Hey guys,

I am here because i know this is the only place i will get an answer without being called a theif and shit like that.

Well, anyways, my cousin recently came over with a Desktop PC and asked if i can put it all in a tower for him. (i might have told you this awhile ago)

Well, yesterday he come over and said that his computer kept connecting to some companies network and he recieved an email and it said that the system he is using has been stolen and would like to speek with him.

Before i gave the pc back, i formated the hdd but it still connected to them.

Is it possible that its a BIOS feature ?

Is their a way i can disable the call out some how like block the ports it dials out to, reflash the bios etc ??

I do not know where the hell he got this PC from but i hope he doesnt get into trouble.

So can you help me out with whats going on ? or should i tell him to get a new motherboard ?? :helpsmile:

http://www.techweb.com/wire/story/TWB20030527S0008


“Although data is the most valuable part of a computer to most companies, some people really want the machine back,” Eades said in explaining why the back-trace feature might be useful. “Imagine if you had 100 machines stolen on the same night. That's a significant investment.” Tracing the thief would also come in handy, he said, if a company were suffering from repeated hardware theft, for example, perhaps by a disgruntled insider.

Eades said that a simple re-flash of the BIOS -- a chore often done by IT staffs and end-users to update the software in the BIOS chip -- would not thwart TheftGuard.

“You would have to be severely technical, really know your way around BIOS to remove [TheftGuard]. Most people who would know how to do this work for Phoenix,” he said, adding that the part of the BIOS where TheftGuard resides is not updatable via a flash upgrade.

if your cousin didn't steal the computer, and he just bought it from someone... it sounds like he might have gotten stolen goods palmed off to him, or it's been incorrectly listed as stolen? *shrug* :huh:

If I was you I'd tell your cousin to get in touch with the company who e-mailed him and just say how he come about it.
Get in touch with them before they get to you & it'll go in his favor I'm sure.

;) Just my 2 cents.

I think i will tell him that.

He payed a bit for the thing though because when he brang the pc over, he bought ram, a new hdd, dvd rom and a burner for it.

Also a new case.

I think it would be a good idea to get intouch with the company.

Its a shame because its a pretty fast PC.

2.4G pentium 4

768MB ddr ram and its pretty damn fast.

Fuckem i will tell him to find out where he got this thing from and then we can keep the processor, ram and just say we bought the moboard second hand.

I thought it was a little suss when the desktop case had a padlock on it :blink:

Originally posted by Evil Gemini@12 April 2004 - 00:55
Hey guys,

I am here because i know this is the only place i will get an answer without being called a theif and shit like that.

Well, anyways, my cousin recently came over with a Desktop PC and asked if i can put it all in a tower for him. (i might have told you this awhile ago)

Well, yesterday he come over and said that his computer kept connecting to some companies network and he recieved an email and it said that the system he is using has been stolen and would like to speek with him.

Before i gave the pc back, i formated the hdd but it still connected to them.

Is it possible that its a BIOS feature ?

Is their a way i can disable the call out some how like block the ports it dials out to, reflash the bios etc ??

I do not know where the hell he got this PC from but i hope he doesnt get into trouble.

So can you help me out with whats going on ? or should i tell him to get a new motherboard ?? :helpsmile:
i friends got a stolen computer a very nice 1 too he's been online with it for 2 months now and no problems

could just be a scam, try running spysweeper, or some other antispyware program, and see what you find...

Originally posted by ROSSCO_2004@12 April 2004 - 04:54
could just be a scam, try running spysweeper, or some other antispyware program, and see what you find...


Im hoping its some random spam going to his hotmail but if its going to his ISP email thats different.

When he comes over i will have a look and see what the email actually sais.

Originally posted by Evil Gemini+12 April 2004 - 00:24--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Evil Gemini @ 12 April 2004 - 00:24)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-ROSSCO_2004@12 April 2004 - 04:54
could just be a scam, try running spysweeper, or some other antispyware program, and see what you find...


Im hoping its some random spam going to his hotmail but if its going to his ISP email thats different.

When he comes over i will have a look and see what the email actually sais. [/b][/quote]
how did they get his email :unsure: it probably is spam.

This security program is installed on the "secret" first 62 (or 63, i can&#39;t remember) sectors of the hard drive. As to how to remove it I can only guess but I would start with something like Active @ Eraser and do a full wipe of the hard drive. then reload your OS image (you do have a backup right?) and see if it pulls that stuff again. If it&#39;s still there you&#39;ll have to take stronger measures. Try something like DISKLOOK or Norton Disk Doctor and manually over-write the first 63 sectors. Could be tedious. After that I don&#39;t know... maybe if you can find out what security program it is it will have an uninstaller. Then we resort to our bulk tape erasers and sledge hammers....A cup of thermite gently piled upon the top of the drive and ignighted with a magnesium wire will do the trick everytime. Might void your warranty though. :lol:

:ph34r: :ph34r: :ph34r:

Edit: Deleted post. Sounded stupid once I read what I wrote. :lol:

I don&#39;t know, but it&#39;s just possible I could be a genius. Not bragging or anything just pointing out one of God&#39;s mysteries: :lol: :lol: :lol:

http://www.geocities.com/thestarman3/asm/mbr/zap63.zip


Enjoy you bad boys you.... :music1:

Originally posted by deathonastick@12 April 2004 - 07:04
This security program is installed on the "secret" first 62 (or 63, i can&#39;t remember) sectors of the hard drive. As to how to remove it I can only guess but I would start with something like Active @ Eraser and do a full wipe of the hard drive. then reload your OS image (you do have a backup right?) and see if it pulls that stuff again. If it&#39;s still there you&#39;ll have to take stronger measures. Try something like DISKLOOK or Norton Disk Doctor and manually over-write the first 63 sectors. Could be tedious. After that I don&#39;t know... maybe if you can find out what security program it is it will have an uninstaller. Then we resort to our bulk tape erasers and sledge hammers....A cup of thermite gently piled upon the top of the drive and ignighted with a magnesium wire will do the trick everytime. Might void your warranty though. :lol:

:ph34r: :ph34r: :ph34r:
Actually, the original hdd is on slave for baking things up.

and if its on the bios well, that sucks :(

If i knew what security program it was, i should be able to get some info about it buy googling around.

BTW, his pc runs WAY WAY smoother than a 2.8g prescott i built a month ago :blink:

Since my old pc blew up 3 times before it just stopped working, i think i will build my self an intel machine :)

Still wating for him to come over so i can check that email.

p.s. if someone comes over with a desktop pc and has a big ass padlock on it just keep away from it :ph34r:

Rip the modem out.

Or at least don&#39;t leave it plugged into a phone socket when the line isn&#39;t already in use.

go behind a router and have it block certain outgoing connections from ur comp.


not sure how that would be done tho. maybe by uitlizing the routers internal firewall? D-link routers are good for this lol.

couldnt you use peerguardian for this? if you know the IP of the company that is............

@EG: he came over with a comp with a padlock on it and u dint even ask where he got it from???? <_<

if u think that its the mobo, this may sound stupid but....have u thought of replacing the mobo?

Each mobo has its own mac address. so its traceable.

Example
http://boingboing.net/2004/04/01/500_euros_if_you_spo.html

Originally posted by racer II@14 April 2004 - 18:34
Each mobo has its own mac address. so its traceable.

Example
http://boingboing.net/2004/04/01/500_euros_if_you_spo.html
Only if they have built in network adapters.

The "MAC" address is the address of the "Media Access Controller", usually an ethernet card, which is unique.

Oops yes thats true. :)