Thread: How can I disable HP preloaded datamining?
View Single Post
  #1 (permalink)  
Old 12-27-2006, 08:04 AM
westchase westchase is offline
Junior Member
  
Join Date: Dec 2006
Posts: 3
Post How can I disable HP preloaded datamining?
In a reply to the post I found on this site titled "How can I disable HP preloaded datamining?", here is a copy of HP's scripts that alter the PC's configuration WITHOUT THE OWNER'S CONSENT:

I found reference to these scripts in my PC's Registry at:
Code:
hklm\software\hewlett-packard\cpc\pcintro
In particular, there seems to be a few suspicious folders:
Code:
C:\HP\bin\
and
C:\WINDOWS\system32\pcintro\
and
C:\WINDOWS\system32\pcintro\tools\
and
C:\Program Files\Hewlett-Packard\
In the c:\hp\bin folder, I found some questionable files such as:
Code:
cloaker.exe
commands.exe
spawn.exe
WaitAndDelete.jse -- an ENCRYPTED javascript file
Here's a few snippets of HP's scripts:

C:\HP\BIN\firstboot.txt:
Code:
[commands] 
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\CustomizePC_ALL_WW\CustomizePC_ALL_WW.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c C:\WINDOWS\system32\pcintro\laptop.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /c c:\hp\bin\EISDtIconDropper\EISDtIconDropper.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\BTBHost_ALL_WW\BTBHost_ALL_WW.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\FB_EIS_ALL_WW\FB_EIS_ALL_WW.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\AOL_ALL_EN_US\AOL_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\EarthlinkDIALUP_ALL_EN_US\EarthlinkDIALUP_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\Yahoo_toolbar_ALL_EN_US\Yahoo_toolbar_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\MSN90_ALL_EN_US\MSN90_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\Netscape_Browser_ALL_EN_US\Netscape_Browser_ALL_EN_US.bat"
"c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\Vonage_ALL_EN_US\Vonage_ALL_EN_US.bat"
The "c:\hp\bin\cloaker.exe" application which, by its name, is intended to hide its true purpose from the PC owner.

One of the above scripts (shown in red) resides in folder: C:\WINDOWS\system32\pcintro\

That same folder contains a file "autorun.exe" which was a shortcut on my desktop titled "HP Easy Setup". What a sneaky lure.

C:\WINDOWS\system32\pcintro\LAPTOP.BAT:
Code:
REM Check if necessary variables and tool exist
if not defined ISO_LG set ISO_LG=EN
xcopy %SystemRoot%\system32\pcintro\tools\*.exe c:\hp\bin\ /y /d
xcopy %SystemRoot%\system32\pcintro\tools\*.jse c:\hp\bin\ /y /d

REM ******FROM firstboot.txt************
REM ***Setup warranty reminders***
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\clean.bat

REM ***Setup Registration reminders***
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat
start /wait c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\clean.bat

REM Use localized program name
start /wait c:\hp\bin\uini "%SystemRoot%\system32\pcintro\strings.js" %ISO_LG% StartPage[0] ESName "%SystemRoot%\system32\pcintro\a.bat"
call "%SystemRoot%\system32\pcintro\a.bat"
if defined ESName set ESName=%ESName:~1,-2%
if not defined ESName set ESName=Easy Setup
reg add HKLM\SOFTWARE\Hewlett-Packard\cpc\pcintro /v AppName /d "%ESName%" /f
if exist "%SystemRoot%\system32\pcintro\a.bat" del /q "%SystemRoot%\system32\pcintro\a.bat"

REM Modify Start menu shortcut
%SystemRoot%\system32\pcintro\iaccess.exe %SystemRoot%\system32\pcintro\IaccessDelShortcut.ini
wscript %SystemRoot%\system32\pcintro\ReplaceIAccessShortcut.vbs "%ESName%" "%SystemRoot%\system32\pcintro\autorun.exe" //B //Nologo

REM *********FROM Before.bat******************
reg add HKLM\SOFTWARE\Hewlett-Packard\CPC\PCINTRO /v later /d 0 /f
reg add HKLM\SOFTWARE\Hewlett-Packard\CPC\PCINTRO /v PLATFORM /d MCD /f
:: auto-start removed for cNB - autorun invoked from PININST.INI (kr 11-Oct-2005)
:: "%SystemRoot%\system32\pcintro\autorun.exe"

C:\WINDOWS\system32\pcintro\firstboot.BAT
Code:
REM ***Add Launched to RunOnceEx in case launched from EIS***
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\0002

/--forced line break--/

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry1 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\Before.bat" /f

rem *Moved to Before.bat* reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry2 /d "%SystemRoot%\system32\pcintro\autorun.exe" /f

REM ***Setup warranty reminders***
if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_us" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry3 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat" /f
if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_ca" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry3 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat" /f
if /i "%ISO_LG%_%ISO_COUNTRY%"=="fr_ca" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry3 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\install.bat" /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry4 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\warrantyreminder\clean.bat" /f

REM ***Setup Registration reminders***
rem if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_us" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry5 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat" /f
rem if /i "%ISO_LG%_%ISO_COUNTRY%"=="en_ca" reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry5 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat" /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry5 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\install.bat" /f
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\0002 /v Entry6 /d "c:\hp\bin\cloaker.exe %SystemRoot%\system32\pcintro\registerreminder\clean.bat" /f

REM **Set Platform Key**
reg add HKLM\SOFTWARE\Hewlett-Packard\CPC\PCINTRO /v PLATFORM /d CPC /f

REM ***Change 404 page destination***
rem @setlocal
rem for /f "usebackq tokens=3,*" %%I in (`reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ISPSignup.Exe" /Ve ^| find /i "IspSig"`) do Set ISPApp=%%J%
rem call :getApp "%ISPApp%"
rem goto :next

rem :getApp
rem echo %~s1
rem c:\hp\bin\uini.exe "c:\windows\system32\oobe\oobeinfo.ini" "Signup" "ISPSignupApp" "%~s1"
rem goto :next

REM Use localized program name
start /wait c:\hp\bin\uini "%SystemRoot%\system32\pcintro\strings.js" %ISO_LG% StartPage[0] ESName "%SystemRoot%\system32\pcintro\a.bat"
call "%SystemRoot%\system32\pcintro\a.bat"
if defined ESName set ESName=%ESName:~1,-2%
if not defined ESName set ESName=Easy Setup
reg add HKLM\SOFTWARE\Hewlett-Packard\cpc\pcintro /v AppName /d "%ESName%" /f
if exist "%SystemRoot%\system32\pcintro\a.bat" del /q "%SystemRoot%\system32\pcintro\a.bat"

REM Modify Start menu shortcut
%SystemRoot%\system32\pcintro\iaccess.exe %SystemRoot%\system32\pcintro\IaccessDelShortcut.ini
wscript %SystemRoot%\system32\pcintro\ReplaceIAccessShortcut.vbs "%ESName%" "%SystemRoot%\system32\pcintro\autorun.exe" //B //Nologo

Reply With Quote