2

I recently installed Ubuntu alongside Windows 10 on my Thinkpad. However, some idiot (who didn't know my password) accessed my computer while I was gone (after I hibernated it) and must have messed with something because when I got back and opened my laptop, I had to type in my Bitlocker recovery key, and even after disabling/reenabling Bitlocker, I still had to type in the recovery key every time I restarted the computer (I eventually had to decrypt and reencrypt the SSD to fix this.)

Now, instead of showing me an option to boot Ubuntu or Windows, it just goes directly to Windows (after the Thinkpad BIOS screen, of course)

This is really weird considering that all the guides on the Internet for uninstalling Ubuntu (that I could find) required a Windows Recovery disc or logging into Windows.

I know that this person had access to no equipment other than the ThinkPad in question and a smartphone with Internet access. Guest account was disabled in Windows, and I doubt he was smart enough to use guest account in Ubuntu (still a possibility though).

So how did he manage to disable the Ubuntu bootloader without a recovery disc when not even the Internet knows how?

UPDATE: It seems that I can't boot into Ubuntu by pressing F12 to select a temporary startup disk.

Keep in mind that this person is not well-versed with computers and didn't have access to any equipment other than an Android phone with Internet access, so he couldn't have opened up the computer or booted up a special OS on a USB stick.

UPDATE 2: Okay, apparently he figured out how to download a VPN app on his Android phone even though we're in China right now (normally you need a VPN to download anything on the Play store since China blocks Google). That's quite impressive. Still, he tried using my computer (probably to browse the web) even though he doesn't know my password (forgot if guest access was enabled though) and at first didn't know what to do when he saw the Ubuntu bootloader, hence why I assumed he was an "idiot"

Note that this guy probably just wanted to use my computer to browse the web, not intentionally disable it or steal anything.

UPDATE 3: No, it probably wasn't a Windows Update or a Lenovo update since none were installed recently. Besides, this happened after I put it in Hibernate mode.

UPDATE 4: Okay, it looks like he could have also used my Chromebook, but only in Guest mode, but it seems irrelevant since I don't see any way it could have been connected to my Thinkpad.

genealogyxie
  • 139
  • Now that I think of it , Grub options allow for silent boot ( i.e. no OS selection screen will be shown ) and setting default entry. It's quite possible that your Grub is there but just boots straight to Windows without an OS screen selection. Problem is that to change this you need to gain root access somehow ( which is quite possible if someone has physical access to your system ) – Sergiy Kolodyazhnyy Jun 20 '16 at 08:27
  • How can this be done? And I doubt guest accounts in Ubuntu allow root access lol – genealogyxie Jun 20 '16 at 08:42
  • Given physical access, anyone with computer knowledge can do ANYTHING to your computer. See this for more: http://askubuntu.com/questions/24006/how-do-i-reset-a-lost-administrative-password – Olimjon Jun 20 '16 at 08:49
  • What about how Windows bootloader has been restored, see this: http://askubuntu.com/questions/124627/wiped-ubuntu-files-bootloader-still-there-how-can-i-remove-it-and-restore-wind?rq=1 – Olimjon Jun 20 '16 at 08:52
  • @Olimjon this guy didn't have access to anything besides an Android smartphone with Internet access, so he couldn't have opened up the computer or booted into a special OS from a flash drive – genealogyxie Jun 20 '16 at 09:21
  • Would it not be more logical for a windows update to have done this? "Keep in mind that this person is not well-versed with computers and didn't have access to any equipment other than a smartphone with Internet access" Then this person did -nothing-. – Rinzwind Jun 20 '16 at 09:25
  • Obviously, this 'idiot' is way smarter than you think. Ironically, he was using a 'think-pad'. Very dangerous stuff. It is quite easy to find Windows passwords using Ophcrack LiveCD. Once having Windows passwords, he could install software like GRUB2Win and mess up with the GRUB (make it silent). OR, even easier, he could get into UEFI menu and edit options to make PC always boot Windows ... somehow. You should consider password-protect your UEFI (bios). By the way, if you can't open and start a PC, you can't mess it in any way. Kinda obvious?!? – ipse lute Jun 20 '16 at 09:29
  • @ipselute Again, he didn't have access to anything besides an Android phone. It might be possible for an Android phone to act as a bootable USB drive and use Ophcrack, but his phone wasn't rooted. I can't find anything changed in the BIOS, though I don't have a photographic memory of it though – genealogyxie Jun 20 '16 at 09:37
  • @Rinzwind Doesn't look like a Windows update did this since the most recent update was installed on 6/17 and was an Adobe Flash update, not some BIOS stuff. Checking "System Update" (Lenovo's update utility) shows nothing. – genealogyxie Jun 20 '16 at 09:59

0 Answers0