No more request for supervisor PW when pressing F1… How come

[Kazan]

I went through a series of nightmares after receiving several security warnings of another IP interfering on my system… Through a wifi connection. Since then, I have had to cure several major software alterations. Some of such repair work being successfully carried out owing much to reading the FAQs in this forum (PXE-E05 error, an so forth). Thank you all

Now I really want to do something about intrusions: hence did I put a password for session opening (so far I had none for the "administrator" account), and I would also like disable the "Wake on LAN" in the BIOS, since my T60 has never been connected to a local network, and since, rightly or wrongly, I consider the Wake on LAN to be threatening the security of my computer. Although I now have cared to put a password to put it out of hibernation, since I have noticed that wifi and HD lids could occasionally be quite active in the midst of the night…

To do so, I need to access the BIOS in supervisor/editor’s mode, my problem being that I am automatically placed in user/reading mode, WITHOUT ANY PROMPT TO LOGIN THE SUPERVISOR PASSWORD any longer. Did I do anything wrong in the course of the various repairs and setting changes that I was urged to make recently? Could it be that the fact of setting an administrator password which is over 7 characters might have clogged the SPW request procedure when pressing F1?… Did any one of you experience such a problem?

Now I have to be clear about this, in case my English be misleading: this is by no means intended to slide into a discussion on ways to bypass passwords and the Lenovo system security settings (Wake on LAN not being one of these, but rather a security hole in my opinion, particularly as is the case when the computer is never used in a network environment).

There being but 3 alternatives:
1) Either my administrator PW is being automatically figured as supervisor PW while booting, as reported to be the case on some machines (and hence I might have made a fault in setting an administrative PW of over 7 characters),
2) or there might be no supervisor PW registered,
3) or else, 3rd possibility, the laptop that I bought 2 ½ years ago might have been factory configured for a large network…

Did I buy a laptop coming from a turned down order, then recycled to the large public? In which case I am bound to a serious discussion with the vendor and local Lenovo service… Yet, before coming to this extreme, I first should understand why the supervisor password is not asked any longer when I press F1, should I not?

[RealBlackStuff]

Welcome to the Forum.
Your story makes very little sense so far. A lot of info seems to be missing.
It could be that someone has/had access to your laptop, and enabled remote access.
This could be within Windows itself, or via a 3rd-party program that was installed with or without your knowledge.
Another option: your machine is infected/hacked into and someone in (Russia, China, pick your choice) is abusing your system.
That would partly explain the strange IP behavior. Do you have a neighbor that doesn't like you (or is a computer nerd)?
Go into the BIOS and switch off Wake-On-LAN.

Your (Windows) administrator password has nothing to do with the laptop hardware password(s). They cannot even communicate.

Either there is a Power-On-Password (POP) on the laptop, or there is a SuperVisor-Password (SVP) on it.
My theory is this: there was only a POP on it, but you removed the CMOS battery. By doing so, and with no other password set, this POP was automatically removed.
The T6x has an option for a password or a passphrase. Password is max. 7 characters, passphrase considerably more.
A passphrase must be enabled first in BIOS, before you can enter it.
From your story, this passphrase was NOT enabled, just the regular 7-char PW.
When you enter this, and you enter more than 7 characters, only the first 7 are registered, the rest falls by the wayside.

You need to do a full scan of your laptop with Malwarebytes (D/L free from the web). Disconnect from the internet before you start, and also switch your router off. Boot your laptop into Safe Mode when you do the scan.
Let us know what you find.

[Kazan]

Thank you so much for taking your time for clearing some confusion of mine (between windows password and the BIOS supervisor one, which indeed I had thought could automatically be linked), and providing me with some path to act (and hope).
Indeed, I do believe that I have been the victim of a hacker’s attack, since not only there were those three warnings about another IP interfering, but also that intense activity noticed once, at night time (it was then that I put a ctrl-alt-del plus password key to quit hibernation).
There is at least a chronological coincidence between the suspected hacking and the recent series of problems I had shortly mentioned (disappearance of proper date/time, causing some booting problem till I could restore them; LAN problem with PXE-E05 error, etc.)
There has never been any POP on my laptop, which I bought new and sealed. To be more precise about the actions I took to solve the LAN defect, I never opened my laptop, and even less physically touch the CMOS. Although knowing it might be somewhat risky, I used IBAUtil instead, as mentioned in this forum (2007), then installed the very latest LAN driver from the Lenovo site, running config.sys to solve the fact that the MAC address had vanished.
It was indeed (and still is) my intent to switch off the Wake-On-LAN, which to my limited knowledge in computer science might be a way for hackers’ intrusion. An action I could not perform, in the absence of that SVP request on F1 (to which I would have answered wrongly anyhow, with that confusion of mine between windows administrative and BIOS supervisor passwords…)
Spybot and AVG are residents on my system, yet I shall make good use of your advise, as to running Malwarbytes in Safe Mode.
Thank you!

[Kazan]

ERRATA and precisions:

After reading through my various notes on the steps that I took to cure the LAN problem, I feel I ought to correct my previous post above.

2) It was not in 2007, but 2006 that the thread about the use of IBAUTtil was edited in this forum (Post subject: T60 - Boot Agent and PXE-E05 errors. Help!; Posted: Wed Aug 23, 2006 12:26 pm)

3) Following that advise, I had used the IBAUtil utility, provided by INTEL, after creating a PE booting CD in DOS, to re-establish the default settings on the eeprom. It actually had a positive effect as to curing the PXE-E05 errors on my T60.

4) However, the MAC address had been erased, which was repaired trough downloading the latest driver on the Lenovo site, then the following procedure: “click on Start/Run, type in cmd and click OK. In the black window that opens, type in ipconfig /all and hit enter. (RealBlackStuff, on another forum – THANKS!)”

5) I should also mention the following warnings, found in discussions concerning basically Linux problems:

http://www.mail-archive.com/e1000-devel ... 00398.html:

“it appears that ibautil should only ever be run on Intel branded PCI/PCI-X/PCIe adapters that plug into a slot. It may have a bug which allows you to run it where you should not… the nvm section that either points to your LAN init area or the NVM section pointed to by that pointer is invalid now.”

“DO NOT USE THIS TOOL ON THINKPADS. The IBAUTIL.EXE tool that it contains is designed only to work with discrete ethernet parts that are on PCI/PCIe cards. It is not at all intended for use with laptop parts, although it is not sufficiently careful to refuse to run on such hardware. Improper use of this tool can leave your LAN firmware corrupted to the point that it will not even enumerate on the PCI bus and you will probably have to have your laptop repaired to restore the LAN functionality.”

Since it may be of use to others, I am considering to reshape this on a thread on its own.

… Still hoping to find the way to re-establish the supervisor password REQUEST when pressing F1, though.

[RealBlackStuff]

After you have established that your lappie is free of evil-doers, and you want the prompt for an SVP back, go into BIOS, select Security and Enable the SVP function.
I would advise to write down the new password and keep it in a place that you will always remember!
I would also suggest to NOT use the fingerprint reader or any other encryption software. If either ever goes on the blink, you will lose your data!

Get rid of AVG and invest some money in ESET NOD32 Antivirus or their Smart Security Suite.
Next step in your security setup: change the admin/access password on your router. Do a hard reset first.
Change the SSID, and don't use WEP, but PSA/TKIP or PSA2/TKIP settings with a password of at least 10 characters.
I suggest to use a large(r) word that has meaning to you (such as e.g.: coffeemaker, StellaArtois, SpaFrancorchamps etc.), rather than a fantasy combination of numbers and small/CAPITAL characters.

[Kazan]

Thank you so much, once again, for your assistance and advices.
I ran Malwarebytes, Rogremover, Spybot,Spywareblaster,and AVG free, all of them not noticing anything wrong.
I then ran Iobit’s Advance System Care, as I do quite often ; in the “system” scanning, I got further into the list of suggestions about possible security holes in my system (actually quite a few of such being enumerated, with the kind of apparently factory set-up I inherited on my laptop, bought as a personal computer, yet presumably a BIOS-fixed machine originally meant to work as a network slave only…)
I then checked in a2hijack everyone of the 39 items being pointed as possible security holes in my system. One of them was striking, a nero.exe file hidden somewhere outside the normal Ahead files in the Program files repertory… So obvious and yet undetected, since the Nero suite worked perfectly, and since the Neroburning tools having reported behaviours similar to Trojans, most of the time, nero.exe lies within the list of troublesome yet “safe” programs… So, there was the real Trojan in my system !!!
I immediately erased it, but I am unable to tell if it had been the cause (rather than the reported repetitive intrusions) of the attack on my LAN network connection Eeprom… Hopefully cured now, although the latest development, only a couple of days ago, had been the vanishing of both LAN and Wi-Fi connection icons on my taskbar, and the refusal to work of the Windows network connections tool…
So, a warning to all readers of this: do carefully check (a simple Windows search being enough) for any possible odd duplication of programs known to prompt false spyware/virus alerts, and hence liable to have been placed in the false alert list of anti-spywares/antivirus tools…

[Kazan]

ERRATUM: the subsequent checking, item after item, on the security hole list was performed by HijackThis (and not a2hijack ; sorry for that mistake)