Jump to content

GeoPap

Registered User
  • Posts

    4
  • Joined

  • Last visited

Profile Information

  • Location
    In the BIOS

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

GeoPap's Achievements

Curious Beginner

Curious Beginner (1/7)

0

Reputation

  1. Vulnerabilities? We are talking about a rootkit in the BIOS which has administrator access to install itself as a service on boot, and bypass all protections !!! This is not what we'd call a "vulnerability", this is outright crazy! The point is that a 3rd company and its employees have full remote access to millions of computers, without any protection. Its enabled by default and the "anti-theft" option in the BIOS is either a fake or for something else entirely. Claiming its an anti-theft feature is pretty silly really, nobody is paying those guys for such a service and legally they have no claim outside of the US. This has definitely nothing to do with a so called anti-theft technology. Am I the only one worried? Is there some guide which explains how to remove this part of the BIOS? It seems this guy managed to do it: http://www.freakyacres.com/remove_computrace_lojack Or if you could just make a single BIOS file just for me pretty please?
  2. Prema, I'm sorry but you find it normal that some unknown people behind some unknown company have FULL access to just about every laptop in the world? You don't find this scary or even worrying? The "Intel Anti-Theft technology" option in the BIOS has no effect on the rootkit. That was the first thing I looked, it was disabled when I got the laptop and its still disabled right now but the rootkit installs itself anyway and downloads remote content. So either this option is a fake, or its meant for something else. (yes I tried a full format and reinstall when I discovered the rootkit, its in the BIOS so no matter what it has to be removed from there first) Any ideas how to remove the part of the BIOS shown by the user H658tu, above? Any help would be appreciated. Thank you.
  3. First of all, thank you both for the quick replies. Unfortunately, the rootkit may appear as a feature for finding stolen laptops, but it seems this is only a cover. The BIOS has NO option to disable it and it runs no matter what. By "runs" I mean that it downloads a set of remote access applications that embed themselves in Windows and open a port of communication to a remote server. Reading several internet posts, I found the remote server to have full access to Compuetrace "enabled" laptops. In other words, some people in that company has full access to all laptops installed with this rootkit. This obviously has nothing to do with them being stolen. I would expect such a technology to be optional (can't be disabled, it was enabled by default), to be advertised by my supplier (my supplier knows nothing of it) and I would expect the rootkit to have a trigger (one the laptop was stolen and have internet access) to actually enable itself to download all sorts of remote access tools (it does so by default). Obviously I'd like this removed from my laptop and I'd expect others would like that as well. PS: You can check if your BIOS has installed this rootkit on your Windows by running the following command (replace C: drive with your own): dir c:\windows\rpcnetp*.* /s If you find files with that name (and some rpcnet.exe as well) then your BIOS and your Windows are both infected.
  4. Hello everyone, this is my first post so please be kind I own a Clevo W370ET laptop, which comes with BIOS 1.02.17. I run Linux due to my day job and everything is great. I had to re-install Windows 8 (dual-boot) for various reasons and I discovered that my newly installed Win8 came with a rootkit. After a lot of digging about various unknown processes "rpcnetp.exe" etc, I found that this is a BIOS rootkit created by a company named Computrace. The rootkit is executed by Windows 8 on boot with admin privileges and installed a service which uses a fake name that appears as a legitimate one "RPC net" (like RPC but added the "net" at the end). I also noticed that it downloads an executable under the user temp directory and installs another remote monitoring program (the executable is signed by a company called Macrovision). The bad news: this rootkit is impossible to remove unless I flash a new BIOS. The good news: it does not work under Linux (yet). Which is why I am here. I wanted to ask if your premamod BIOS is clear of the rootkit... or not. Thank you!
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.