Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lenovo T430 with Computrace


  • Please log in to reply
5 replies to this topic

#1 techexp

techexp

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 19 December 2014 - 05:30 PM

I bought a Lenovo T430 from my barber because it was blue screening and I wanted a project computer to rebuild and resell. Come to find out, the little bugger has CompuTrace on it. I've tried reflashing the BIOS and that doesn't allow me to disable it. Anyone know of a way to remove it completely? I've googled for hours but have yet to come to a solution. I called computrace and they said since I'm not the original owner, they can't do anything. 

 

In the meantime, I have the firewall blocking outgoing connections and netbalancer blocking rpcnet from doing anything. But I'd love to remove it completely if at all possible. I mean, if it can be installed, it should be able to be uninstalled. 



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,819 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 AM

Posted 19 December 2014 - 05:53 PM

I'm not sure it can be disabled but it sure is something I would not want.

 

http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700

 

When you flashed the BIOS, did you do it in Windows? Maybe flashing outside of Windows would work. Possible doing it with a Modded BIOS. That has the possiblity of bricking the comptuer.

 

Check this thread.



#3 techexp

techexp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 19 December 2014 - 06:01 PM

I'm not sure it can be disabled but it sure is something I would not want.

 

http://threatpost.com/millions-of-pcs-affected-by-mysterious-computrace-backdoor-2/107700

 

When you flashed the BIOS, did you do it in Windows? Maybe flashing outside of Windows would work. Possible doing it with a Modded BIOS. That has the possiblity of bricking the comptuer.

 

Check this thread.

 

Yep, saw both of these. I flashed the bios from within windows, then tried from the boot disk from Lenovo. Lenovo's boot disk won't allow me to flash since it's already up to date. 



#4 JohnC_21

JohnC_21

  • Members
  • 24,819 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 AM

Posted 19 December 2014 - 06:04 PM

From BlackHat it looks like it cannot be permenantly disabled.



#5 techexp

techexp
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 19 December 2014 - 06:21 PM

Looks like I'm going to have to leave it and just block the process from calling out. 



#6 mjd420nova

mjd420nova

  • Members
  • 1,913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 21 December 2014 - 02:52 PM

Good idea that you isolated it before going any farther.  Of the many hundreds I've dealt with, once isolated, the machine (hardware) needs a HARD reset, Factory default.  Remove any batteries and CMOS button cells.  Some units have a reset jumper.  This forces the  BIOS to be loaded from the firmware into the CMOS BIOS chip and NOT the flash BIOS, which is the core of the "infection"  Then a through anti-virus suite can be brought to bear without the infected core.  Malwarebytes does a superb job after the AV finishes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users