that far anyway. Ann if I buy a legit used computer, I have EVERY right to get rid of this crap! Computrace is a scam. It can be blocked/removed using many methods. Even if left in place, it doesnt work well.