Jump to content

I brought a Used PC from a Business, it has monitoring software installed, how can I remove it?

I brought a HP Business PC from a company, the PC had a "mass DVD data writer" attached in the DVD slot, im guessing it may of been used for this, but I am not sure

The PC came with monitoring software & IT management software preinstalled

 

I already wrote all 0's to the whole drive and reinstalled my OS, is it ok to use this PC as my daily driver, given im working with sensitive documents?

Can there still be unwanted code/ software in the BIOS/ firmware that the business uses for monitoring?

 

Im currently using secure boot fyi, should I check if it is the latest version of secureboot and if its working correctly?

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, wowsocoolz said:

reinstalled my OS

Problem solved with this, if you did it using an ISO and clean installed. If you simply 'reset this PC' then that might not cover it, depending on how the organization deploys the OS.

 

Unless there's physical hardware changes they made to the system, like pre-installed USB devices or soldered on stuff (very very unlikely if they've sold it to a regular consumer), then all the configuration they did has been removed with a clean reinstall of Windows.

 

Custom firmware is possible as well, but unlikely, unless you don't trust this organization.

ROG Ally X 

USB4 eGPU RTX 4090 @133%/+230/+500

Builder/Enthusiast/Overclocker since 2012  //  Professional IT since 2017

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, Agall said:

Unless there's physical hardware changes they made to the system, like pre-installed USB devices or soldered on stuff (very very unlikely if they've sold it to a regular consumer), then all the configuration they did has been removed with a clean reinstall of Windows.

Yea, that's kind of what im worried about & the whole reason I made this post

 

I already unplugged the DVD writer from the mobo, if I send a screenshot of my mobo do you think you would be able to look for any soldered parts, I would appreciate it, since i dont know much when it comes to physical hardware

 

5 minutes ago, Agall said:

If you simply 'reset this PC' then that might not cover it, depending on how the organization deploys the OS.

The OS that came pre-installed and the OS im running right now are different, so that wouldn't be the issue

 

Thanks for your response!

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, wowsocoolz said:

Yea, thats kind of what im worried about & the whole reason I made this post

 

I already unplugged the DVD writer from the mobo, if I send a screenshot of my mobo do you think you would be able to look for any soldered parts, I would appreciate it since im not very aware of physical hardware stuff

Sure, as many photos as you want.

 

Its extremely unlikely, what monitoring software was installed? Might give us insite onto the level of configuration the organization you bought the PC from performs. Also, what type of company, like what service(s) do they provide?

ROG Ally X 

USB4 eGPU RTX 4090 @133%/+230/+500

Builder/Enthusiast/Overclocker since 2012  //  Professional IT since 2017

Link to comment
Share on other sites

Link to post
Share on other sites

28 minutes ago, Agall said:

Sure, as many photos as you want.

https://pixeldrain.com/l/Kgac9pnp

 

I didn't want to clutter this post, if you dont trust the link, I can DM the pics to you via this forum

28 minutes ago, Agall said:

what monitoring software was installed?

I brought it and installed a different OS quite a while ago, but I do remember checking the registry keys and some Sys32 driver folders since I was curious, I dont remember the exact name of the software but I do remember it was a low level monitoring tool, something akin to Crowdstrike im guessing.

Since I wrote all 0's to the drive (using linux cmd-line utilities), I dont think even a ring-0 kernel level software like Crowdstrike would survive, only something hardware based like you said

28 minutes ago, Agall said:

Also, what type of company, like what service(s) do they provide?

I brought it from a charity on ebay that does this:

Quote
WeeeCharity is a NON for profit UK registered charity that helps to relieve poverty by offering a FREE complete recycling of computers and electrical equipment to businesses, residential and education facilities.
The equipment can be new, working or at the end of its life we can take it no matter what condition it’s in.
As a fully authorised, environmental agency registered charity, you can trust your equipment is recycled or refurbished responsibly.

BUT, it had the original company's sticker on the side

https://fairline.com/

They are a yachting company

The PC had a "mass DVD data writer" attached in the DVD slot, im guessing it may of been used for this, but I am not sure

The PC came with a NVMe drive and the wallpaper of fairline (the OG yacht company), AND it had some documents from the charity (the only I brought it from) on the desktop, im guessing they didn't need their data to be erased

 

Thanks again for helping, I appreciate it!

Link to comment
Share on other sites

Link to post
Share on other sites

39 minutes ago, wowsocoolz said:

https://pixeldrain.com/l/Kgac9pnp

 

I didn't want to clutter this post, if you dont trust the link, I can DM the pics to you via this forum

I brought it and installed a different OS quite a while ago, but I do remember checking the registry keys and some Sys32 driver folders since I was curious, I dont remember the exact name of the software but I do remember it was a low level monitoring tool, something akin to Crowdstrike im guessing.

Since I wrote all 0's to the drive (using linux cmd-line utilities), I dont think even a ring-0 kernel level software like Crowdstrike would survive, only something hardware based like you said

I brought it from a charity on ebay that does this:

BUT, it had the original company's sticker on the side

https://fairline.com/

They are a yachting company

The PC had a "mass DVD data writer" attached in the DVD slot, im guessing it may of been used for this, but I am not sure

The PC came with a NVMe drive and the wallpaper of fairline (the OG yacht company), AND it had some documents from the charity (the only I brought it from) on the desktop, im guessing they didn't need their data to be erased

 

Thanks again for helping, I appreciate it!

I would just post them into the post, nothing wrong with that. I do in fact not trust links.

 

The company probably purged as much as their IT department found necessary, they clearly didn't care much if they left Crowdstrike on it.

ROG Ally X 

USB4 eGPU RTX 4090 @133%/+230/+500

Builder/Enthusiast/Overclocker since 2012  //  Professional IT since 2017

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Agall said:

I would just post them into the post, nothing wrong with that. I do in fact not trust links.

20240812_172756.jpg

20240812_172809.jpg

20240812_172816.jpg

20240812_172822.jpg

4 minutes ago, Agall said:

The company probably purged as much as their IT department found necessary, they clearly didn't care much if they left Crowdstrike on it.

Yep, your probably right

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, wowsocoolz said:

20240812_172756.jpg

20240812_172809.jpg

 

 

Yep, your probably right

Yeah, looks standard. If you reinstalled Windows fresh, I wouldn't worry about it.

ROG Ally X 

USB4 eGPU RTX 4090 @133%/+230/+500

Builder/Enthusiast/Overclocker since 2012  //  Professional IT since 2017

Link to comment
Share on other sites

Link to post
Share on other sites

Install newest BIOS from HP to exclude any custom BIOS (unlikely, though).

 

If you used some secure erase to the SSD, and installed Windows fresh, all should be good. 

 

I don't understand what that DVD thing is. Is that just a DVD writer? 

 

If you truly work with CIA level data, don't buy used hardware. If you are a normal person, the above should cover you. 

 

Note the NSA, GRU et al can access your computer regardless. So, panicking about what that business put on is pointless.

 

No signature

 

Link to comment
Share on other sites

Link to post
Share on other sites

If you're REALLY paranoid, install Linux, as it uses a completely different boot system. Don't worry about being online, it will still install and then you can reinstall Windows. The basic Linux installation takes less that 10 minutes and

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Thomas53 said:

If you're REALLY paranoid, install Linux, as it uses a completely different boot system. Don't worry about being online, it will still install and then you can reinstall Windows. The basic Linux installation takes less that 10 minutes and

I already use linux 🙂

Link to comment
Share on other sites

Link to post
Share on other sites

16 minutes ago, Lurking said:

I don't understand what that DVD thing is. Is that just a DVD writer? 

The label of the DVD writer says "Super multi DVD writer", I cant find much when I search for it, it has no DVD insert port, its just a "cuboid" in the shape of a dvd reader

 

16 minutes ago, Lurking said:

Note the NSA, GRU et al can access your computer regardless. So, panicking about what that business put on is pointless.

Are you referring to the Intel MEI? I dont think you can just state such a blanket accusation like this without any evidence, if you can provide me some, I would be happy to read it

Link to comment
Share on other sites

Link to post
Share on other sites

8 minutes ago, Thomas53 said:

Smart man or woman!!

I recently switched, now im using Window Tiling, Ricing, etc.

With proton-GE & proton.db, a lot compatibility issues have been resolved which prompted me to switch, I mostly use FOSS software anyways, so I dont really need proton

 

What distro do you run?

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, wowsocoolz said:

Are you referring to the Intel MEI? I dont think you can just state such a blanket accusation like this without any evidence, if you can provide me some, I would be happy to read it

Any connected computer or phone can be accessed inc.microphone and camera. Read Edward Snowden's book. 

 

They likely won't target you specifically unless you are of interest. But if you are of interest, they can. Read up on what the Patriot act legalized.

 

There likely are some counter measures you can take. But they also improve abilities. 

 

 

No signature

 

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, wowsocoolz said:

I brought a HP Business PC from a company, the PC had a "mass DVD data writer" attached in the DVD slot, im guessing it may of been used for this, but I am not sure

The PC came with monitoring software & IT management software preinstalled

 

I already wrote all 0's to the whole drive and reinstalled my OS, is it ok to use this PC as my daily driver, given im working with sensitive documents?

Can there still be unwanted code/ software in the BIOS/ firmware that the business uses for monitoring?

 

Im currently using secure boot fyi, should I check if it is the latest version of secureboot and if its working correctly?

I've never seen a company actually turn on lojack/computrace. Yes, HP/Dell computers might have it in the BIOS, but ... well...

https://i.dell.com/sites/content/shared-content/services/en/Documents/computrace-ap.pdf

 

I  think it mostly just gets ignored by companies IT people because they cycle hardware out every 3 years and don't see the hardware as needing to be found/reclaimed and rather would remote wipe it or have a company policy to have all company data not leave the office (Eg must be stored on network/cloud resources that require the VPN to be logged in)

 

If you have wiped the machine, unless there is a BIOS password you can't get into, I'd just say go into the BIOS and make sure the computrace/lojack feature has been turned off, if it has it at all. 

 

The other thing you might be thinking about is the Intel ME or IPMI or some other version of Intel's own remote management, and again, most companies I have dealt with, didn't use it, nor did they use hp/dell's either. 

 

If you, personally, are worried about carrying sensitive documents on a device, don't. Just don't put sensitive stuff on a device unless you're willing to do the song and dance to get bitlocker setup, and even then, it's a pain. There are different tiers of sensitive documents:

- Your photos, not sensitive enough to warrant security unless they are for a military or security reason. Store on encrypted USB mechanical hard drives at best.

- Taxes, Resumes, financial data, store on a USB drive that uses MFA to unlock

- Passwords - use an iPhone, or use a password management tool that stays on a second device not attached to your PC.

 

Anything else, video work, photography work, business documents, might be of sensitive nature, but often aren't really valuable except to a specific audience, so the worst case scenario is someone stealing the PC itself. To that end, PC steel cable locks do exist and can be retrofit to all computers that do NOT have tempered glass in them. Laptops all have "lock" holes on them, but they'll only keep someone from opportunistically running off with it. 

 

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, wowsocoolz said:

I recently switched, now im using Window Tiling, Ricing, etc.

With proton-GE & proton.db, a lot compatibility issues have been resolved which prompted me to switch, I mostly use FOSS software anyways, so I dont really need proton

 

What distro do you run?

Arch, the only Linux distro.

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, Thomas53 said:

Arch, the only Linux distro.

Or Linux Mint with Cinnamon desktop. I've only installed over 100 so find it easy and it is an easy system to use.

Link to comment
Share on other sites

Link to post
Share on other sites

16 hours ago, wowsocoolz said:

The label of the DVD writer says "Super multi DVD writer", I cant find much when I search for it, it has no DVD insert port, its just a "cuboid" in the shape of a dvd reader

 

Are you referring to the Intel MEI? I dont think you can just state such a blanket accusation like this without any evidence, if you can provide me some, I would be happy to read it

Out of curiosity - does the DVD drive have a small rectangular button down low on the face of it (usually bottom-right corner), and does anything happen if you pressed that button whilst the drive has power connected?

It's likely just a regular DVD drive with a slide-out tray to put the disc in, as slot-loading optical drives aren't a super-common things in desktops outside of older Apple Mac systems (like pre-2015 or so) in my experience.

Link to comment
Share on other sites

Link to post
Share on other sites

17 hours ago, Technous285 said:

Out of curiosity - does the DVD drive have a small rectangular button down low on the face of it (usually bottom-right corner), and does anything happen if you pressed that button whilst the drive has power connected?

It's likely just a regular DVD drive with a slide-out tray to put the disc in, as slot-loading optical drives aren't a super-common things in desktops outside of older Apple Mac systems (like pre-2015 or so) in my experience.

You are probably right haha, it had a button that I could press on the side

However I unplugged the DVD drive from the mobo

Link to comment
Share on other sites

Link to post
Share on other sites

On 8/12/2024 at 10:48 PM, Kisai said:

I've never seen a company actually turn on lojack/computrace. Yes, HP/Dell computers might have it in the BIOS, but ... well...

https://i.dell.com/sites/content/shared-content/services/en/Documents/computrace-ap.pdf

 

I  think it mostly just gets ignored by companies IT people because they cycle hardware out every 3 years and don't see the hardware as needing to be found/reclaimed and rather would remote wipe it or have a company policy to have all company data not leave the office (Eg must be stored on network/cloud resources that require the VPN to be logged in)

 

If you have wiped the machine, unless there is a BIOS password you can't get into, I'd just say go into the BIOS and make sure the computrace/lojack feature has been turned off, if it has it at all. 

 

The other thing you might be thinking about is the Intel ME or IPMI or some other version of Intel's own remote management, and again, most companies I have dealt with, didn't use it, nor did they use hp/dell's either. 

 

If you, personally, are worried about carrying sensitive documents on a device, don't. Just don't put sensitive stuff on a device unless you're willing to do the song and dance to get bitlocker setup, and even then, it's a pain. There are different tiers of sensitive documents:

- Your photos, not sensitive enough to warrant security unless they are for a military or security reason. Store on encrypted USB mechanical hard drives at best.

- Taxes, Resumes, financial data, store on a USB drive that uses MFA to unlock

- Passwords - use an iPhone, or use a password management tool that stays on a second device not attached to your PC.

 

Anything else, video work, photography work, business documents, might be of sensitive nature, but often aren't really valuable except to a specific audience, so the worst case scenario is someone stealing the PC itself. To that end, PC steel cable locks do exist and can be retrofit to all computers that do NOT have tempered glass in them. Laptops all have "lock" holes on them, but they'll only keep someone from opportunistically running off with it. 

 

Thanks for the exhaustive writeup, you basically covered all the remote management software's that I was worried about

Will take your advice

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×