Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

How can I disable the remote capability of an AMT or Intel® VT-d capable processor? I've been having problems with my PC. It's being remotely controlled even after I zero-filled it.

idata
Employee
1,684 Views

Whenever I boot up, i can't go to the bios settings until the 2nd reboot. It either hangs or asks me to press F2 first. I've already replaced the cmos battery several times.

I cleared the cmos by placing the cmos pins at the clrrtc mode and returning it to the default mode but after that it no longer goes to bios. it just hangs after the checking nvram message.

Here's the message at boot up:

Press F8 for BBS pop-up (I noticed that before it showed, press ESC for BBS pop-up).

The mch is operating with DDR2-533/cl4 in Single-Channel Mode.

Initializing USB controllers.. Done.

......

Checking nvram

then it hangs.

 

What's wrong with the PC?

Also, whenever I'm installing, it defaults to EMS installation, which to my knowledge is remote installation. I tried to disable EMS in dos and i was able to do it but upon reboot, I could no longer access the files, it was already locked.

Please note that I am not connected to LAN or the internet so may I ask why my computer is being remotely-controlled , how and by whom.

I have tried reformatting several times but my installation has been acting weird. The sequence of the installation is changing, the fonts are changing and there was a time the installation displayed was that of windows 98 when in fact what i was installing was windows xp.

Upon installation, I could not access several applications/features/functions. It indicated that i don't have administrator privileges. I checked group policy and found out that the assigned owner is a series of numbers/characters, trustedinstaller, etc. I tried to reassign it to my account but it kept reverting. Later there appeared other profiles which i haven't even created and administrator privileges were assigned to those profiles as well.When I rebooted, I could no longer access group policy, services, local policy, dos, etc. I have been having net security issues as well. This has been a recurrent problem. Please note that when I've been installing, the internet cable wasn't connected. I've tried researching and in some of the sites I visited, there was mention of hacking with the use of emf, so i tried the suggestion to surround the pc with foil. Initially, I was able to reformat but after reformatting, the issue with administrative privileges recurred. So i tried to reformat again. This time around, the reformatting would not proceed and after several tries it would now automatically go to a page indicating that it would proceed with EMS installation. I did my research and found out that EMS installation is done remotely. Apparently, my PC is being remotely controlled but as to how and by whom is subject to investigation which I'd please seek your help on. I tried to surf and found instructions on how EMS can be disabled. I was able to disable it and was able to proceed with the installation but still, the problem with the profile ownership persisted. i had no control over my own account. I tried to reformat again but this time around i had to surf about boot-up issues since i have been having boot-up problems and apparently my pc is being run even before my installation cd is on (CMOS kept on changing settings). The EMS message again appeared and when i tried to disable it, I could no longer use the commands nor access their directory; they were already locked.I tried to use disk manager attempting to zero fill the disk but even the disk managers i used were acting strange. Either they'd freeze or they'd show different disk size or they'd format so fast. So I tried to check the disk via ms dos and found a hidden volume x: sources. The volume label is BOOT. I tried to delete it but I couldn't. I tried to format it but this is what's being shown: formatting 3MCannot format. This volume is write protected. Apparently this is whats being run even if I am changing the values in CMOS.I tried to research on this but there's only one site that appeared when i googled : "formatting 3m"Cannot format. This volume is write protected. This is the ONLY site that appeared:http://roleplayerguild.com/f54/to-whom-it-may-concern-108634/index3.html http://roleplayerguild.com/f54/to-whom-it-may-concern-108634/index3.htmlPage not found When I clicked on the cached data, heres what i found:This is Google's cache of http://roleplayerguild.com/f54/to-whom-it-may-concern-108634/index3.html. http://roleplayerguild.com/f54/to-whom-it-may-concern-108634/index3.html Since you cannot see it directly, here's what'/s written in Google's cache: It is a snapshot of the page as it appeared on 26 Aug 2011 15:44:10 GMT. The current page could have changed in the meantime. Learn moreText-only versionThese search terms are highlighted: formatting 3m cannot format volume write protected In that page, a similar desription of the 3M volume was posted by a member: Aristocat. However the page was removed. it was only when I clicked on Google's cache that i found it.

additional:

Soon after I tried to open it again to get the info requested in your site, I can no longer turn the computer on (no post, mobo light is on though.) Also, right after I posted this issue online, my email account had been acting weird. it's asking for the password several times even when the password i am keying in is right. I also am not receiving email messages or if I do, it will be a day or so many hours late. I have read that one possible explanation how a computer can be remotely-controlled when it's not connected to the net and the LAN is disabled is thru Intel's AMT or VT-D. I have not configured my processor to allow remote control. How can I check if it's running and how can I disable AMT, and VT-D?Also may I ask for your help in disabling the remote-control capabilities of my PC please? Thanks in advance for your kind help.
0 Kudos
2 Replies
idata
Employee
672 Views

You can disable Intel AMT in the Intel ME BIOS Extention. (Consult your motherboard documentation for how to get into the MEBx.)

The Intel VT-d options should be in your regular BIOS setup screens and is usually disabled by default.

Since you say that your PC is not connected to the network, Intel AMT is not likely to be your problem. It can't be remotely controlled by Intel AMT unless you have enabled the network access (EMS is not part of Intel AMT).

Your best bet is to load the latest system BIOS and then contact your OEM if it still hangs at checking NVRAM.

0 Kudos
idata
Employee
672 Views

I tried to clear the bios and initially I was able to do that. However when I tried to use the boot cd again,it froze. I tried another boot CD, I got an "

Interrupt divide by zero Error".

I tried different CMOS editing apps, I kept getting the Interrupt divide by zero Error.

I also noticed that the bios info upon bootup shows a misspelled "versoin".

In one of my attempts to access boot up via freedos , it showed something about a "banana" volume.

When I googled it, I saw an entry about a banana virus, the descriptions of which, it being on the MBR, and it having control over all processes of the PC brior to normal bootup, describes the situation pretty well (although control of my PC processes is more extensive, maybe because I try to troubleshoot each occurence so when it is somewhat "resolved", another pc issue would come up.

http://forums.steampowered.com/forums/showthread.php?t=1358896 http://forums.steampowered.com/forums/showthread.php?t=1358896

http://ivan.13.forumer.com/a/quotinterrupt-divide-by-zero-stackquot-error_post109.html http://ivan.13.forumer.com/a/quotinterrupt-divide-by-zero-stackquot-error_post109.html

I have been researching about this issue for quite some time now and in the forums I have visited, there have been references to cats, catz, bananas, banana virus and most often in urls leading to gamer's or hacker's sites. I have not seen any resolution to this particular PC issue yet.

If it's a hidden volume that allows the memory sandbox to run first prior to system BIOS bootup, how can this hidden volume be removed? Also, how can remote control of sandbox memory be disabled to prevent usage of ordinary gadgets such as smartphones as network bridges ?

http://www.seminarprojects.com/Thread-embedded-systems-ppt-and-smart-phone-full-report http://www.seminarprojects.com/Thread-embedded-systems-ppt-and-smart-phone-full-report

http://www.vmlite.com/index.php?option=com_kunena&Itemid=158&func=view&catid=17&id=8237 http://www.vmlite.com/index.php?option=com_kunena&Itemid=158&func=view&catid=17&id=8237

Thanks.

 

0 Kudos
Reply