19/11/2009, 10:23 AM
OK here's some backstory.
A few weeks ago my antivirus would give me alerts upon startup telling me that it had found an EXE file called rpcnet.exe in system32. Apperently it was an "Unsafe Application". My AV being free and slightly rubbish I ignored it, did some research into this EXE, discovering that its a part of Windows XP (Remote Procedure Call) and decided just to leave it be.
Fast forward to today and my AV pops up again telling me that there was another EXE in system32 called Upgrd.exe that was trying to modify the registry. It just came out of nowhere. I wans't installing or updating anything at the time so why this application was running I have no idea. I had a look at Upgdr.exe's properties and apperently it's written by Absolute Software Co, a company that track 'borrowed' laptops.
A bit more digging reveals that Upgrd.exe and rpcnet.exe are linked. rpcnet.exe is what connects to the internet to provide location information to Absolute Software Co. I also discovered that US model Toshiba laptops (mine's not a US model but it is a Toshiba) come pre-installed with this tracking software. It's embedded in the BIOS so it can't be removed by simply re-installing the OS.
Here are some links to pages I've used in my research:
Absolute Software Co
Absolute Software Co (another page)
Some forum
I've done a restart since the last AV alert (the laptop locked up after I tried to block Upgrd.exe from connecting to the internet) and all the AV alerts seem to have stopped. No alert telling me about rpcnet.exe at startup and Upgrd.exe is no longer running in the background.
What do you guys think? This laptop's definately not 'borrowed' because I bought it new from PC-World, probably the biggest electronics supplier in the UK maybe Europe. I'm a little scared...
A few weeks ago my antivirus would give me alerts upon startup telling me that it had found an EXE file called rpcnet.exe in system32. Apperently it was an "Unsafe Application". My AV being free and slightly rubbish I ignored it, did some research into this EXE, discovering that its a part of Windows XP (Remote Procedure Call) and decided just to leave it be.
Fast forward to today and my AV pops up again telling me that there was another EXE in system32 called Upgrd.exe that was trying to modify the registry. It just came out of nowhere. I wans't installing or updating anything at the time so why this application was running I have no idea. I had a look at Upgdr.exe's properties and apperently it's written by Absolute Software Co, a company that track 'borrowed' laptops.
A bit more digging reveals that Upgrd.exe and rpcnet.exe are linked. rpcnet.exe is what connects to the internet to provide location information to Absolute Software Co. I also discovered that US model Toshiba laptops (mine's not a US model but it is a Toshiba) come pre-installed with this tracking software. It's embedded in the BIOS so it can't be removed by simply re-installing the OS.
Here are some links to pages I've used in my research:
Absolute Software Co
Absolute Software Co (another page)
Some forum
I've done a restart since the last AV alert (the laptop locked up after I tried to block Upgrd.exe from connecting to the internet) and all the AV alerts seem to have stopped. No alert telling me about rpcnet.exe at startup and Upgrd.exe is no longer running in the background.
What do you guys think? This laptop's definately not 'borrowed' because I bought it new from PC-World, probably the biggest electronics supplier in the UK maybe Europe. I'm a little scared...