does anyone know how I can get this big brother spyware crap off my dell studio xps 1340 laptop? I have receipt and bought it on a dell credit so i can prove to dell and absolute its mine but they are both unresponsive to emails and i would rather have anon medicated root canal than calling. I tried ending process every time i reboot on it but it regenerates itself. I cant disable it in the bios, it shows it but doesnt allow the option. i hate dell
Computrace absolute software
- Thread starter overbet
- Start date
-
- Tags
- Apps Dell Studio Xps Software
Solution
calmstateofmind
Distinguished
- Jul 2, 2009
- 292
- 0
- 19,010
Does the program not show up in the Control Panel under Install/Uninstall Programs? Or is it not listed on the Start Menu with the option of Uninstall?
If you're looking to just not have it start on boot up anymore you can run msconfig. Go to Start -> Run -> type "msconfig". Click the Startup tab and in that list you should be able to find the program you're trying to stop from running. Uncheck it and then restart the computer.
If you're looking to just not have it start on boot up anymore you can run msconfig. Go to Start -> Run -> type "msconfig". Click the Startup tab and in that list you should be able to find the program you're trying to stop from running. Uncheck it and then restart the computer.
no they installed it in the bios and it is self regenerating. If you end process on it through the task manager it will reboot your machine and repair itself. Dont know if live links are ok or not so change the xxx back to www. This crap is unbelievable that they can put un removable spyware on your computer without your permission.
http
/XXX.absolute.com/en/products/computrace/features.aspx
http
/XXX.absolute.com/en/products/computrace/features.aspx
Ijack
Distinguished
- Jul 30, 2008
- 1,035
- 0
- 20,360
It's anti-theft software that is installed on some Dell laptops. It's not something that Dell make any secrets about - rather, it's a selling point. If it could be uninstalled it wouldn't be much good at it's job so it is (AFAIK) irremovable.
As far as I'm concerned you research the specifications before spending hundreds of pounds (or dollars) on a PC. If there's something about it that you don't like, there are plenty of other manufacturers and models to choose from.
As far as I'm concerned you research the specifications before spending hundreds of pounds (or dollars) on a PC. If there's something about it that you don't like, there are plenty of other manufacturers and models to choose from.
Ijack
Distinguished
- Jul 30, 2008
- 1,035
- 0
- 20,360
I'm not sure it can be removed once it's been activated (unless reflashing the BIOS would do the trick - and it might even prevent that). Since they offer $1000 if your PC can't be traced somebody must be pretty confident. There are a few more details about it in this Wikeipedia article where it's referred to as LoJack for Laptops (LoJack - get it! With my username I particularly like it.)
As I say, for it to work properly it's got to be irremovable (or as near as dammit so).
As I say, for it to work properly it's got to be irremovable (or as near as dammit so).
It is gone and I am shocked people arent outraged this crap is on their machines.
Subject: second removal request
Please do not continue to fail to respond to my email request. If I do not get a response to this request I will cc the top executives at your company as well as any other person or organization I deem fit from laptop suppliers to privacy rights organizations that you may not want attention from. I will also post regularly on every laptop review forum about the big brother nature of the lojack programs and inform everyone who cares to read what they are trading in exchange for this laptop theft recovery software that is on their computer no matter what but only functions to their benefit if they pay for it. You see I am certain this will alter the buying habits of many if they are aware that #1. itis possible their activity could be monitored and recorded constantly and # 2. The factory is putting software on their computers that is the definition of spyware that they have to pay additional money to benefit from and it can not be removed by them like the other bundled software manufactures put on machines (more commonly referred to bloatware that people deliberately try to avoid). As a courtesy I have refrained from including a copy of this email request to anyone outside of your company but if this request is ignored as my last one was I will take further action. I would like to know how to remove your spyware from my computer. I do not want this spyware on my machine and I refuse to be ignored. Here are a few email addresses I was able to find with 3 minutes of effort:
brad_anderson@dell.com, jeffrey_clarke@dell.com, brian_gladden@dell.com, steve_price@dell.com, ronald_rose@dell.com, karen_quintos@dell.com, david_johnson@dell.com, stephen_felice@dell.com, Clarence_Worthington@acer.com, Gregg_Prendergast@acer.com, Lenny_Pollak@acer.com, Joe_Castillo@acer.com, Richard_Black@acer.com, ming_wang@acer.com, mark_hill@acer.com, Rudi_Schmidleithner@acer.com, alison_williams@acer.com, Mark_Groveunder@acer.com, Terry_Tomecek@acer.com, customer_support@tacp.com, http/www.privacyrights.org/contact/Beth+Givens, http/www.privacyrights.org/contact/Paul+Stephens, epic-info@epic.org, infoaclu@aclu.org, comments@cauce.org, cme@cme.org, cpsr-info@cpsr.org, cyperpunks-ftp@csua.berkely.edu, gilc@gilc.org., coalition@privacy.org., privacyint@privacy.org, http/www.privacy@rights.org/, http/www.pirg.org/
http/epic.org/privacy/privacy_resources_faq.html
Hello Jason,
Thank you for contacting Absolute Software.
I wasn’t able to find an account associated with your name or email address, so there shouldn’t be any of our software set up on your computer which is collecting any sort of data. To confirm this (as it may be registered under a different name or email address), I could do a search by your serial number or Service Tag (if it is a Dell computer) if you wouldn’t mind providing it.
Having said this, I’m not clear on why you feel that our software is on your computer. To clarify, ‘Computrace’, which is basically the technology at the core of our products, may be built into the motherboard by the computer manufacturer as they are putting the computer together. All this means is that the computer has the technical ability to make full use of our software, should it be installed and registered on the computer. Without the installation, however, this technology will simply sit dormant on the machine as there will be nothing on the computer to make use of it. The software will still need to be installed and registered by the customer after they receive the computer (installation requires acceptance of a service agreement, which the computer manufacturer cannot do on behalf of the customer).
An additional point of clarification I’d like to add is that even if a customer has our software installed, we do not monitor or track a user’s ‘activities’ on their computer. This requires the downloading additional forensic tools, which is only done after a theft report is taken and an active investigation involving the police is commenced.
If you have another reason for thinking our software is on your machine (there could be unique circumstances which has resulted in this scenario), please provide additional info and I’ll do my best to look into it.
Regards,
I seen it in my Bios and there are several RPC processes running in the background which I can not end. My service tag is xxxxxxxx.
"An additional point of clarification I’d like to add is that even if a customer has our software installed, we do not monitor or track a user’s ‘activities’ on their computer."
Irrelevant, the capability to do so is intrusive and unacceptable! I would never willingly agree to have something like this on my personal property that could not be removed by me. Given this software is so advanced perhaps it could have a PIN assigned with a disclaimer to the end user that it voids liability if it is used.
Hello Jason,
Thanks for your response.
In looking at your Service Tag, it looks like Dell either accidentally activated the Computrace agent on your machine before sending it out, or may have sent you a machine that was originally meant for a customer who wanted Computrace. This resulted in an agent on your computer trying to reach our monitoring center (which explains the rpcnet.exe process), but not being associated with any account.
From our end, we have sent a command for the agent on your computer to remove itself on the next call to us (should be next time the computer connects to the internet). While we can’t remove the technology built into the BIOS (BIOS will still list ‘Computrace’), with no agent active on the computer you will not see a running process from us nor will the computer have any connections with our monitoring center.
For details on how the agent was activated on your computer, Dell may be able to provide more information as it was done completely outside the control of Absolute Software.
If there’s something else I can clarify or assist with, please let me know.
Regards,
Subject: second removal request
Please do not continue to fail to respond to my email request. If I do not get a response to this request I will cc the top executives at your company as well as any other person or organization I deem fit from laptop suppliers to privacy rights organizations that you may not want attention from. I will also post regularly on every laptop review forum about the big brother nature of the lojack programs and inform everyone who cares to read what they are trading in exchange for this laptop theft recovery software that is on their computer no matter what but only functions to their benefit if they pay for it. You see I am certain this will alter the buying habits of many if they are aware that #1. itis possible their activity could be monitored and recorded constantly and # 2. The factory is putting software on their computers that is the definition of spyware that they have to pay additional money to benefit from and it can not be removed by them like the other bundled software manufactures put on machines (more commonly referred to bloatware that people deliberately try to avoid). As a courtesy I have refrained from including a copy of this email request to anyone outside of your company but if this request is ignored as my last one was I will take further action. I would like to know how to remove your spyware from my computer. I do not want this spyware on my machine and I refuse to be ignored. Here are a few email addresses I was able to find with 3 minutes of effort:
brad_anderson@dell.com, jeffrey_clarke@dell.com, brian_gladden@dell.com, steve_price@dell.com, ronald_rose@dell.com, karen_quintos@dell.com, david_johnson@dell.com, stephen_felice@dell.com, Clarence_Worthington@acer.com, Gregg_Prendergast@acer.com, Lenny_Pollak@acer.com, Joe_Castillo@acer.com, Richard_Black@acer.com, ming_wang@acer.com, mark_hill@acer.com, Rudi_Schmidleithner@acer.com, alison_williams@acer.com, Mark_Groveunder@acer.com, Terry_Tomecek@acer.com, customer_support@tacp.com, http
/www.privacyrights.org/contact/Beth+Givens, http/www.privacyrights.org/contact/Paul+Stephens, epic-info@epic.org, infoaclu@aclu.org, comments@cauce.org, cme@cme.org, cpsr-info@cpsr.org, cyperpunks-ftp@csua.berkely.edu, gilc@gilc.org., coalition@privacy.org., privacyint@privacy.org, http/www.privacy@rights.org/, http/www.pirg.org/http
/epic.org/privacy/privacy_resources_faq.htmlHello Jason,
Thank you for contacting Absolute Software.
I wasn’t able to find an account associated with your name or email address, so there shouldn’t be any of our software set up on your computer which is collecting any sort of data. To confirm this (as it may be registered under a different name or email address), I could do a search by your serial number or Service Tag (if it is a Dell computer) if you wouldn’t mind providing it.
Having said this, I’m not clear on why you feel that our software is on your computer. To clarify, ‘Computrace’, which is basically the technology at the core of our products, may be built into the motherboard by the computer manufacturer as they are putting the computer together. All this means is that the computer has the technical ability to make full use of our software, should it be installed and registered on the computer. Without the installation, however, this technology will simply sit dormant on the machine as there will be nothing on the computer to make use of it. The software will still need to be installed and registered by the customer after they receive the computer (installation requires acceptance of a service agreement, which the computer manufacturer cannot do on behalf of the customer).
An additional point of clarification I’d like to add is that even if a customer has our software installed, we do not monitor or track a user’s ‘activities’ on their computer. This requires the downloading additional forensic tools, which is only done after a theft report is taken and an active investigation involving the police is commenced.
If you have another reason for thinking our software is on your machine (there could be unique circumstances which has resulted in this scenario), please provide additional info and I’ll do my best to look into it.
Regards,
I seen it in my Bios and there are several RPC processes running in the background which I can not end. My service tag is xxxxxxxx.
"An additional point of clarification I’d like to add is that even if a customer has our software installed, we do not monitor or track a user’s ‘activities’ on their computer."
Irrelevant, the capability to do so is intrusive and unacceptable! I would never willingly agree to have something like this on my personal property that could not be removed by me. Given this software is so advanced perhaps it could have a PIN assigned with a disclaimer to the end user that it voids liability if it is used.
Hello Jason,
Thanks for your response.
In looking at your Service Tag, it looks like Dell either accidentally activated the Computrace agent on your machine before sending it out, or may have sent you a machine that was originally meant for a customer who wanted Computrace. This resulted in an agent on your computer trying to reach our monitoring center (which explains the rpcnet.exe process), but not being associated with any account.
From our end, we have sent a command for the agent on your computer to remove itself on the next call to us (should be next time the computer connects to the internet). While we can’t remove the technology built into the BIOS (BIOS will still list ‘Computrace’), with no agent active on the computer you will not see a running process from us nor will the computer have any connections with our monitoring center.
For details on how the agent was activated on your computer, Dell may be able to provide more information as it was done completely outside the control of Absolute Software.
If there’s something else I can clarify or assist with, please let me know.
Regards,
anonymous_02
Distinguished
- Mar 27, 2011
- 3
- 0
- 18,520
I have a new laptop, and never paid for a subscription. I didn't even know I had their damned spyware installed in my BIOS (or in whatever other piece of hardware it is). I've never even been invited to subscribe. Yet my firewall one fine day warned me that rpcnet.exe was trying to access the net. I googled it, and that's how I know what it is.
DON'T BELIEVE THEM IF THEY SAY IT "LIES DORMANT" UNTIL ACTIVATED WITH A SUBSCRIPTION. I personally caught it talking to them.
DON'T BELIEVE THEM WHEN THEY SAY THEY HAVE DEACTIVATED IT.
Think about it:
1) They've already stolen from you. Computer manufacturers pay them for this "enhancement" -- or at least somebody does. Obviously the cost gets passed onto the consumer who buys the laptop. And you were never informed it was there, so they MADE you buy it without your consent. That's fraud. Even if you weren't paying for it, they are giving you something dangerous to your right to privacy, and without your consent, or even knowledge. That's criminal deception.
2) This stuff is installed in BIOS, and maybe even in the motherboard. They can't uninstall anything unless they come to your house and do it manually. So obviously they're lying when they say they can. They just want to get you off their back. They may actually deactivate it, but if they can, then they can also reactivate it -- or maybe some hacker can. The only assurance you have that they won't access your computer without your permission is their own word. How much is the word of a thief and liar worth, hey?
This firmware/hardware trojan can do a HELL of a lot of things you don't want anyone but yourself to be able to do (that is, if you have any common sense and knowledge of human nature). It can physically locate the comp by triangulation, monitor all your activities, erase all or part of your hard disk to U.S. government security standards, and God knows what else. Those things are only what the company ADMITS to on its own website.
If a hacker knows what he's doing, he can actually USE their spyware to steal any information he wants off your computer, probably without you even being aware of it.
Which liars and thieves do you want to trust, the ones at Absolute or the ones in the street?
Answer: Neither. But I'd feel a lot more comfortable if the thief in the street gets my comp. Chances are pretty good he won't be as computer literate as the "friendly" professionals at Absolute Sukware.
I've already spent over one entire working day trying to find a reliable and permanent way to get their poison out of my system, and I'm not nearly done yet. I'm faced with tampering with the BIOS or worse. These people need to be sued right out of their scam business.
Check out these links, and get pissed, and keep making noise to these axhole manufacturers who permit this stuff to be installed without your consent:
From their website:
http/www.absolute.com/en/lojackforlaptops/technology.aspx The technology behind Absolute Software’s products is the Computrace Agent, a small software client that is embedded into the BIOS firmware of most computers at the factory. Or you can easily install yourself.
The Agent in your computer maintains daily contact with the Absolute Monitoring Center. If you report your computer stolen, Agent contact will increase to every 15 minutes. Increased contact allows us to obtain specific details like the physical location of your computer, any activity that has occurred post-theft, and other important data that will aid us in working with local law enforcement to catch the thief and return your property to you. Regardless of recovery status, you can remotely delete data to remove some or all of the information stored on your computer. It uses GPS or Wi-Fi to map your laptop’s current and past locations.
[Any activity? Other important data? Remote delete? And past locations? That’s pretty damned wide open!]
This http/www.absolute.com/en/partners/bios-compatibility.aspx lists all manufactures that install it in the BIOS.
http/www.absolute.com/Shared/FAQs/L4L-FAQ-E.sflb.ashx says Flashing the BIOS will not remove it. Computrace works through firewalls. Apparently it does not work through dial-up, and the software must indeed be installed to get recovery services – but of course all that means is that you must pay if YOU want any advantage from the BIOS installation. Meanwhile THEY still have access to your computer through the BIOS, if they want it, regardless – though of course they won’t tell you that). "(Upon theft notification) increased contact will allow the Absolute Theft Recovery Team to forensically mine your computer using a variety of procedures including key captures, registry and file scanning, geolocation, and other investigative techniques to determine who has your computer and what they’re doing with it."
I was able to neutralize it, I think, with the info found here: http/www.freakyacres.com/remove_computrace_lojack#comment-1704
I simply removed permissions for the files to run.
I won't be comfortable though until I get it out of the BIOS (or hardware if present), but as a stopgap measure it's better than nothing. These people should be sued!
DON'T BELIEVE THEM IF THEY SAY IT "LIES DORMANT" UNTIL ACTIVATED WITH A SUBSCRIPTION. I personally caught it talking to them.
DON'T BELIEVE THEM WHEN THEY SAY THEY HAVE DEACTIVATED IT.
Think about it:
1) They've already stolen from you. Computer manufacturers pay them for this "enhancement" -- or at least somebody does. Obviously the cost gets passed onto the consumer who buys the laptop. And you were never informed it was there, so they MADE you buy it without your consent. That's fraud. Even if you weren't paying for it, they are giving you something dangerous to your right to privacy, and without your consent, or even knowledge. That's criminal deception.
2) This stuff is installed in BIOS, and maybe even in the motherboard. They can't uninstall anything unless they come to your house and do it manually. So obviously they're lying when they say they can. They just want to get you off their back. They may actually deactivate it, but if they can, then they can also reactivate it -- or maybe some hacker can. The only assurance you have that they won't access your computer without your permission is their own word. How much is the word of a thief and liar worth, hey?
This firmware/hardware trojan can do a HELL of a lot of things you don't want anyone but yourself to be able to do (that is, if you have any common sense and knowledge of human nature). It can physically locate the comp by triangulation, monitor all your activities, erase all or part of your hard disk to U.S. government security standards, and God knows what else. Those things are only what the company ADMITS to on its own website.
If a hacker knows what he's doing, he can actually USE their spyware to steal any information he wants off your computer, probably without you even being aware of it.
Which liars and thieves do you want to trust, the ones at Absolute or the ones in the street?
Answer: Neither. But I'd feel a lot more comfortable if the thief in the street gets my comp. Chances are pretty good he won't be as computer literate as the "friendly" professionals at Absolute Sukware.
I've already spent over one entire working day trying to find a reliable and permanent way to get their poison out of my system, and I'm not nearly done yet. I'm faced with tampering with the BIOS or worse. These people need to be sued right out of their scam business.
Check out these links, and get pissed, and keep making noise to these axhole manufacturers who permit this stuff to be installed without your consent:
From their website:
http
/www.absolute.com/en/lojackforlaptops/technology.aspx The technology behind Absolute Software’s products is the Computrace Agent, a small software client that is embedded into the BIOS firmware of most computers at the factory. Or you can easily install yourself.The Agent in your computer maintains daily contact with the Absolute Monitoring Center. If you report your computer stolen, Agent contact will increase to every 15 minutes. Increased contact allows us to obtain specific details like the physical location of your computer, any activity that has occurred post-theft, and other important data that will aid us in working with local law enforcement to catch the thief and return your property to you. Regardless of recovery status, you can remotely delete data to remove some or all of the information stored on your computer. It uses GPS or Wi-Fi to map your laptop’s current and past locations.
[Any activity? Other important data? Remote delete? And past locations? That’s pretty damned wide open!]
This http
/www.absolute.com/en/partners/bios-compatibility.aspx lists all manufactures that install it in the BIOS.http
/www.absolute.com/Shared/FAQs/L4L-FAQ-E.sflb.ashx says Flashing the BIOS will not remove it. Computrace works through firewalls. Apparently it does not work through dial-up, and the software must indeed be installed to get recovery services – but of course all that means is that you must pay if YOU want any advantage from the BIOS installation. Meanwhile THEY still have access to your computer through the BIOS, if they want it, regardless – though of course they won’t tell you that). "(Upon theft notification) increased contact will allow the Absolute Theft Recovery Team to forensically mine your computer using a variety of procedures including key captures, registry and file scanning, geolocation, and other investigative techniques to determine who has your computer and what they’re doing with it."I was able to neutralize it, I think, with the info found here: http
/www.freakyacres.com/remove_computrace_lojack#comment-1704I simply removed permissions for the files to run.
I won't be comfortable though until I get it out of the BIOS (or hardware if present), but as a stopgap measure it's better than nothing. These people should be sued!
Anon, I agree with you 100%. I seen the website freakyaces but didnt see any way that worked for me to stop it. I have been keeping firewall up and have not been alerted to it trying to run. It has not shown up in the processes either but it is still in the bios. I am in the process of shopping for a new computer and I have specifically asked that computrace not be imbedded in the bios. If you know an attorney who wants to take the case I will sign up and help get others to sign up. It is an invasion of privacy.
anonymous_02
Distinguished
- Mar 27, 2011
- 3
- 0
- 18,520
I think the fact that my firewall caught it was just a fluke. I had my computer for a couple of months before that happened. Maybe rpcnet.exe was looking for an update, and is not able to bypass the firewall for this particular function? I'll bet that the stock Windows firewall would never see it. Absolute probably has talked M$oft into programming it to ignore.
I did find out that Absolute has made deals with three (thankfully only three) anti-vi companies so that their anti-vi programs won't catch it. So they are constantly trying to improve its stealth factor. In any case, though I've set my firewall to remember to deny rpcnet.exe access, I'm not confident this will really stop it.
The thing that really ticks me off about this is the patronizing, "we know better than you what's good for you" attitude behind this.
Think about it:
With this attitude you can justify anything. "Well, of course we don't normally spy on our legitimate clients or the general public, but now in THIS case..."
Almost as annoying is that it's unnecessary. Why don't the computer manufacturers offer this as an OPTION, in an upfront and transparent manner? They could even in that case install Computrace somewhere deep in the hardware, to make it even harder for the less savvy thief to defeat. Those stupid enough to give up their security and privacy to this company rather than to other thieves would have no problem with this, and those of us who take our USRDA of street smarts wouldn't be imposed upon by being forced to hack their arrogant ***** out of our system.
I know there are some practical problems with making it an option, but that's their problem. The one thing certain is that not making it an option is not an option.
My next step is to call the computer company that sold me mine, complain, and demand a solution. If they refer me to Absolute, I'll kindly explain why that company Absolutely can't be trusted to give me a real solution. If the manufacturer can't give me guaranteed clean BIOS code, or whatever else I need, I will have to work it out myself. In any case, after having done so, I will demand compensation for my time and hassle and expenses, if any. I will not demand a refund (even more time, hassle and expense getting a new computer and resetting up). If they refuse to compensate me, I will inform all my friends of this scam and their part in it, and their refusal to do me justice. The resulting damage to their business will even the score, I think.
As for Absolute Sukware, they don't even deserve the courtesy of being informed that I am already in process of doing everything I can to destroy them. They never told ME about their spyware, so why should I tell them anything?
I am not in a position to initiate a lawsuit. I'm working on a long term project with a deadline that will be very difficult to meet. In any case, I think a grassroots information movement is a better way to go. It's good to know there is someone out there willing to do something though. Let's keep spreading the word.
I will keep you posted on how things are going with trying to clean my computer. It may give you some ideas as to what to try. In case it helps, I'm using Win7 on a laptop bought early this year. I did do something that seems to have stopped Computrace, even though I'm not fully confident that it works or will be permanent. Here it is:
I tried what was suggested on Mon, 2008-11-17 02:10 at freakyacres. First of all I noted that a standard search through the Start menu did not reveal the files, even though I have the comp set to show hidden files. But a direct search of C drive did find
rpcnet.dll
rpcnetp.dll
rpcnetp.exe/system 32
rpcnet.exe/syswow64
rpcnetp.exe/syswow64
I right clicked the files and opened Properties. I clicked the Read Only box, then went to Security>Advanced>Change Permissions. I selected Include Inheritable Permissions, then opened Edit. When I tried to change permissions on these files to Deny, the Deny could be selected, but the default Allow remained checked, although grayed out. Windows did give a dialog box on applying that said “Deny entries take precedence over Allow entries. A user that is a member of 2 groups, one allowed, one denied, will be denied.” I denied all permissions for all the listed files, for System, Administrator and Users.
Permissions window for these files later showed System, Administrator and Users all both denied & allowed. Effective Permissions tab showed all boxes empty, but grayed.
When I closed Properties for these files, boxes came up “Error…access denied”. Reopening Properties>etc. showed permissions I had set were still in place, except that Read Only was now unchecked again. Apparently there’s no way to set these files as Read Only. I just closed out, then opened again to double check permissions.
When rechecking permissions for rpcnetp/sys32, additionally I found another User that hadn’t been there before, called Authenticated User. Very interesting. I set that to Deny as the others.
On reboot, rpcnet, rpcnetp and rpclocator show in Taskmanager, but as stopped, whereas before they were always running. So far so good.
Searched also for the file called agremove, but did not find it, even under similar names: Agremove & remove.exe.
On another reboot, found in Task Manager something running called igfxpers.exe, description: Persistence Module, and Services shows something called RpcSs (Remote Procedure Call), and RpcEptMapper (RPC Endpoint Mapper) running. These latter two I found out are basic system files, and have nothing directly to do with Computrace. You need them, so don’t mess with them.
In any case, Event Viewer in Administrative Events shows that rpcnet.exe and rpcnetp.exe failed to execute because “access is denied”. Moreover, the time stamp shows this happening right at start up, and not repeated later.
Event Viewer Windows Logs:
‘Applications’ shows no events for RPC (it does show friggin Google updater trying and failing to update every half hour – I recently uninstalled the Google toolbar. The people at Google are professional spies as well. Try searching the net under “google is evil”)
Security shows nothing.
System, at startup, shows that, immediately after my firewall starts we see: The Remote Procedure Call (RPC) Net service failed to start due to the following error: Access is denied., and The rpcnetp service failed to start due to the following error: Access is denied. Sometime later, the WLAN (net access) was started, so it seems that Computrace is stymied. By the time internet access is enabled, it’s already stopped, so it can’t talk to the criminals at Absolute. Yes!
However, all this was from a startup where WLAN startup had been reset to manual. This meant that WLAN did not start on startup, and I had to start it later manually. This is inconvenient, so I reset it to automatic, and checked startup logs again. Results were same as before, with one critical difference:
System, at startup, shows WLAN AutoConfig service has successfully started occurring before anti-vi starts, and sometime later, the firewall starting. Immediately after, we see: The Remote Procedure Call (RPC) Net service failed to start due to the following error: Access is denied., and The rpcnetp service failed to start due to the following error: Access is denied.
So, it seems possible that Computrace may have had enough time to communicate with the net, because it wasn’t stopped until after the WLAN was up and running. (It’s not likely, because we’re talking about a matter of seconds between time. Still…)
This means you have to set WLAN to manual in Services in Taskmanager (right click>Properties), and, after the computer has fully booted, manually start it in Services when you want to use wifi. Automatic start will result in at least the possibility that Computrace will at least reveal your computer’s location. It probably won’t be able to do anything else before being shutdown by the later denial of permission to run, but even that’s not certain. I still don’t like those greyed out Allow checkmarks in permissions for Computrace’s files.
Of course, if you’re not using wi-fi, you’ll be looking to make sure that whatever kind of internet connection you have is not starting until after rpcnet.exe and rpcnetp.exe are killed.
Here are a couple of tidbits:
http/www.mguhlin.org/2008/10/computrace-revisited.html
This confirms that Computrace does not work through a Linux OS. Straight from the CEO of Absolute. Looks like a good reason to get away from Windows, no?
http/www.zdnet.com/blog/security/absolute-software-downplays-bios-rootkit-claims/3936
This confirms that Computrace itself has security holes, and can be compromised by a hacker.
I did find out that Absolute has made deals with three (thankfully only three) anti-vi companies so that their anti-vi programs won't catch it. So they are constantly trying to improve its stealth factor. In any case, though I've set my firewall to remember to deny rpcnet.exe access, I'm not confident this will really stop it.
The thing that really ticks me off about this is the patronizing, "we know better than you what's good for you" attitude behind this.
Think about it:
With this attitude you can justify anything. "Well, of course we don't normally spy on our legitimate clients or the general public, but now in THIS case..."
Almost as annoying is that it's unnecessary. Why don't the computer manufacturers offer this as an OPTION, in an upfront and transparent manner? They could even in that case install Computrace somewhere deep in the hardware, to make it even harder for the less savvy thief to defeat. Those stupid enough to give up their security and privacy to this company rather than to other thieves would have no problem with this, and those of us who take our USRDA of street smarts wouldn't be imposed upon by being forced to hack their arrogant ***** out of our system.
I know there are some practical problems with making it an option, but that's their problem. The one thing certain is that not making it an option is not an option.
My next step is to call the computer company that sold me mine, complain, and demand a solution. If they refer me to Absolute, I'll kindly explain why that company Absolutely can't be trusted to give me a real solution. If the manufacturer can't give me guaranteed clean BIOS code, or whatever else I need, I will have to work it out myself. In any case, after having done so, I will demand compensation for my time and hassle and expenses, if any. I will not demand a refund (even more time, hassle and expense getting a new computer and resetting up). If they refuse to compensate me, I will inform all my friends of this scam and their part in it, and their refusal to do me justice. The resulting damage to their business will even the score, I think.
As for Absolute Sukware, they don't even deserve the courtesy of being informed that I am already in process of doing everything I can to destroy them. They never told ME about their spyware, so why should I tell them anything?
I am not in a position to initiate a lawsuit. I'm working on a long term project with a deadline that will be very difficult to meet. In any case, I think a grassroots information movement is a better way to go. It's good to know there is someone out there willing to do something though. Let's keep spreading the word.
I will keep you posted on how things are going with trying to clean my computer. It may give you some ideas as to what to try. In case it helps, I'm using Win7 on a laptop bought early this year. I did do something that seems to have stopped Computrace, even though I'm not fully confident that it works or will be permanent. Here it is:
I tried what was suggested on Mon, 2008-11-17 02:10 at freakyacres. First of all I noted that a standard search through the Start menu did not reveal the files, even though I have the comp set to show hidden files. But a direct search of C drive did find
rpcnet.dll
rpcnetp.dll
rpcnetp.exe/system 32
rpcnet.exe/syswow64
rpcnetp.exe/syswow64
I right clicked the files and opened Properties. I clicked the Read Only box, then went to Security>Advanced>Change Permissions. I selected Include Inheritable Permissions, then opened Edit. When I tried to change permissions on these files to Deny, the Deny could be selected, but the default Allow remained checked, although grayed out. Windows did give a dialog box on applying that said “Deny entries take precedence over Allow entries. A user that is a member of 2 groups, one allowed, one denied, will be denied.” I denied all permissions for all the listed files, for System, Administrator and Users.
Permissions window for these files later showed System, Administrator and Users all both denied & allowed. Effective Permissions tab showed all boxes empty, but grayed.
When I closed Properties for these files, boxes came up “Error…access denied”. Reopening Properties>etc. showed permissions I had set were still in place, except that Read Only was now unchecked again. Apparently there’s no way to set these files as Read Only. I just closed out, then opened again to double check permissions.
When rechecking permissions for rpcnetp/sys32, additionally I found another User that hadn’t been there before, called Authenticated User. Very interesting. I set that to Deny as the others.
On reboot, rpcnet, rpcnetp and rpclocator show in Taskmanager, but as stopped, whereas before they were always running. So far so good.
Searched also for the file called agremove, but did not find it, even under similar names: Agremove & remove.exe.
On another reboot, found in Task Manager something running called igfxpers.exe, description: Persistence Module, and Services shows something called RpcSs (Remote Procedure Call), and RpcEptMapper (RPC Endpoint Mapper) running. These latter two I found out are basic system files, and have nothing directly to do with Computrace. You need them, so don’t mess with them.
In any case, Event Viewer in Administrative Events shows that rpcnet.exe and rpcnetp.exe failed to execute because “access is denied”. Moreover, the time stamp shows this happening right at start up, and not repeated later.
Event Viewer Windows Logs:
‘Applications’ shows no events for RPC (it does show friggin Google updater trying and failing to update every half hour – I recently uninstalled the Google toolbar. The people at Google are professional spies as well. Try searching the net under “google is evil”)
Security shows nothing.
System, at startup, shows that, immediately after my firewall starts we see: The Remote Procedure Call (RPC) Net service failed to start due to the following error: Access is denied., and The rpcnetp service failed to start due to the following error: Access is denied. Sometime later, the WLAN (net access) was started, so it seems that Computrace is stymied. By the time internet access is enabled, it’s already stopped, so it can’t talk to the criminals at Absolute. Yes!
However, all this was from a startup where WLAN startup had been reset to manual. This meant that WLAN did not start on startup, and I had to start it later manually. This is inconvenient, so I reset it to automatic, and checked startup logs again. Results were same as before, with one critical difference:
System, at startup, shows WLAN AutoConfig service has successfully started occurring before anti-vi starts, and sometime later, the firewall starting. Immediately after, we see: The Remote Procedure Call (RPC) Net service failed to start due to the following error: Access is denied., and The rpcnetp service failed to start due to the following error: Access is denied.
So, it seems possible that Computrace may have had enough time to communicate with the net, because it wasn’t stopped until after the WLAN was up and running. (It’s not likely, because we’re talking about a matter of seconds between time. Still…)
This means you have to set WLAN to manual in Services in Taskmanager (right click>Properties), and, after the computer has fully booted, manually start it in Services when you want to use wifi. Automatic start will result in at least the possibility that Computrace will at least reveal your computer’s location. It probably won’t be able to do anything else before being shutdown by the later denial of permission to run, but even that’s not certain. I still don’t like those greyed out Allow checkmarks in permissions for Computrace’s files.
Of course, if you’re not using wi-fi, you’ll be looking to make sure that whatever kind of internet connection you have is not starting until after rpcnet.exe and rpcnetp.exe are killed.
Here are a couple of tidbits:
http
/www.mguhlin.org/2008/10/computrace-revisited.htmlThis confirms that Computrace does not work through a Linux OS. Straight from the CEO of Absolute. Looks like a good reason to get away from Windows, no?
http
/www.zdnet.com/blog/security/absolute-software-downplays-bios-rootkit-claims/3936This confirms that Computrace itself has security holes, and can be compromised by a hacker.
anonymous_02
Distinguished
- Mar 27, 2011
- 3
- 0
- 18,520
Oh, by the way:
Complaining is not in itself helpful. We ought to give people an alternative to Big Brother's schemes to save us from ourselves, and hopefully a better one.
Well, there always is one. It's called personal responsibility and virtue. It's precisely the handing over to authority of one's responsibility to think and solve one's own problems, and to help one's immediate neighbor, that led to the tens of millions of murders and tortures perpetrated by totalitarian dictatorships, and the current revolutions against them.
In this case, that means:
1) Use normal prudence to keep your computer from being stolen
2) If your computer's stolen your information -- by far the most valuable part of it -- isn't protected by Computrace anyway. The thief may extract it and do God knows what with it before he is caught -- if he is caught. So use encryption software. TrueCrypt is free, and open source (therefore thoroughly tested). You can encrypt your entire computer if you want. In one case the Brazilian government sent a computer to the FBI to have it cracked, and they gave up after five months effort.
3) Buy insurance if you think it's worth the cost.
Complaining is not in itself helpful. We ought to give people an alternative to Big Brother's schemes to save us from ourselves, and hopefully a better one.
Well, there always is one. It's called personal responsibility and virtue. It's precisely the handing over to authority of one's responsibility to think and solve one's own problems, and to help one's immediate neighbor, that led to the tens of millions of murders and tortures perpetrated by totalitarian dictatorships, and the current revolutions against them.
In this case, that means:
1) Use normal prudence to keep your computer from being stolen
2) If your computer's stolen your information -- by far the most valuable part of it -- isn't protected by Computrace anyway. The thief may extract it and do God knows what with it before he is caught -- if he is caught. So use encryption software. TrueCrypt is free, and open source (therefore thoroughly tested). You can encrypt your entire computer if you want. In one case the Brazilian government sent a computer to the FBI to have it cracked, and they gave up after five months effort.
3) Buy insurance if you think it's worth the cost.
My current laptop is a Dell XPS. I chatted with Dell today and asked if the XPS was available without Computrace in the BIOS and they said no. I plan on calling tech support to try to figure out who activated it. Another interesting thing I noticed is that I have RPCnet running on a desktop I built about 6 months ago. I ordered all of the parts from Newegg and assembled it myself. How could this be? Is RPCnet only Computrace? If so, I would like to know what component I bought that would have this installed. I did not see it in the BIOS of the desktop.
"It is indeed Computrace. You can remove it, but the BIOS will push it back. This is mainly seen on Lenovo and Dell but others are jumping on. Your IT guys can now track you on a map and see an inventory of eberything on your PC. In fact, with Absolute, they can remote wipe your PC. Then can snap a photo of you with the webcam and you would never know. I know what I'm talking about because I am that IT guy."
http/www.file.net/process/rpcnet.exe.html
Btw: Dell Alienware does not have Computrace imbedded into the BIOS but that is all I asked about.
"It is indeed Computrace. You can remove it, but the BIOS will push it back. This is mainly seen on Lenovo and Dell but others are jumping on. Your IT guys can now track you on a map and see an inventory of eberything on your PC. In fact, with Absolute, they can remote wipe your PC. Then can snap a photo of you with the webcam and you would never know. I know what I'm talking about because I am that IT guy."
http
/www.file.net/process/rpcnet.exe.htmlBtw: Dell Alienware does not have Computrace imbedded into the BIOS but that is all I asked about.
- Status
Similar threads
- Solved
TRENDING THREADS
-
Question Lenovo Yoga book 9i vs. Asus Zenbook duo
- Started by szcad
- Replies: 0
-
-
-
-
-
Question Transferring iPhone 8 (iOS 14.5) to new 15: Upgrade 8’s iOS & best method of transfer
- Started by autozonejawana
- Replies: 0
-
Question Question about if an older model laptop with upgraded parts will work as well for video editing
- Started by Reese Miller
- Replies: 3
Facebook
Twitter