Hello,
I purchased a refurbished computer off of ebay from a major retailers store. I installed webroot secure anywhere and it found a trojan when I first started windows rpcnetp.exe in the system32 directory. Upon researching I found this to be computrace. I then reformatted the hard drive and the file re-appeared. I then contacted Absolute software who owns computrace and they found the laptop in there system contacted the previous owner and I provided my serial number. They then sent a deactivation signal to the computer and now I can remove the rpcnetp.exe fille, but it reappears on reboot. I contacted absolute again and am awaiting a response. The retailer has offered to give me a refund due to the circumstances. I just hate to send the laptop back as it was a present for my wife, but I am scared that the file keeps reappearing. Maybe thats what I get for buying refurbished but I thought the retailer would do its due diligence and not sell a laptop with the compuser agent still enabled. The model is an Acer switch 5 model SW512-52-55YD. Computrace is part of the UEFI bios so it is extremely hard to remove. I am just rather frustrated as I just want to remove it on a laptop I legitimately purchased.Thanks,
Casey
coop5796
It's legitimate security software that's embedded in the BIOS. If your laptop is stolen, it can be tracked on the internet & then possibly recovered. If it could be easily removed, it would be worthless. Of course, it also means the laptop can potentially be tracked whenever it's connected to the internet. The only way to get rid of it would be to modify the BIOS. If you have a problem with it being installed, return the laptop. "Absolute and Acer have collaborated to embed Absolute’s technology in the firmware for additional tamper-resistance," said John Livingston, Chairman and CEO of Absolute. "With this new collaboration between Acer, Intel and Absolute, Acer is giving their customers the best solutions available to track, manage and protect their mobile computers."
https://www.absolute.com/en/about/p...
https://www.acer.com/ac/en/US/conte...
message edited by riider
Thanks riider for the response. I know from researching the file that it is owned by absolute software and used for computrace. I contact absolute software again and they want me to leave the laptop on the network for 24 hours while they send another deactivation signal. I am just trying to get rid of the files for good without modify my bios if possible or having to run a start up script to delete files. coop5796
trvlr, You can delete it, but it comes back after a reboot. It is built in to a Uefi Bios. It appears my options are: to wait for the deactivation signal and see if that remove its, return the laptop or create a start up script to remove the files on boot. I suppose I could also try to modify the bios, but they may be risky.
coop5796
That is what I would do, Flash the BIOS with the latest version, then I would do a factory reset or delete all partitions and clean install of Windows. You have to be a little bit crazy to keep you from going insane.
Thanks for the responses. Unfortunately I have already tried both re-flashing the bios to the newest version and a reinstall of windows deleting all partitions. coop5796
I remember coming across Computrace about 10 years ago when I was still in the business. I was told that it was already installed in a vast number of computers (it was a Dell that I found it on but was told that many manufacturers were using it) but was not activated by default, customers could set up an account with the company and they would turn it on. There was a bit of a hoo-ha when one of the antivirus companies, I think it was Kaspersky, discovered that it could potentially be used as a backdoor into many systems and I haven't heard a lot about it since then. I do remember that it was not something that could be disabled easily. I would personally just return the machine if the offer is made. "I've always been mad, I know I've been mad, like the most of us..." Pink Floyd
It's legitimate security software that's embedded in the BIOS. If your laptop is stolen, it can be tracked on the internet & then possibly recovered. If it could be easily removed, it would be worthless. Of course, it also means the laptop can potentially be tracked whenever it's connected to the internet. The only way to get rid of it would be to modify the BIOS. If you have a problem with it being installed, return the laptop. "Absolute and Acer have collaborated to embed Absolute’s technology in the firmware for additional tamper-resistance," said John Livingston, Chairman and CEO of Absolute. "With this new collaboration between Acer, Intel and Absolute, Acer is giving their customers the best solutions available to track, manage and protect their mobile computers."
https://www.absolute.com/en/about/p...
https://www.acer.com/ac/en/US/conte...
message edited by riider
Can you set Webroot secure to ignore it so it is no longer reported? This might not be your package but something like this:
https://www.webroot.com/En_US/Secur...Always pop back and let us know the outcome - thanks
message edited by Derek
Ad Choices