[Solved] UEFI issue - hacked?

Discussion in 'Processors and motherboards Intel' started by -Tj-, Oct 15, 2019.

  1. -Tj-

    -Tj- Ancient Guru

    Messages:
    16,419
    Likes Received:
    1,499
    GPU:
    Zotac GTX980Ti OC
    bios seems to be questionable- infected?
    [​IMG]

    Nod32 yesterday said I have augur malware in uefi.. idk how?? I resumed pc from sleep and saw that msg.
    https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/


    EDIT:
    Ok, I flashed newer firmware and nod still says it, maybe it just warns me it can be exploited?


    @mbk1969
    Maybe do have any ideas?



    EDIT:

    I've scanned with a few extra scanners
    - northon tool
    -Kasperski tdsskiller
    -malwarebytes

    only nod32 says I'm affected as in exposed to such hack.. Does SecureBoot prevent it?
     
    Last edited: Oct 15, 2019
  2. mbk1969

    mbk1969 Ancient Guru

    Messages:
    8,093
    Likes Received:
    4,835
    GPU:
    GeForce GTX 1070
    May be it means UEFI partition on disk, not BIOS itself?

    You can assign drive letter to UEFI partition and scan it again with different tools.
    Also worth trying a boot from Live disk (USB or optical) which you can download and prepare on some other rig.
     
  3. Caesar

    Caesar Master Guru

    Messages:
    789
    Likes Received:
    290
    GPU:
    GTX 1070Ti Titanium
  4. -Tj-

    -Tj- Ancient Guru

    Messages:
    16,419
    Likes Received:
    1,499
    GPU:
    Zotac GTX980Ti OC
    edit:
    https://support.eset.com/kb6567/
    Ah ok this explained it

    So I'm vulnerable, but not infected. Made panic for nothing lol :D

    I did notice older initial bios had 22, then some in the middle i think 1607 had 21, then final v2103 had 19.
     

  5. -Tj-

    -Tj- Ancient Guru

    Messages:
    16,419
    Likes Received:
    1,499
    GPU:
    Zotac GTX980Ti OC
    Just heads up,

    now I've downloaded modded bios again (nvme mod, newer sata and lan driver), with upgraded cpu firmware to 0x27 instead default 0x19 or OS 0x25 and it came out clean :D


    [​IMG]

    So I guess cpu firmware was to blame..
     
  6. K.S.

    K.S. Ancient Guru

    Messages:
    1,770
    Likes Received:
    416
    GPU:
    RTX 2080 GAMING OC
    wonder if it's confusing the esp with your actual uefi

    Alright @-Tj- after some digging Eset's "UEFI" detection is in reality ESP detection (https://en.wikipedia.org/wiki/EFI_system_partition) not (UEFI)

    Issue
    • Your ESET product notifies you of a UEFI detection (for example, EFI/CompuTrace, Win32/CompuTrace, EFI/Lenovo, Win32/Lenovo)
    • What is UEFI malware and how to prevent them
    • How to resolve detections of applications in UEFI
    (taken from the eset site - https://support.eset.com/kb6567/) for reference EFI/Lenovo etc are ESP malware infections

    I don't believe a Win32 app can scan the UEFI and perform virus removal
     
    Last edited: Oct 18, 2019
    386SX and -Tj- like this.

Share This Page