Intel Anti-Theft System Lock -Platform Attack

I have a Dell Inspiron N7010 for repair.
Boots to:
"Intel Anti-Theft system lock due to "Platform Attack Detected"
Time left to enter password: 3594 second (This never changes) (Different figure on every boot)
Please select one of following for platform recovery:
1 User Password
2 Server Token Password

Select one of the above......
Intel Anti-Theft service provider Id: 2000"
----------------------------------------------------------------
Bios shows under Security: Computrace Status:   Activated
Failsafe Status: Deactivated
--------------------------------------------------------------------------
My customer has no knowledge of service on the PC.
Does not recall ever setting a password for this.
This is not a business PC, just used for owner;s email, web surfing, etc.
-----------------------------------------------------------------------------------------
I cannot boot past this, only to F2 and F12.
Cannot boot to CD/DVD or USB.
Have HDD removed with same status.
LVL 2
cfourkaysAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DavidPresidentCommented:
This isn't dell software.   It is McAfee's software.  This link tells you how to get them to override the lock.  
http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS101587
0
btanExec ConsultantCommented:
Based on the provider id (I.e. 2000) reported - it appears to be Absolute Software Computrace instead of McAfee (ie supposedly having Id of 5000), see this for provider ID number to the provider listed http://www.intel.com/support/software/services/sb/CS-034450.htm

See if this can help to cover the recover scenario
- http://www.intel.com/support/services/anti-theft-svc/sb/CS-034444.htm

Overall, the triggers are due typically to hard drive and/or motherboard was replaced. Supposed to be able to deactivate from Intel-AT service online (https://atservice.intel.com/login.action)
- see more steps in (assuming you are aware of the account for this), this is old one but sharing for info
 http://www.intel.com/support/services/anti-theft-svc/sb/CS-033585.htm

Note that there is incompatibility if the running OS has Intel-AT from Mcafee as well as the below co-existing installed in Win7 /8
•Absolute Software*: Lojack for Laptops
•Norton AntiTheft*
•Prey*
•Snuko*
•Symantec PGP*
•WinMagic SecureDoc*
•Laptop Cop*
•McAfee Anti-Theft* 1.5 - TS101371
•Intel® Anti-Theft 1.5
http://www.intel.com/support/software/services/sb/CS-033942.htm

Unless the customer can get back the original HDD and replaced back. Otherwise the online activation will be the route. If it is Intel-AT v2.0 then dlethe has already shared the scenario. Importantly that end of Jan 2015, Intel-AT has discontinued (http://www.intel.com/support/performancetools/sb/CS-034630.htm), doubt you can get any support from Intel, worst case has to go direct to Computrace  (Global contact - http://lojack.absolute.com/en/support/global-telephone-support_

The full Intel-AT troubleshooting listed available in http://www.intel.com/p/en_US/support/category/sftwr-prod/anti-theft-service/trblsht
0
Davis McCarnOwnerCommented:
You ought to be able to go to the Maintenance section of the BIOS (F2) and clear the flag there.

A caution; though, have you checked to see if his hard disk drive is not encrypted on another PC?  If it is and you clear the BIOS, you may lose everything that is on it!
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

btanExec ConsultantCommented:
Just a note, once the Intel-AT is activated which is this case, then it is already a permanent Activate state - no other means to deactivated. There is no means via BIOS to deactivate unless the whole machine is reset including BIOS. Actually we would not want any form of "backdoor" into the AT protection too. No further changes should not be allowed on AT. For failsafe with Intel AT, we can take that out of the discussion since it is deactivated at this moment.
0
cfourkaysAuthor Commented:
I'm working on it, not neglecting. (It's Sunday).
Intel and McAfee are out of the picture. McAfee wants the login information. Was never activated.
I submitted a support case to Absolute Computrace with the serial number and owner's ID.
Came back with no Lojack activation.
Contacted owner who said he never paid or activated anything like Lojack.

Removed the HDD and found the "Reserved" partition OK but the main has "Incorrect parameters".
I'm running a "chkdsk /F /R /X N:" on it but it will take a while.
Even if I clear the drive, I still have the Anti-Theft.
Nothing in the BIOS to deactivate.

CHKDSK just finished and I have the customer's data.
Any final words about resurrecting the PC?

All
0
Davis McCarnOwnerCommented:
A few hits gave the information about using the BIOS to clear the Intel-AT and I have never had to deal with it on a Dell; but, from prior experience with IBM's flavor of the same technology, tell the client he needs a new PC and that you have all of his data.
Sorry......
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DavidPresidentCommented:
The real magic is in the intel CPU.  Forget trying to break it by clearing BIOS.  There is no known (or perhaps published) work-around.  This is anti-tampering/theft FIRMWARE that is managed by several vendors who hook into the API.  The activation doesn't so much as turn it on, it provides a mechanism to turn it off when the PC is tampered with (opened)
0
cfourkaysAuthor Commented:
That's a no-win solution but I really appreciate the replies.
Already informed the customer.
Thanks to all.
Pete
0
btanExec ConsultantCommented:
in fact, if customer know nothing and see no changes or lost (have been out of sight) the laptop before then it is probably the spolit hw or corrupted hdd triggering this. as prev shared, this cannot be deactivated and note that it is activated meaning someone has done that before, I suspect the HDD is reused. Customer should know unless it is not original and is probably second hand ... backup is advocated.

Out of curiosity, I look at Absolute agreement
Things You Must Do.....
b. completely remove the Absolute Technology from a Customer Device prior to your sale or transfer of such Customer Device to another party;

Things You Must Not Do. .....
a. access the Service in respect of a Customer Device at any time other than during a valid Service Term for such Customer Device;
someone may have done it , it shd not be "magical" - in fact, once agent is installed, it will be activated for Computrace
How Persistence Technology Works
•OEMs embed Persistence technology into the firmware of devices at the factory
•Once the Computrace agent is installed, Persistence is activated
•Persistence triggers an automatic reinstallation if an Absolute software client is removed from a device
•The software client reinstalls even if the firmware is flashed, the device is reimaged, the hard drive is replaced, or if a tablet or smartphone is wiped clean to factory settings

What happens if the BIOS is flashed on a computer? Will the Computrace or Absolute Manage software
agent need to be reinstalled?
No. If the Persistence module has been enabled, the self-healing capability will repair the software agent and the
computer will still be protected. The enable/disable state of the Persistence module is stored in a part of the BIOS
that cannot be flashed to remove it.

A note is to remain customer as well Intel-AT is already EOL.  http://www.absolute.com/en/resources/matrices/absolute-computrace
0
cfourkaysAuthor Commented:
btan,
Customer accepted PC is lost. All his data is recovered.
He told me a couple of months ago, a Security Co "CALLED HIM" and told him his computer had been compromised and was loaded with virus's. He let them take over his computer.

Here is what I think happened.
With customers permission, I checked a couple of documents on his Desktop.
What concerned me was a txt file for PC TECH SUPPORT:
---------------------------------------------------------------------------------------------------------------
"The charge on your credit card statement will appear as:
DALPORE.COM (PAYMENT GATEWAY) BASED IN TEXAS (USA)
                  OR
TECHKANGAROOS.COM (PAYMENT GATEWAY) BASED IN SINGAPORE

PRIMARY ISSUE:- getting unwanted pop-ups
+
UNLIMITED TECHNICAL SUPPORT FOR:-one time (30 days)
+
Security: one year Anti-virus + Malware security

Amount Paid: 129.99 USD "
-------------------------------------------------------------------------------------------------------------

Also found "Teamviewer" installed.
I don't know whether this was related but we're seeing an awful lot of this scamming.
0
btanExec ConsultantCommented:
thanks - then refurnished the laptop then, it cannot be trusted ever in compromised state and advice him to change or password and alert his credit card company asap
0
DavidPresidentCommented:
I get a call from scammers every few months telling me my computer is compromised.  Once, just for grins, I had nothing else better to to and kept him on the phone for maybe twenty minutes getting him to explain everything because i "wasn't very good with computers".  I kept him on the hook asking him if I could get a discount if I got my wife's computer and grandchildren's computers protected for next several years since they were living with me at the ranch   (Rambling on about the weather and their favorite TV shows and whatever else popped into my head that had nothing to do with computers).  

Finally I got tired of it and told him that i was just lonely and wanted to talk to somebody, and requested his home number so we could chat again.  

He hung up on me ;)
0
btanExec ConsultantCommented:
Accent and such phone scam attempt is "countered" :)

Teamviewer is remote assistance tool for going into the machine, they definitely did something to trigger this and probably the scam further tampering and trigger off the Intel-AT. Regardless, best also to report complaint @ https://www.ic3.gov/complaint/default.aspx

fyi on "Telephone Tech Support Scam" @ http://www.ic3.gov/media/2014/141113.aspx
0
cfourkaysAuthor Commented:
Thanks, guys
Had already done the above.
Aware of Teamviewer, use it with most of my customers.

About 50% of my cases are Adware. I have mostly senior consumer uses.
Adware Removal Tool is a must for each call.
Thanks again, off to work.
0
DavidPresidentCommented:
The scammers are offshore organized crime groups who use VOIP lines.  It is a waste of time complaining.  The government isn't going to extradite them.
0
btanExec ConsultantCommented:
thanks all
0
Daniel TitarenkoCommented:
Good day every one! I find the solution for me! I have HP Spectre 15-4000. I was replacing keyboard and after that get screen "Intel Anti-Theft system lock due to "Platform Attack Detected"... (Intel Anti-Theft service provider Id: 2000). I never use any Mcafee software
I tried to reinstall bios but cant
And just now i found solution here: https://communities.intel.com/thread/116374
So you need to choose variant 1 (1 User Password) and enter "123456". This passwordworked for me!!!
p/s: Intel support recommended to try password 12345678, but for me approached pass 123456
Good luck!!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.