CompuTrace causing problems. Need help to remove from BIOS (Phoenix BIOS F.2E)

I get only half of this… 24ps08 is the name of the CompuTrace rom when unpacked? And you are modifying the firmware after compression?!

You still will have the CompuTrace firmware run every boot trying to access your file system.

 

a little help pls ?

ok i have searched all of google and even made a little computrace bug that is suppose to kill computrace it does not work

my issue is as follows >

i work at a computer store in a small town it so happens we have a customer come in with computrace active so of course we did the research they DO own the laptop they have all the paper work however a school has activated the computrace they quote that this person owe's money however the person listed is NOT the person who own's the computer.

we politely tell them this and there answer is "thats not our problem" if they down pay we are not helping so i am asking how can i remove a activated verson of computrace from a hp computer (( this thing is a peace of shiz)) but help is welcomed


i have tryed a boot bug >>

Spoiler

@echo off

SETLOCAL enableextensions enabledelayedexpansion
goto :yespls

:: vampiricbunny1800 wrote this to kill the computrace stuff in windows
:: your welcome (^..^)/
:: this program will remove computrace files from a computer

:yespls

TASKKILL /F /IM "rpcnetp.exe"
TASKKILL /F /IM "rpcnet.exe"
TASKKILL /F /IM "upgrd.exe"
del "C:\Windows\System32\UPGRD.exe" /y
del "C:\Windows\System32\rpcnetp.exe" /y
del "C:\Windows\System32\rpcnetp.exe" /y
del "C:\Windows\System32\rpcnetp.dll" /y
del "C:\Windows\System32\rpcnet.dll" /y
goto :b

:b

xcopy >> C:\Windows\System32\UPGRD.exe
xcopy >> C:\Windows\System32\rpcnetp.exe
xcopy >> C:\Windows\System32\rpcnetp.exe
xcopy >> C:\Windows\System32\rpcnetp.dll
xcopy >> C:\Windows\System32\rpcnet.dll
attrib -R "C:\Windows\System32\UPGRD.exe" /y
attrib -R "C:\Windows\System32\rpcnetp.exe" /y
attrib -R "C:\Windows\System32\rpcnetp.exe" /y
attrib -R "C:\Windows\System32\rpcnetp.dll" /y
attrib -R "C:\Windows\System32\rpcnet.dll" /y
cls

timeout /t 3
go to :exit

:exit
exit

however computrace locks the computer before it can run and i cannot bypass it so what i did was put ubuntu on the system and that worked however, it would be nice to run windows


((((( i forgot its a HP 51oo or something ))))))

 

Code:

0c300   d4 18 00 00 00 00 00 00   00 00 00 00 c8 00 c5 e7   Ô
0c310   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00
0c320   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00
0c330   00 00 00 00 00 00 00 00   08 05 05 09 0b 04 00 2a              744803 \
0c340   08 05 05 09 0b 04 00 2a   7c 80 00 7f 7e 7f 7f 7f   744803 \
0c350   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00
0c360   00 00 1e 00 00 00 00 00   00 00 00 00 00 00 00 00     A

That's the non-zero part of my old eeprom-dump, but line 0x310 is always binary 0. Do you remember, if it looks like yours? Maybe, i have to zero out line 0x300?
If you can't remember, i have to dig out my interface an play with the eeprom.

 

it might be in different offset per different model board.

best is to decompile modules and find the module itself to edit

 

You need to login to view this posts content.

 

Use DSTCD (dell service tech CD). Change service tag, remove computrace, change service tag back to original.

 

For those who think that someone wanting to remove computrace from his computer is a thief, just let me ask you something :
What would be your opinion if this spyware was introduced without your approuval by a private but "trustable" and serious chinese company ?

 

good job

 

If anyone is interested; computrace can be disable (not removed) by simply denying system access to the files. Done it several times and it just works. Used to create empty files and write protecting them. Denying access takes only a couple clicks....

 

Absolute Computrace is basically malware installed in the BIOS. Dell computers at least show you the status of it, however if it is set to disabled, it is permanently disabled, and if it is enabled, it is permanently enabled. The majority of other brand laptops are shipping with this too, but most don't have any BIOS option or even notification to the user.

The BIOS module, even before the computer boots, scans for Windows installations and replaces official Windows binaries with it's own version. When installed in Windows, it phones home to Absolute Software, and basically allows them rootkit-level access to the system. When contacted, they are able to remove the system files for their software remotely through their back door (confirming their PwNership of your Windows install), but that won't stop the BIOS from reloading it on the system again. Basically computers are compromised and being tracked by this company whether you paid for their services or not, with dubious security just waiting for hackers to exploit.

I got a government auction Dell Optiplex 755 desktop with the Computrace BIOS setting locked "on", and tried several ways to wipe or glitch this. Like laptop passwords, the setting is stored in serial EEPROM, the same chip as the BIOS, but the BIOS settings memory blocks are not part of the firmware image. However I did find the solution on this machine:

• Get BIOS A01, filename O755-A01.EXE, which can be found searching the Dell site (but is not presented as one of the download options on the Optiplex main support page),
• Make a DOS-bootable USB stick and put this firmware file on it,
• Open the computer, take the password jumper off and put it on the service mode jumper pins (near ATX power connector)
• Boot of the USB stick (F12 boot options)
• run the command: O755-A01 -wipeall -wipeclean
• Instead of the normal reboot procedure to install BIOS, EEPROM is immediately erased and the new BIOS loaded,
• Put the jumper back in its original position,
• Boot into BIOS and set Computrace to permanent disable,
• Retype the erased service tag using the BIOS option to do so,
• Reboot and reload the newest BIOS of your choice (some, like mods from this forum, are Windows-only)

I have a feeling this will also bypass and reset the "require signed BIOS" option if it was set, which blocks non-official BIOS images, clear the SLIC blocker flag on machines shipped without Windows, as well as erasing owner tag and other information embedded by Dell CCKT or Systems Management Tools.

I have not found yet how to reset to "factory replacement" status, where on first bootup you permanently set the Intel AMT/MEBx SKU feature set - the board may uses hardware fuses or lock bits for this.

Optiplex 780 A01 BIOS has the same hidden options. Other Dells are likely similar, you'd have to explore which BIOS updates have the wipe function still present.

 

Thank You very much

 

You need to login to view this posts content.