OK here's some backstory.

A few weeks ago my antivirus would give me alerts upon startup telling me that it had found an EXE file called rpcnet.exe in system32. Apperently it was an "Unsafe Application". My AV being free and slightly rubbish I ignored it, did some research into this EXE, discovering that its a part of Windows XP (Remote Procedure Call) and decided just to leave it be.

Fast forward to today and my AV pops up again telling me that there was another EXE in system32 called Upgrd.exe that was trying to modify the registry. It just came out of nowhere. I wans't installing or updating anything at the time so why this application was running I have no idea. I had a look at Upgdr.exe's properties and apperently it's written by Absolute Software Co, a company that track 'borrowed' laptops.

A bit more digging reveals that Upgrd.exe and rpcnet.exe are linked. rpcnet.exe is what connects to the internet to provide location information to Absolute Software Co. I also discovered that US model Toshiba laptops (mine's not a US model but it is a Toshiba) come pre-installed with this tracking software. It's embedded in the BIOS so it can't be removed by simply re-installing the OS.

Here are some links to pages I've used in my research:

Absolute Software Co
Absolute Software Co (another page)

Some forum

I've done a restart since the last AV alert (the laptop locked up after I tried to block Upgrd.exe from connecting to the internet) and all the AV alerts seem to have stopped. No alert telling me about rpcnet.exe at startup and Upgrd.exe is no longer running in the background.

What do you guys think? This laptop's definately not 'borrowed' because I bought it new from PC-World, probably the biggest electronics supplier in the UK maybe Europe. I'm a little scared...

How old it is

If its within reason and take it into the Geek Squad and bitch about it

I doubt they can do anything, but they might be able to

Alternately, are there any custom made bioses that remove it

It might be worth looking into if its bugging you. It hardly seems like the most comforting application

It's less than a year old. Maybe around 9 months now. But the warranty went out the window then I got rid of Vista and put XP on instaed. I've just updated the BIOS with a newer version from the Toshiba site (questionable). I'm also keeping an eye on it's network activity with TCPview. It tells me all the connections the computer is making to the Internet. SO far nothing untoward is happening...

Off topic: BIOS flashing is scary. I restarted after the update and it wouldn't stay on. I'd hit the power button, it'd stay on for a few seconds and then turn off again. After a few attempts it started up fine but XP BSOD'd on startup. This was because the BIOS settings had been reset and my SATA controller had gone back into AHCI mode which XP doesn't support. Another reboot, SATA controller back into Compatibility mode and all is well. Except I'm not convinced this software is actually gone. More worryingly the laptop has a built in camera and microphone. I've put pieces of insulating tape over them for now...

* PSPkiller dons his tin-foil hat.

if they are watching you using your cam nd mic there are a million fun things you could do to fudge with them..... use your imagination.......

but have you actually checked your pc to make sure the antivirus isn't lying?

I've just phoned up Toshiba and talked to an advisor (who could actually speak English). After expolaining everything I'd discovered to him he did a quick search through his database of facts and figures and it turns out that Toshiba install this software in the BIOS of their computers for the purpose of recovering 'borrowed' computers. If I report it 'borrowed' a message is sent out to it that activates the software. It'll then keep Toshiba updated on it's location every 15 minutes and take a picture with the webcam every 5 minutes. I can also ask for them to remotely detonate a "data bomb" which zeroes the hard drive.

I find it a bit cheeky that I wasn't informed at all of this software's existence on my laptop. Toshiba tell me that it's completely safe and nothing will be done unless I ask them to...

What if someone else asks them to?

PSPkiller Wrote:I've just phoned up Toshiba and talked to an advisor (who could actually speak English). After expolaining everything I'd discovered to him he did a quick search through his database of facts and figures and it turns out that Toshiba install this software in the BIOS of their computers for the purpose of recovering 'borrowed' computers. If I report it 'borrowed' a message is sent out to it that activates the software. It'll then keep Toshiba updated on it's location every 15 minutes and take a picture with the webcam every 5 minutes. I can also ask for them to remotely detonate a "data bomb" which zeroes the hard drive.

I find it a bit cheeky that I wasn't informed at all of this software's existence on my laptop. Toshiba tell me that it's completely safe and nothing will be done unless I ask them to...

I think generally I trust manufacturers of hardware.

^trust no one. did you not watch the tinfoil hat song!