Jump to content

computrace.a is there a way to remove it


Go to solution Solved by itman,

Recommended Posts

i suspected a rootkit infection on my computer a while ago more than month 

anyway tried every scanner out there you could think of 

after using Eset  it detected a computrace.a on my computer  "kudos Eset "

but how can i remove it 

since i can't flash the bios the official tool report " can't flash the bios with the same version " 

 

Link to comment
Share on other sites

Just because Eset detects CompuTrace on your PC does not mean you have a UEFI based rootkit infection.

If CompuTrace has never been activated in the BIOS settings, you can disable it there. Once disabled, it can never be activated again.

 

Link to comment
Share on other sites

hi itman 
if i didn't have another symptoms on the computer i would've said it's just an unwanted application 

but  a while ago I was using another security program no need to mention names 
the security program settings started to get changed in that program like allowing inbound connection to the pc even that i strictly stopped it and put a rule to stop inbound connection  and password protected the app

other strange things happens  in the computer  like dropping connection when i was doing some online gaming "not the router or connection fault " the connection being stopped internally from the laptop , also the security software started detecting process with weird name "numbers like 1020140400104" is trying to change browser setting using other tools and task managers to detected the hidden process couldn't find anything nor using logging tools like farbar

also another symptom is  stopping VMware workstation from working by stopping the vmauth service 

formatting couldn't fixed the problem for a while just for the symptoms to back again 

that's why i changed the pervious solutions and choosed eset and eset detected this computrace thingy 

i wouldn't say this is a coincidence

 

regards 

 

Link to comment
Share on other sites

  • Most Valued Members
18 hours ago, king99 said:

hi itman 
if i didn't have another symptoms on the computer i would've said it's just an unwanted application 

but  a while ago I was using another security program no need to mention names 
the security program settings started to get changed in that program like allowing inbound connection to the pc even that i strictly stopped it and put a rule to stop inbound connection  and password protected the app

other strange things happens  in the computer  like dropping connection when i was doing some online gaming "not the router or connection fault " the connection being stopped internally from the laptop , also the security software started detecting process with weird name "numbers like 1020140400104" is trying to change browser setting using other tools and task managers to detected the hidden process couldn't find anything nor using logging tools like farbar

also another symptom is  stopping VMware workstation from working by stopping the vmauth service 

formatting couldn't fixed the problem for a while just for the symptoms to back again 

that's why i changed the pervious solutions and choosed eset and eset detected this computrace thingy 

i wouldn't say this is a coincidence

 

regards 

 

Could it be that you have possibly installed something malcious. This would explain why after the reformat it seemed fine only to start playing up again 

Link to comment
Share on other sites

 

On 10/10/2022 at 7:02 PM, peteyt said:

Could it be that you have possibly installed something malicious. This would explain why after the reformat it seemed fine only to start playing up again 

no i don't use cracks or any low reputation app and on clean install i use a disk image made on another system and  i re download all the apps from their websites 

i tried  rescue disks like bitdefender , eset , kaspersky etc 

hmp , norton power eraser whatever you can think of 

no way for the malware to survive 
 

Link to comment
Share on other sites

  • Most Valued Members
1 hour ago, king99 said:

 

no i don't use cracks or any low reputation app and on clean install i use a disk image made on another system and  i re download all the apps from their websites 

i tried  rescue disks like bitdefender , eset , kaspersky etc 

hmp , norton power eraser whatever you can think of 

no way for the malware to survive 
 

Do all the dodgy stuff still happen? It could have been the AV playing up - as mentioned Computrace can be detected even if not enabled. I believe you can deactivate in the BIOS but it may still be detected because it is still there even though just disabled - you may  also be able to find an update for the BIOS with computrace not there

Link to comment
Share on other sites

Check if the following files exist:

rpcnet.exe, rpcnetp.exe, rpcnet.dll, and rpcnetp.dll

in the Windows System32 directory.

If these files do not exist, it means that Computrace has never been activated. If this is the case, disabling Computrace in the BIOS will ensure you can't be infected by Computrace based malware.

Edited by itman
Link to comment
Share on other sites

On 10/12/2022 at 10:59 PM, itman said:

Check if the following files exist:

rpcnet.exe, rpcnetp.exe, rpcnet.dll, and rpcnetp.dll

in the Windows System32 directory.

If these files do not exist, it means that Computrace has never been activated. If this is the case, disabling Computrace in the BIOS will ensure you can't be infected by Computrace based malware.

those files and dlls are not present on the system  

also there is no option to disable computrace in the bios 

On 10/12/2022 at 10:44 PM, peteyt said:

Do all the dodgy stuff still happen? It could have been the AV playing up - as mentioned Computrace can be detected even if not enabled. I believe you can deactivate in the BIOS but it may still be detected because it is still there even though just disabled - you may  also be able to find an update for the BIOS with computrace not there

no new update for the bios is present for my computer nor will be  according to the manufacturer 

 

i wonder what third party tools i could use to further investigate or modify the bios 

anyway it seems i need a new laptop but i can't afford a new one right now 

Link to comment
Share on other sites

28 minutes ago, king99 said:

also there is no option to disable computrace in the bios 

Who is the manufacturer of your PC? Also, I need the model no. of the PC.

Edited by itman
Link to comment
Share on other sites

On 10/16/2022 at 12:16 AM, itman said:

Who is the manufacturer of your PC? Also, I need the model no. of the PC.

sorry for the belated answer  

https://pcsupport.lenovo.com/nl/en/products/laptops-and-netbooks/lenovo-b-series-laptops/lenovo-b50-80-notebook/80ew/downloads/driver-list/component?name=BIOS%2FUEFI

Link to comment
Share on other sites

Perform the following to disable CompuTrace in the BIOS:

Quote

How To Disable Computrace In The Bios Of A Lenovo?

You can’t use the computer’s mouse, so use the arrow keys to select the “Security” tab on the BIOS main menu. There are three alternatives for Computrace available here. More than likely, the “Deactivated” option will already be chosen.

  1. If you’re using a laptop, shut down the machine by pressing and holding the “Power” button on the laptop’s tower.
  2. Wait for the computer manufacturer’s emblem to appear on the screen before turning the machine back on. Press the BIOS access key as soon as it appears on the screen to enter the BIOS menu. Pressing the “DEL” or “F2” key on a computer usually launches the BIOS menu (see Resources). EDIT - See below for access key sequence.
  3. The “Security” tab can only be accessed by using arrow keys on the computer’s main menu in the BIOS. Computrace has three options listed here. Most likely, the “Deactivated” option has already been selected.
  4. Disable Computrace by pressing “Enter” on your keyboard after selecting “Disable” in step 3. Once the Computrace module is disabled, it cannot be reactivated. To confirm the “Disable” decision, press the “Enter” key again.
  5. It’s now time to reboot the computer into its operating system by pressing “F10” to save your BIOS settings.

 

https://www.technologitouch.com/tech-tips/how-to-disable-computrace-in-lenovo-bios/

Quote

How to access the BIOS settings in Lenovo B50 laptop

During startup when the Lenovo logo is shown, press the key combination Fn + F2. (sometimes you need to press the combination more than once to enter the BIOS)

https://www.dtonias.com/lenovo-b50-laptop-enter-bios-boot-menu/

Edited by itman
Link to comment
Share on other sites

thanks for the informative help 

but in my case my laptop bios doesn't have theses option in the bios 

:(

I'm left with the only option to buy a new laptop 

or to use linux instead 

thanks again 

 

Link to comment
Share on other sites

  • Solution
7 hours ago, king99 said:

but in my case my laptop bios doesn't have theses option in the bios 

This indicates that CompuTrace was never installed on your laptop or someone patched the BIOS.

One possibility is if you acquired this laptop from someone else, they "patched" the BIOS to eliminate Computrace from appearing there under the mistaken assumption this actually would remove it.

Link to comment
Share on other sites

3 hours ago, itman said:

This indicates that CompuTrace was never installed on your laptop or someone patched the BIOS.

One possibility is if you acquired this laptop from someone else, they "patched" the BIOS to eliminate Computrace from appearing there under the mistaken assumption this actually would remove it.

thanks for the help :) 
i'm really glad that computrace is patched on my laptop 
because i can't afford a new laptop for the time being 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...