Spyware embedded in MBR on ALL Gateway P-series laptop

You can deter organizations/people from tracking you with a proxy server (even more than one strung together). But, all things go through your isp. If you listen to any tech podcasts, it is agreed that packet sniffers are used on a regular basis, Your isp can tell what you are downloading (if they want to) A number of isp's actually throtle your internet speed accourding to your activety (comcast is allegedly one of the isp's in question) and the thing they are most noted for throttling is..........You guessed it, Bit torrent. Even though bit torrent has many legal uses. It has a bad name, in the eyes of your Isp and in the government. Another thing to consider is today they are throttling........tomorrow.........well, anything is possible. If the isp's and government had their way it would be illegal to use both bit torrent and peer to peer programs, which is one of the reasons I don't use them. If you want any of this to change contacting your states congressman is the way to do this. If you do (and this is not a accusation) play pirated games realize this. Many Pc game companies are reporting losses due to their games being torrented traded on peer to peer's ect. If it becomes unprofitable to make PC games, then they won't, and then we will all lose. Presently it is more profitable for these companies to make console games so let's not give them the excuse to make console only titles.

 

lol

yep, caught my isp throttle me a few times till i got on them about it. they use to give some lame excuse that your connection wasn't strong enough so we had to cut your speed down. YEAH RIGHT! put my stuff back and give me what im paying for, not what you think i should have.

and we are already at the age where the government is already watching you, just ask some of the service people around the forums. although i dont think you will get a valid answer from any real high up official. (speculation of course)

 

@ SnowSurfer
What world are you on? Its practically a rfid chip built into your computer. I did not purchase a computer with this service - nor was it offered. I saw no icon or software that accompanied my Gateway M-1625 laptop Gotten in May 2008. nothing on the box. I'm all for hacking this stuff out ! Although I should be honest and say that I honestly have never done it before , I will attempt to get rid of this thing that at the very least lets someone know that there is someone handling this laptop. The laptop has become the gps for us friends. This must stop.

 

if you you cant flash your bios...your not going to get rid of it.

 

Your new here so you dont know. (unless you read the FAQ's and what not like your supposed to)

But the forums frowns heavily on showing work around on things like BIOS passwords.
I would edit your post to remove that stuff. Just a friendly suggestion

 

OK, I'll have to deal with this legitamate issue with MY OWN PERSONAL laptop, in private.

I think I found another solution, but mums the word...

 

Its really not like that mate, but there are people that do ask those sorts of questions with reguards to stolen equipment. So NBR just tries to stay away from those sorts of situations.

Makes it easier for everyone

If you need BIOS help
www.wimsbios.com
is a great website to get help with specific BIOS problems and issues

 

what has this post anything to do with the thread title ?
beside the word bios ???

cool thread though

 

dunno..but there is a way to bypass the BIOS for situations where you lack the password. If you remove the cover from the base, over by the 2 mini card slots(one should have your wifi), other may or may not be empty. There is what looks like a battery, leave that alone. From the diagram I saw, it appears that this jumper is located towards the base of the 2 mini cards.. between them, and just below them. There should be a removable jumper on the MOBO, just remove it to gain access to the BIOS. There's nothing wrong with posting info like this on these forums, as long as it is for legit reasons. And in this case, Im not judging for truth. Just trying to help.

EDIT: If it's not there, then it is somewhere right there in the vicinity of the 2 mini cards. Good luck

Oh, and if this info is being used for illegal reasons.. Then shame, shame, shame on you. And you may go to jail.

 

So is this lojack still on the p-series lappies? (is it on the 7811). I'm interested in modifying it so that it reports to my twitter account instead of absolute. I did this with my ipod touch... it reports its location to my twitter account in 30 second intervals when it's connected to wifi anywhere (by location I mean estimated, as the touch does not have gps and reports its location by the nearest registered ap).

 

smart idea

 

the files that the OP said were in System32 aren't there, I also checked systemwow64 and they aren't there either, so maybe GW removed it

 

Ladies and gentlemen, there is no elephant in the room.

I am a network administrator for a major accounting firm. We use Computrace by Absolute Software (LoJack for Laptops), and I work with the vendor directly on any issues related to this software.

First off, the items are pre-installed in the BIOS for convenience if you choose to utilize the software. Until you activate it with Absolute, the tracking service is not enabled. In fact, in this instance of the BIOS it's automatically disabled, and would require modification for it to be re-enabled (a file sent to you from Absolute). So really this is no more than having the drivers for a modem in the OS, even if you don't have a modem. It may still be nice to have...

So everyone can calm down, this isn't 1984, Big Brother may be watching, but not in this instance. If anyone has detailed questions about how this software functions, and the abilities it can bestow an administrator, ask away and I'll do what I can to assist.

 

Do a scan on open ports. To the best of my knowledge, the software is indeed pinging a server at regular intervals by default (at least on the P-6860; not sure about the P-7811).

 

It shouldn't be, especially in a BIOS disabled notebook. Do you have any logs showing the calls in question?

Just to reiterate, the functionality of the software has to be enabled by a active account with Absolute. Also it wouldn't 'ping' a server, but upload a very small file with a snapshot of the system configuration, so you would definitely see it on port traffic if it was enabled.

 

Sorry can you explain where the following info comes from then (slightly modified to be less confusing)-

 

The Lojack software was not pre installed on mine. I ordered it from GW.com and ordered 3 years of the Lojack with the computer.

I got a email with the link to download the Lojack software and install it myself.

So as of June 2008 GW is not pre installing Lojack (the software at least) on their machines. (well P-172X FX's that is)

 

i have all the rpc files mentioned (rpcnet.dll rpcnet.exe and rpcnetp.dll rpcnetp.exe all in c:\windows\ system32) they used to ask network access from my fw. at that time i made some searching and found out it was the lojack thing. so i just denied network access and forgot about it.

even if you dont have a third party firewall you can just deny access to the system through the files properties/security/ and deny permission to the system user process.

or just delete them as was mentioned before

 

This was my experience on the P6860.

 

On my 6831 yes, rcpnet does indeed try and connect to the net all the time. I have Threatfire installed on my comp and at almost every bootup it catches it trying to connect to the internet at system start up and flags it as a potential security threat. My firewall on the other hand never catches it, but if I look manually I can see it trying to ping a server. I know what it is, and generally ignore it. I just tell threatfire to block it whenever it pops back up.

 

The 7811 doesn't have any rpcnet but we do have an application in system32 called RpcPing, as well as the following files:

rpcdiag.dll, rpchttp.dll, rpcndfp.dll, rpcns4.dll, rpcnsh.dll, rpcrt4.dll, and rpcss.dll. All of them say microsoft corporation... would these be lojack in disguise?

 

Hi! I' trying to remove computrace lojack from my lenovo 3000 C200,
as I have post at lenovo forum, and before
putting my laptop at risk, I'd like to know if you finally succeeded
with yours, and if you have any special advice to give. Thanks
in advance.

TBA