View Full Version : Big brother

27-07-2003, 13:02:07
Could anyone with a reasonably new Compaq laptop, I don't know if it would apply to desktop units, please have a look to see if they have a hidden folder named system.sys.
This I have just found on my machine, and it appears to be a back door, and stored information retrieval for FBI/CIA inspections, built in by Compaq, and part of their boot procedure.

Since I am not an American, and not covered by the homeland laws, I think it is a blatent invasion of privacy.

Any thoughts....??

Sir Penguin
27-07-2003, 18:36:45
What makes you think it's a backdoor?


No longer Trippin
27-07-2003, 20:11:30
Don't mess with ANY files that are installed by Compaq... those computers can get awfully pissy in a heartbeat when removing certain files installed by them and getting them up isn't fun and tech support is trained to keep calls under 5 minutes, which means you'll just be told to reformat the drive even if it's a problem they can tell you how to fix, 5 minutes is not enough time.

And as SP said, what makes you think it's a backdoor?

It's just the usual proprietary crap that is on compaq's, IBM's, etc. so don't mess with it unless you feel like giving tech support a call only to wait for them to tell you to reformat. They hide a lot of stuff on those machines as the average users has an uncanny knack of f'in stuff up - which means more calls to tech support and thus it cost them more money. Since the average user isn't going to find hidden files, folders, partitions that is what they like to do with some of their files. Hide them and name them things which make you think twice about messing with them.

28-07-2003, 00:50:37
It "appears" to be a back door.....

It would be useless logging emails sent and address books without some way of reading them, not to mention the net contacts logged.

No longer Trippin
28-07-2003, 02:39:45
Your ISP logs contacts through addresses, thus some of the work is done for echelon, echelon is just a big scanner to put it simply. Your email, websites, ICQ chats, etc all are monitored by it, if you raise enough flags it starts keeping records of everything, thus they would have your emails, your porn, your emails to Depends about how their diapers leak, etc. :)

If you don't think your ISP keeps logs, just see what the RIAA is doing... requesting logs of people that use kazaa... in the US no court order is needed, just a proof of copyright by the company and a formal request sent to the ISP. There are laws on the books that will require (in the US) for ISP's to hold that data for up to 7 years. Though the DCMA is on shaky ground as it is, if that goes under the 7 year log idea will fall with it - that's also why it hasn't been pushed as much as the DCMA is easily contestable, just that nobody really has contested it for various reasons.

To get into the system, no backdoor is needed unless your running multiple firewalls, then it may take time, but they'd only do that if they had something against you that was concrete and they didn't want to tip you off by arresting you - like using you to get to everyone else without you knowing.

Why are you so paranoid chagarra? Anyhow if the US wanted a backdoor installed, you wouldn't find it, it would be intergrated with the OS - they wouldn't have Compaq and the like add it in - the less people in the loop the better - and if every tech support idiot knows of it, it wouldn't stay secret for long. Computers are sloppy to begin with, you don't have to have a program making hidden logs of everything, the computer already does that anyhow - ie history folder to be simple - though highly visible example. The even basic data recovery protocols can retrieve deleted information provided it hasn't been written over. Even if it has, why do you think an NSA format is a full format that includes the master boot record and a random writing of one's and zero's after each format across the entire drive TEN times over? It is because they can pull data even after it's been written over if they have to - though they would have to get your computer to do that (as in physically retrieve it).

Still, how does it appear to be a back door... what makes you say that and why?

It is just a file that is proprietary compaq garbage. Deleting it will cause the system to get pissy. Why do they have stuff like that? Well mainly because compaq likes to give you only a part of your drive, the other part is for system restoration and such.

Sir Penguin
28-07-2003, 04:17:48
You could try renaming it and see what happens.


No longer Trippin
28-07-2003, 05:18:31
Same as deletion... it will most likely screw everything up. He said it was in the boot sequence. Also they use a proprietary copy of windows... you can't use a regular cd unless you want to wipe the entire drive and install a fresh copy.... then you have to hope it can find motherboard drivers - which it may not since the board is proprietary as well since it is a compaq.

If it's not in the boot cycle he could try renaming it to see what happens, but it still could be accessed during boot without him knowing... thus if it is missing... it crashes... it could just make the system unstable as all hell until he renames it and resets the system. Or if lucky, it will do nothing.... but generally compaq's in general love their files to death.

In my experience with dealing with Compaq's, it's best to leave those files the hell alone. Compaq's are just miserable little shits to work on when they crash.

28-07-2003, 05:40:51
Who's paranoid.....

I just found the folder, and when it contains a file named CIA.ini, which refers to a file named FBI, in a hidden dir, which is copyright Compaq, and logs damn near everything on my machine. I start to wonder.

And yes I have moved it to a junk directory with no apparent harm.
However it won't be online for a long time, as it is my library and dvd machine

28-07-2003, 05:55:08
Chagarra is well suited to be a cypher-punk.

Chagarra, I'd suggest you run SpybotSD on it. See if it screams about it.

System.sys? Sounds like an old backup file my work used to use. Where it hid a spare backup of the system registry. Also puts me in mind of a few viruses, but if that was what it was, your AV should yell.

You could always reformat your system with a generic Windows if its new and you are worried about it. Frankly, NSA and its friends already have ways to access your system without needing to run anything extra on your box to do it. Just being online makes it easy for them. They don't even need to drive a van by your house then...

28-07-2003, 05:58:37

CIA? Sounds like Compact Investagation Assistant or some such. Does Compaq do remote mousing/watching/assistance programs? That's bee my first guess.

CIA isn't stupid enough to use something with their name so obvious. FBI might... ;)

28-07-2003, 08:00:05
I'm not worried about it, more annoyed.

And it is system sav, not sys as I thought.

The other interesting thing is that after I pulled it off my home net, I had to uninstall Sygate, and reinstall ZA, as I was getting constant incoming attacks, with every trace back to a reserved 44 series address, which ofc I could never find a name for.

Sygate allowed outgoing, ZA doesn't,

28-07-2003, 08:23:21

wrong thread, I thought it was on the 'big brother africa' show, where they fuck every morning under the shower

how very very disappointing

28-07-2003, 18:45:49
Maroule, that would have been in the "Fiction, Film, (Whatever)" forum. Are you watching that? I'd read that it was the number 2 show on the continent of Africa, after CNN.

Chagarra, you say its System.sav? I've got one of those. In %Windows%/System32/config ? That's just your computer's backup of its last good boot, IIRC. It's a WINDOWS standard file, anyways. I can see an OEM making a shadow copy of it to elsewhere. To have an extra copy to restore for any customer who has an critical attack of idiocy (aka Managementitis).

No longer Trippin
28-07-2003, 19:34:43
System.sav... Well that explains everything. CIA is a compaq program for something, I recall seeing it before when working on a friends computer and found it rather odd for a name - which I finally just flat out formatted after pulling all the drivers and saving them just incase. Now he has 2000 instead of XP, but he gained some hard drive space since I wiped the extra compaq partition. Runs better according to him - though that isn't a surprise considering he only had 256 megs of RAM.

29-07-2003, 00:54:33
Windows system sav is a file, this a a large directory with subs, hidden, and named to look like a win file.

I know it's a Compaq program, all I said was that it looked suspiciously like a surveillance watchdog, and I do run 2k, with 512 Meg ram, and 20 Gig on it.

It's more than possible the code monkeys at Compaq have a sense of humour and used those acronyms deliberately. It's also possible that I'm right and it is surveillance. Only someone with more programming skills than I have, could tell me.

29-07-2003, 02:41:19
I've seen the system.sav folder before. I don't think it's a security problem. You can use msconfig.exe to clean out your startup queue. Though it doesn't come with Windows 2000 on the CD, it's available on the web. Maybe you can just copy it from a Windows 98 installation.

I know that some processes running in the background are required by hardware drivers. It's fairly common for winmodems, and on a couple ancient Presario desktops, I've seen audio drivers that needed some process to be started on bootup.

No longer Trippin
29-07-2003, 04:08:30
I would lean towards creativity on naming than anything else. They have them on machines here, which would be illegal (FBI would be "okay" though), and in the tech side, our intelligence isn't stupid, it's when it comes to human intelligence that we fail miserably. Just compaq crap plain and simple.

You can email them and ask what it does, I'd be curious if they would respond. :)

Here is a bunch of horror stories by compaq technicians, the guy who runs it can probably tell you what the file is.


I'm not vouching for anything said on the site, but if even a tenth of it is true, it's pretty damning. That would be your best shot to find out what it is most likely.