Posted by Vince on 6/11/2009, 8:03 am
68.144.14.16
My wife asked me the other day if I would be interested in looking at a friend's computer and see if I could get it running for her. This woman is on social assistance and doesn't have money to spare and therefore, couldn't really afford to take it to a shop etc. It seemed that a friend of hers (now gone from the country) had removed the XP password so that she could boot up more hassle-free. This friend had also downloaded a bunch of "neat" stuff for her from the internet ... like tool bars and games and desktop calender. Some time after the woman had removed the password demand, the laptop was suddenly asking for a password and nothing would work ....... not even the removed previous password.
So I said 'sure'. I'm always interested in new computer challenges.
My wife brought the laptop home and I proceeded to connect it to power and boot it up to see what would happen. It was a Toshiba Tecra S1, a very high-end executive laptop model from about 2004, loaded with XP-pro. She had bought it from a computer shop second hand, maybe a year ago, for about $450.
Well, be darned .... it went through a few preliminary steps and then presented a blue box on a "DOS" screen, asking for a password. It was -in fact- a bios "supervisor" password that was needed and not an XP logon password.
I phoned the lady to find out if her new problem occurred right AFTER the other woman had taken out the XP password. She said no ... she had actually used the laptop for awhile before this new problem popped up.
W-e-ll there's an old trick for removing supervisor passwords from Cmos and that is to drain the power from it until it loses all data retention. You pull the little button battery and let it sit for a number of hours, or ..... you short some clips temporarily to reset it very fast. I though this trick might work.
Question was though, HOW did a password manage to spontaneously set ITSELF ? I'd never heard of such a thing before. So, first off, I did some researching.
The information was muddy as heck. This particular model was rarely mentioned but Satellite models were frequently talked about. It seems that the problem is pretty pervasive in Toshiba laptops and is NOT a bios Supervisor password retention problem at all. Rather, it's a Toshiba security chip (soldered to the motherboard) which acts somewhat like an automated security verifier. It keeps track of the machine hardware, the hard drive serial number and a user password (if one is entered).
WHY this chip occasionally sets a password when none was ever entered ...... is not "well understood" but that some models are prone to do it ....... IS pretty well understood -if not by the public, at least it is by Toshiba themselves!~ There are at least 3 models listed which do it and are covered by factory-defect warranty. Unfortunately, this Tecra S1 wasn't on that list.
So the problem is/was that .......... if you want to KNOW how to fix the problem, the information is a guarded factory secret released only to certified repair outlets. These outlets will charge anywhere from $45 to $85 to do it.
The ASSUMPTION IS that ...... if a person happens to have this problem, they've likely STOLEN the laptop and ......... the ONLY way to resolve the issue properly is to have such a person bring the laptop into a shop for repair and then -presto!- they've got him for questioning and possible arrest, if that be the case. So the idea is good except that it locks one out of legitimate recourse in a case like this.
I was about ready to give up on it but my wife is a former "receptionist" for an electronics repair shop so she's had plenty of experience in dealing with warranty issues. She took it on to do some phoning of her own.
Sure 'nuff, she came up with a couple of leads and I phoned them myself. The first one happened to hit pay dirt. It seemed to be some sort of consumer watchdog organization and yep ....... they KNEW about the problem all right. After a bit of talking, the fellow agreed to send me the info -(on THIS MODEL YET!)- by email. The second lead turned out to be a typical shop response of, "bring it in and we fix it for $85.
It turned out to be a very simple solution but not easy to implement. The palm rest had to come off in order to access a wireless card bay. The card had to be removed, a plastic stick-strip had to be pulled off of the section of cct. board and there on the board, were two contacts which needed to be shorted while the machine was booting up. After 3 tries, I had success. Unfortunately, the instructions went a bit far, advising to pull the ENTIRE TOP off of the unit! Removing plastic off the top is NOT easy since everything is clipped and the plastic becomes brittle over time. I fought with the palm rest for a good half hour before I finally got it removed undamaged.
Now I was able to boot the machine and get into the operating system and ....... it wasn't a pretty sight.
There were two trojans installed and reams of spyware. I sorted through endless lists of games and tool bars and calender stuff to get all the associations between things tracked down and ended up pretty well tearing everything out that she'd downloaded.
The problem was ......... she'd bought this laptop second hand and had gotten no XP installation disc or application with it. So while I would have preferred to install afresh, I didn't have this option since her system was OEM-issued.
After finishing with most of the cleanup, I made an image of the hard drive and stored it. I then partitioned the drive into 3 sections -one for the OS/programs, one for data storage and a third, for holding an auxiliary operating system. ( I ALWAYS like to have two systems on any computer; it's just so much easier to fix problems with a second system to fall back on).
So now, instead of writing the image onto the 3rd "new" partition (which is the assumed method), I used my own method which I often prefer ........ which is to lay out the image in a virtual drive (which allows one to access the contents with Windows Explorer) ......... and then just COPY and PASTE the 3 system folders from the image to the new location. That way, one can leave all the other "junk" behind and just have a stripped version as the second system.
So I copied the 3 system folders over, accessed the registry of the cloned system with remote registry and switched the DosDevices drive letters around and then booted it up from a temporary boot disc to check it out. Everything was fine, (though I DID have a problem on the first attempt and had to do a second DosDevice drive letter switch before it booted correctly).
Thereafter, I went through a few more decoupling procedures and registry cleans and finally, was satisfied that I had two relatively healthy and independent operating systems on board. I then made images of both systems and stored them away.
Well now comes another interesting discovery ...
There were some nice pictures on the laptop which my wife wanted me to save for herself. These were like a slide show screen saver eh? Well, the woman came over and was in a hurry to leave and so, in the hub-bub, I forgot to save these pictures.
'Ah, no problem,' I thought. 'I HAVE the original image, after all. I'll just lay that out in a virtual drive and then find the photos and hook 'em out.'
Well, when I TRIED that, I was highly surprised to find that I could NOT copy the Documents and Settings folder from the image layout! "Permission denied". Yet, remember ......... I'd ALREADY successfully copied this very folder to HER 3rd partition when I created the new cloned OS! So that meant that there was "something" in her laptop which permitted copying that folder to HER machine .... but not to mine!
Hmmm and Hmmpf.
I tried something else. I laid out the image I'd made of her cloned OS, in a virtual drive and then tried copying the Documents and Settings folder from that. No problem! I couldn't find the pictures I was after -(they must have been stored in an esoteric application zip)- but ........ otherwise, everything was accessible and available in that folder, including user settings and stored data.
Thus it would appear that -in this particular Toshiba model, at least- the onboard security chip creates an identity hash which either encrypts or locks permissions for the Documents and Setting folder in XP so that private information stored there, will not be available if the hard drive contents are examined on another machine. All of the rest of the image was quite accessible; just this one folder was not.
I then tried a further experiment. I actually RESTORED the original image to one of my own hard drive partitions to see if it would make any difference.
Well, ok ....... there WAS a small difference. I was now able to access contents of the Documents and Settings folder except for the "Valued Customer" (user) folder. This one locked me out completely. It showed 0 bytes as if it was completely stripped of contents. Yet, after messing around with the permissions a bit, I was suddenly able to see the subfolders of this folder and read properties of 2.7 megabytes -briefly- and then they appeared to be empty subfolders again.
Well, and THEN ........ try to DELETE everything from my drive partition!! Whoo la. There was no way to delete this "ghost" folder. I finally ended up reformatting the partition to get rid of it.
-Vince
Message Thread:
« Back to thread
