king99 0 Posted October 9, 2022 Share Posted October 9, 2022 i suspected a rootkit infection on my computer a while ago more than month anyway tried every scanner out there you could think of after using Eset it detected a computrace.a on my computer "kudos Eset " but how can i remove it since i can't flash the bios the official tool report " can't flash the bios with the same version " Link to comment Share on other sites More sharing options...
itman 1,786 Posted October 9, 2022 Share Posted October 9, 2022 Just because Eset detects CompuTrace on your PC does not mean you have a UEFI based rootkit infection. If CompuTrace has never been activated in the BIOS settings, you can disable it there. Once disabled, it can never be activated again. Link to comment Share on other sites More sharing options...
itman 1,786 Posted October 9, 2022 Share Posted October 9, 2022 FYI: https://www.caulitech.in/how-to-remove-computrace-from-a-laptop/ Link to comment Share on other sites More sharing options...
king99 0 Posted October 9, 2022 Author Share Posted October 9, 2022 hi itman if i didn't have another symptoms on the computer i would've said it's just an unwanted application but a while ago I was using another security program no need to mention names the security program settings started to get changed in that program like allowing inbound connection to the pc even that i strictly stopped it and put a rule to stop inbound connection and password protected the app other strange things happens in the computer like dropping connection when i was doing some online gaming "not the router or connection fault " the connection being stopped internally from the laptop , also the security software started detecting process with weird name "numbers like 1020140400104" is trying to change browser setting using other tools and task managers to detected the hidden process couldn't find anything nor using logging tools like farbar also another symptom is stopping VMware workstation from working by stopping the vmauth service formatting couldn't fixed the problem for a while just for the symptoms to back again that's why i changed the pervious solutions and choosed eset and eset detected this computrace thingy i wouldn't say this is a coincidence regards Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted October 10, 2022 Most Valued Members Share Posted October 10, 2022 18 hours ago, king99 said: hi itman if i didn't have another symptoms on the computer i would've said it's just an unwanted application but a while ago I was using another security program no need to mention names the security program settings started to get changed in that program like allowing inbound connection to the pc even that i strictly stopped it and put a rule to stop inbound connection and password protected the app other strange things happens in the computer like dropping connection when i was doing some online gaming "not the router or connection fault " the connection being stopped internally from the laptop , also the security software started detecting process with weird name "numbers like 1020140400104" is trying to change browser setting using other tools and task managers to detected the hidden process couldn't find anything nor using logging tools like farbar also another symptom is stopping VMware workstation from working by stopping the vmauth service formatting couldn't fixed the problem for a while just for the symptoms to back again that's why i changed the pervious solutions and choosed eset and eset detected this computrace thingy i wouldn't say this is a coincidence regards Could it be that you have possibly installed something malcious. This would explain why after the reformat it seemed fine only to start playing up again Link to comment Share on other sites More sharing options...
king99 0 Posted October 12, 2022 Author Share Posted October 12, 2022 On 10/10/2022 at 7:02 PM, peteyt said: Could it be that you have possibly installed something malicious. This would explain why after the reformat it seemed fine only to start playing up again no i don't use cracks or any low reputation app and on clean install i use a disk image made on another system and i re download all the apps from their websites i tried rescue disks like bitdefender , eset , kaspersky etc hmp , norton power eraser whatever you can think of no way for the malware to survive Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 396 Posted October 12, 2022 Most Valued Members Share Posted October 12, 2022 1 hour ago, king99 said: no i don't use cracks or any low reputation app and on clean install i use a disk image made on another system and i re download all the apps from their websites i tried rescue disks like bitdefender , eset , kaspersky etc hmp , norton power eraser whatever you can think of no way for the malware to survive Do all the dodgy stuff still happen? It could have been the AV playing up - as mentioned Computrace can be detected even if not enabled. I believe you can deactivate in the BIOS but it may still be detected because it is still there even though just disabled - you may also be able to find an update for the BIOS with computrace not there Link to comment Share on other sites More sharing options...
itman 1,786 Posted October 12, 2022 Share Posted October 12, 2022 (edited) Check if the following files exist: rpcnet.exe, rpcnetp.exe, rpcnet.dll, and rpcnetp.dll in the Windows System32 directory. If these files do not exist, it means that Computrace has never been activated. If this is the case, disabling Computrace in the BIOS will ensure you can't be infected by Computrace based malware. Edited October 12, 2022 by itman Link to comment Share on other sites More sharing options...
king99 0 Posted October 15, 2022 Author Share Posted October 15, 2022 On 10/12/2022 at 10:59 PM, itman said: Check if the following files exist: rpcnet.exe, rpcnetp.exe, rpcnet.dll, and rpcnetp.dll in the Windows System32 directory. If these files do not exist, it means that Computrace has never been activated. If this is the case, disabling Computrace in the BIOS will ensure you can't be infected by Computrace based malware. those files and dlls are not present on the system also there is no option to disable computrace in the bios On 10/12/2022 at 10:44 PM, peteyt said: Do all the dodgy stuff still happen? It could have been the AV playing up - as mentioned Computrace can be detected even if not enabled. I believe you can deactivate in the BIOS but it may still be detected because it is still there even though just disabled - you may also be able to find an update for the BIOS with computrace not there no new update for the bios is present for my computer nor will be according to the manufacturer i wonder what third party tools i could use to further investigate or modify the bios anyway it seems i need a new laptop but i can't afford a new one right now Link to comment Share on other sites More sharing options...
itman 1,786 Posted October 15, 2022 Share Posted October 15, 2022 (edited) 28 minutes ago, king99 said: also there is no option to disable computrace in the bios Who is the manufacturer of your PC? Also, I need the model no. of the PC. Edited October 15, 2022 by itman Link to comment Share on other sites More sharing options...
king99 0 Posted October 23, 2022 Author Share Posted October 23, 2022 On 10/16/2022 at 12:16 AM, itman said: Who is the manufacturer of your PC? Also, I need the model no. of the PC. sorry for the belated answer https://pcsupport.lenovo.com/nl/en/products/laptops-and-netbooks/lenovo-b-series-laptops/lenovo-b50-80-notebook/80ew/downloads/driver-list/component?name=BIOS%2FUEFI Link to comment Share on other sites More sharing options...
itman 1,786 Posted October 23, 2022 Share Posted October 23, 2022 (edited) Perform the following to disable CompuTrace in the BIOS: Quote How To Disable Computrace In The Bios Of A Lenovo? You can’t use the computer’s mouse, so use the arrow keys to select the “Security” tab on the BIOS main menu. There are three alternatives for Computrace available here. More than likely, the “Deactivated” option will already be chosen. If you’re using a laptop, shut down the machine by pressing and holding the “Power” button on the laptop’s tower. Wait for the computer manufacturer’s emblem to appear on the screen before turning the machine back on. Press the BIOS access key as soon as it appears on the screen to enter the BIOS menu. Pressing the “DEL” or “F2” key on a computer usually launches the BIOS menu (see Resources). EDIT - See below for access key sequence. The “Security” tab can only be accessed by using arrow keys on the computer’s main menu in the BIOS. Computrace has three options listed here. Most likely, the “Deactivated” option has already been selected. Disable Computrace by pressing “Enter” on your keyboard after selecting “Disable” in step 3. Once the Computrace module is disabled, it cannot be reactivated. To confirm the “Disable” decision, press the “Enter” key again. It’s now time to reboot the computer into its operating system by pressing “F10” to save your BIOS settings. https://www.technologitouch.com/tech-tips/how-to-disable-computrace-in-lenovo-bios/ Quote How to access the BIOS settings in Lenovo B50 laptop During startup when the Lenovo logo is shown, press the key combination Fn + F2. (sometimes you need to press the combination more than once to enter the BIOS) https://www.dtonias.com/lenovo-b50-laptop-enter-bios-boot-menu/ Edited October 25, 2022 by itman peteyt 1 Link to comment Share on other sites More sharing options...
king99 0 Posted October 27, 2022 Author Share Posted October 27, 2022 thanks for the informative help but in my case my laptop bios doesn't have theses option in the bios I'm left with the only option to buy a new laptop or to use linux instead thanks again Link to comment Share on other sites More sharing options...
Solution itman 1,786 Posted October 27, 2022 Solution Share Posted October 27, 2022 7 hours ago, king99 said: but in my case my laptop bios doesn't have theses option in the bios This indicates that CompuTrace was never installed on your laptop or someone patched the BIOS. One possibility is if you acquired this laptop from someone else, they "patched" the BIOS to eliminate Computrace from appearing there under the mistaken assumption this actually would remove it. king99 1 Link to comment Share on other sites More sharing options...
king99 0 Posted October 27, 2022 Author Share Posted October 27, 2022 3 hours ago, itman said: This indicates that CompuTrace was never installed on your laptop or someone patched the BIOS. One possibility is if you acquired this laptop from someone else, they "patched" the BIOS to eliminate Computrace from appearing there under the mistaken assumption this actually would remove it. thanks for the help i'm really glad that computrace is patched on my laptop because i can't afford a new laptop for the time being Link to comment Share on other sites More sharing options...
Recommended Posts