CompuTrace causing problems. Need help to remove from BIOS (Phoenix BIOS F.2E)

Discussion in 'BIOS Mods' started by sonu27, Feb 10, 2010.

  1. Kikoo

    Kikoo MDL Junior Member

    Jul 29, 2009
    I get only half of this… 24ps08 is the name of the CompuTrace rom when unpacked? And you are modifying the firmware after compression?!

    You still will have the CompuTrace firmware run every boot trying to access your file system.
  2. vampiricbunny1800

    vampiricbunny1800 MDL Novice

    Oct 14, 2013
    a little help pls ?

    ok i have searched all of google and even made a little computrace bug that is suppose to kill computrace it does not work

    my issue is as follows >

    i work at a computer store in a small town it so happens we have a customer come in with computrace active so of course we did the research they DO own the laptop they have all the paper work however a school has activated the computrace they quote that this person owe's money however the person listed is NOT the person who own's the computer.

    we politely tell them this and there answer is "thats not our problem" if they down pay we are not helping so i am asking how can i remove a activated verson of computrace from a hp computer (( this thing is a peace of shiz)) but help is welcomed

    i have tryed a boot bug >>

    @echo off

    SETLOCAL enableextensions enabledelayedexpansion
    goto :yespls

    :: vampiricbunny1800 wrote this to kill the computrace stuff in windows
    :: your welcome (^..^)/
    :: this program will remove computrace files from a computer


    TASKKILL /F /IM "rpcnetp.exe"
    TASKKILL /F /IM "rpcnet.exe"
    TASKKILL /F /IM "upgrd.exe"
    del "C:\Windows\System32\UPGRD.exe" /y
    del "C:\Windows\System32\rpcnetp.exe" /y
    del "C:\Windows\System32\rpcnetp.exe" /y
    del "C:\Windows\System32\rpcnetp.dll" /y
    del "C:\Windows\System32\rpcnet.dll" /y
    goto :b


    xcopy >> C:\Windows\System32\UPGRD.exe
    xcopy >> C:\Windows\System32\rpcnetp.exe
    xcopy >> C:\Windows\System32\rpcnetp.exe
    xcopy >> C:\Windows\System32\rpcnetp.dll
    xcopy >> C:\Windows\System32\rpcnet.dll
    attrib -R "C:\Windows\System32\UPGRD.exe" /y
    attrib -R "C:\Windows\System32\rpcnetp.exe" /y
    attrib -R "C:\Windows\System32\rpcnetp.exe" /y
    attrib -R "C:\Windows\System32\rpcnetp.dll" /y
    attrib -R "C:\Windows\System32\rpcnet.dll" /y

    timeout /t 3
    go to :exit


    however computrace locks the computer before it can run and i cannot bypass it so what i did was put ubuntu on the system and that worked however, it would be nice to run windows

    ((((( i forgot its a HP 51oo or something ))))))
  3. fakeraol

    fakeraol MDL Novice

    Jan 16, 2010
    #43 fakeraol, Nov 3, 2013
    Last edited by a moderator: Apr 20, 2017
    0c300   d4 18 00 00 00 00 00 00   00 00 00 00 c8 00 c5 e7   Ô
    0c310   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00
    0c320   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00
    0c330   00 00 00 00 00 00 00 00   08 05 05 09 0b 04 00 2a              744803 \
    0c340   08 05 05 09 0b 04 00 2a   7c 80 00 7f 7e 7f 7f 7f   744803 \
    0c350   00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00
    0c360   00 00 1e 00 00 00 00 00   00 00 00 00 00 00 00 00     A
    That's the non-zero part of my old eeprom-dump, but line 0x310 is always binary 0. Do you remember, if it looks like yours? Maybe, i have to zero out line 0x300?
    If you can't remember, i have to dig out my interface an play with the eeprom.
  4. LatinMcG

    LatinMcG Bios Borker

    Feb 27, 2011
    it might be in different offset per different model board.

    best is to decompile modules and find the module itself to edit
  5. mackphx

    mackphx MDL Junior Member

    Sep 4, 2013
    Use DSTCD (dell service tech CD). Change service tag, remove computrace, change service tag back to original.
  6. Fravadona

    Fravadona MDL Novice

    Jun 4, 2014
    For those who think that someone wanting to remove computrace from his computer is a thief, just let me ask you something :
    What would be your opinion if this spyware was introduced without your approuval by a private but "trustable" and serious chinese company ?
  7. jawal37

    jawal37 MDL Novice

    Jun 7, 2012
  8. bludgard

    bludgard MDL Member

    Jan 4, 2011
    #49 bludgard, Nov 29, 2014
    Last edited: Nov 29, 2014
    If anyone is interested; computrace can be disable (not removed) by simply denying system access to the files. Done it several times and it just works. Used to create empty files and write protecting them. Denying access takes only a couple clicks.... ;)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. harby

    harby MDL Novice

    Jun 24, 2011
    #50 harby, Aug 21, 2015
    Last edited: Aug 28, 2015
    Absolute Computrace is basically malware installed in the BIOS. Dell computers at least show you the status of it, however if it is set to disabled, it is permanently disabled, and if it is enabled, it is permanently enabled. The majority of other brand laptops are shipping with this too, but most don't have any BIOS option or even notification to the user.

    The BIOS module, even before the computer boots, scans for Windows installations and replaces official Windows binaries with it's own version. When installed in Windows, it phones home to Absolute Software, and basically allows them rootkit-level access to the system. When contacted, they are able to remove the system files for their software remotely through their back door (confirming their PwNership of your Windows install), but that won't stop the BIOS from reloading it on the system again. Basically computers are compromised and being tracked by this company whether you paid for their services or not, with dubious security just waiting for hackers to exploit.

    I got a government auction Dell Optiplex 755 desktop with the Computrace BIOS setting locked "on", and tried several ways to wipe or glitch this. Like laptop passwords, the setting is stored in serial EEPROM, the same chip as the BIOS, but the BIOS settings memory blocks are not part of the firmware image. However I did find the solution on this machine:

    • Get BIOS A01, filename O755-A01.EXE, which can be found searching the Dell site (but is not presented as one of the download options on the Optiplex main support page),
    • Make a DOS-bootable USB stick and put this firmware file on it,
    • Open the computer, take the password jumper off and put it on the service mode jumper pins (near ATX power connector)
    • Boot of the USB stick (F12 boot options)
    • run the command: O755-A01 -wipeall -wipeclean
    • Instead of the normal reboot procedure to install BIOS, EEPROM is immediately erased and the new BIOS loaded,
    • Put the jumper back in its original position,
    • Boot into BIOS and set Computrace to permanent disable,
    • Retype the erased service tag using the BIOS option to do so,
    • Reboot and reload the newest BIOS of your choice (some, like mods from this forum, are Windows-only)

    I have a feeling this will also bypass and reset the "require signed BIOS" option if it was set, which blocks non-official BIOS images, clear the SLIC blocker flag on machines shipped without Windows, as well as erasing owner tag and other information embedded by Dell CCKT or Systems Management Tools.

    I have not found yet how to reset to "factory replacement" status, where on first bootup you permanently set the Intel AMT/MEBx SKU feature set - the board may uses hardware fuses or lock bits for this.

    Optiplex 780 A01 BIOS has the same hidden options. Other Dells are likely similar, you'd have to explore which BIOS updates have the wipe function still present.
  10. SC1966

    SC1966 MDL Novice

    Dec 15, 2016
    Thank You very much
  11. diagon

    diagon MDL Novice

    Aug 19, 2018