just

It depends on if the device is using BIOS, UEFI - legacy mode, or UEFI.
For BIOS and UEFI - legacy mode devices, the OS boot files are located on track 1, sector 0 of the hard/SSD disk partition where the OS is installed.
For UEFI devices, the OS boot files are contained within the BCD store which in turn is located in a boot directory within the UEFI; i.e. System  Reserved, partition.

Yes.

?

Hello,

Quick update:  I spoke with one of the researchers involved with ESP (EFI System Partition) malware analysis, and he recommended removal and replacement of the entire partition to ensure the integrity of the computer.

Regards,

Aryeh Goretsky
 

Hello,

Let me see if I can provide some clarification here:
Since the DOS-era, ESET's software has detected and removed threats from the Master Boot Record (MBR), which is the first sector on a hard disk drive (or SSD, these days) that contains some bootstrapping code, plus the partition table of data that tells the computer how the hard disk is formatted.  This works for both older MBR and newer GPT partitioned disks.  ESET's software also detects and removes threats from the boot sector (volume boot record) of each partition on a drive. 

Coincidentally, the very first computer virus I ever dealt with on my very first day in the antivirus industry back in 1989 was a boot sector infector.  You can read about how I nearly bungled that here.
  ESET does detect threats in firmware.  The two types of firmware encountered are BIOS (Basic Input Output System) firmware, introduced with the IBM PC's Industry Standard Architecture in 1982, and UEFI (Universal Extensible Firmware Interface), which was introduced in 2005 by Intel to replace the older standard.

Removing a threat from firmware requires rewriting it.  In the case of BIOS-based firmware, that is usually going to require going to the computer or systemboard manufacturer, getting a clean copy of the BIOS firmware image, and reflashing the BIOS.  For UEFI firmware, the process would be similar.
  A UEFI-based system often has an ESP (EFI System Partition) associated with it, sometimes just referred to as a system partition.  The ESP is a special partition that can contain boot loaders (handy if you have a drive partitioned to multiboot different operating systems) as well as additional device drivers needed by the firmware to initialize the computer's hardware that are too big to reside in the firmware itself.

As far as removing a threat from the ESP goes, that is a little harder to say because we have seen so few of these types of malware.  Depending upon the infection we may be able to remove it, but it could require working with one of our specialists.  It might be quicker to delete the EFI System Partition and replace it with a new, uninfected one. As far as preventing threats to these areas of system goes, ESET can indeed block them.  The proviso here is that the operating system would already need to be loaded and ESET's software running when the attack occurred.  The scenario for this kind of attack would be a dropper trying to write to to the MBR, VBR or ESP, or be trying to flash the BIOS or UEFI firmware with its malicious payload.

For more information about these types of threats and how ESET combats them, I would suggest becoming a regular reader of our blog, WeLiveSecurity.

Regards,

Aryeh Goretsky

 

You are probably good my friend , if ESET is not detecting anything , probably there is nothing.
If you are still unsure of ESET , you can have a second opinion scanner for example like Kaspersky which can also scan UEFI and compare the results , still you don't trust both of them , just flash the firmware and then you are good to go like you bought this motherboard new, still you don't trust the firmware flash , open your window , make sure no one is downstairs , and throw the motherboard like a Catapult
But short answer to you , all AntiViruses can only show you that there is threat there but cannot remove it for you , you have to flash a firmware or get rid of the motherboard.
But to end your paranoia , most likely you have nothing there , and those rootkits are made specially to spy on high-value targets like Governments , Hospitals , Politicians , high-tech companies , corporations
No one will spend long days to make a stealthy rootkit , to infect a person like me , where you only can find games and personal stuff on PC which isn't valuable for the attacker , even if the attacker wants to blackmail me for them , it's pointless , he can take them and have fun and also post it worldwide , it doesn't hurt me
It hurts people who have sensitive information like big companies or governments or hospitals who cannot share info about their patients, etc...
But a rootkit is very good for a Government that is spying on another Government for an example , that way the rootkit is so helpful for A government , to take information from B government while staying stealthy , we had several examples of governments doing so with different ways not only Rootkits.
I doubt there is someone after you that is so much good with malware development and decided to infect you with some Rootkit , or it can be possible you went somewhere wrong and infected yourself with a rootkit
But rest your mind , if ESET is not showing you anything wrong or weird , then you are probably good , but still like I said before you can still change the motherboard or flash a firmware again , then you can be sure that there is nothing wrong inside it
 

Acer is the PC manufacturer.
Again, look for a setting in the BIOS options titled, Boot mode selection. If the setting doesn't exist, then your motherboard is using a BIOS versus UEFI.

It's the only answer you can get , AVs cannot modify inside the BIOS/UEFI , they are limited or it's their choice not to touch since it can damage the whole computer if a mistake is done
Flashing a BIOS/UEFI firmware again will get rid of what trouble it had before, sometimes it can introduce bug-fixes
AVs can only detect the threats but won't remove it for you
You have to flash a firmware to get it removed
And don't worry about Paranoid , I understand your feeling when you think that your pc is infected somewhere it's a bad feeling , I know it , getting rid of the motherboard will get you a feeling that you no longer attached to the same firmware
but flashing is also good and can work

You can just to the BIOS/UEFI settings and from there you can decide if it's UEFI/BIOS , because it would be written somewhere in the settings.
Since you've made multiple topics about threats of UEFI/BIOS, if ESET isn't detecting anything most likely there is nothing there , because those rootkits usually target high-value targets , like governments and stuff like this
You can enable Secure Boot , which prevents other stuff from loading on startup like a rootkit/malware in BIOS/UEFI if it's available
 
If you are really sure and paranoid about that UEFI/BIOS chip that it's infected , just throw the motherboard from the Window , it's the most secure option
Or flash the UEFI/BIOS from Motherboard's model page from manufacturer website , and after that your UEFI/BIOS is clean , since you flashed it from official manufacturer website
If there was something in there , it shouldn't be able to survive the flash.

Most likely it is. The setting in the BIOS is usually in a section titlled, "Boot mode selection."

Windows system information will show the manufacturer and model number of your motherboard. Go to the manufacturer's web site for further details on motherboard specifics.
There is a BIOS Mode section in system info. display. This setting will contain the word "UEFI" if the motherboard has been set to boot to UEFI mode.

 

The above said, UEFI based motherboards do have some chip based firmware components to them. Here's an example of malware that abuses those:
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Since Eset can detect Lojax, it is assumed the same goes for Moonbounce. Removal of it is an entirely different issue.

This article explains the difference between BIOS and UEFI based PC's: https://www.freecodecamp.org/news/uefi-vs-bios/ .
The main difference is BIOS settings are stored in chip based firmware whereas UEFI settings are stored in a file.

ESET can scan UEFI which replaced BIOS in modern systems.

I don't really know much but all malware has the potential to steal data, cause damage etc. Just avoid dodgy websites, keep windows, software, AVs etc. Up to date

Any malware could potentially steal stuff

I'm confused about your post.
Do you think you are infected or is this theoretical? Any type of malware could be designed to steal stuff.
I'm no expert but if your safe e.g. avoid dangerous websites you should be okay. 

Possibly if you are infected. But if you think you are just flash your bios

I will add that a virus has to be found for protection to be added.
It's not impossible that a virus is out there that has been out for years and never detected. But as people have said these viruses are probably used on a select number of computers as the more computers used the more likely someone will detect something.
Some vulnerabilities can exist for years without being detected. I'm sure the Intel spectre one did. The NSA and other government companies actually look for vulnerabilities and keep them to their selves so they have stuff they can use, rather than reporting them and getting them fixed 

Depending how is the Rootkit is developed to do so , some of them will drop malware on operating system load , they will load their driver through the firmware or something like this I could be wrong , but someone at ESET or at this forum can be more detailed than me
Eset will detect it , but cannot remove it
You will have for example if your PC was HP , you will need to go to HP website , download UEFI/BIOS , Flash UEFI/BIOS and then the rootkit shall be gone.

Yes they can load malware into your PC , no matter how much you format the hard disk , they can come back through the firmware.
and yes ESET can detect UEFI/BIOS threats and alert you about them

You can name it however you like , UEFI Virus or UEFI Rootkit , end of the day , they are doing malicious work
Difference between those and normal viruses that go to operating system , that in Operating System you can remove the virus by using an Anti-Virus or by re-installing Windows
When that Virus or Rootkit infects the Firmware , then it can survive formatting the hard disk and stuff like this , and the only way to remove it , is to flash again UEFI/BIOS from Manufacturer website.
Even if ESET or whatever Antivirus you were using detected a BIOS/UEFI Threat , it cannot do anything to do it , you have to flash the firmware again from Manufacturer website
ESET explains about them more here : https://help.eset.com/glossary/en-US/rootkits.html
And about other types

Depends on the complexity of the exploit and if the attacker chooses to share it with other attackers. But it is entirely possible for something to go undiscovered for years.
I'm no expert on the matter but my understanding is this would be more likely to be a state backed finding. Which again would really only be interested in high level people. 

If a new virus uses the same techniques as a previous virus, then there is a good chance that it will be detected. If the people who made the virus discover a new exploit, then it wouldn't be detected. But at the same time, they are not going to waste that on attacking a random person's computer. They'll save that for attacking a high-level person's computer e.g., a politician or CEO. As once the anti-virus companies pick up on this then the exploit becomes worthless. 
For regular people this isn't something you will have to worry about. 

Eset will protect you from viruses it knows e.g. ones it already has seen and so has signatures for them. 
Eset also has technologies designed to protect the users from malware unseen before e.g. identifying possible malware by looking for suspicious activity.
However this type of detection is never going to be 100 percent. For example some new malware could be spread that is clever at hiding what it does and so the malware may not be detected for a while.
As Itman has mentioned all antivirus software has this problem as without a signature it can be hard to detect unknown malware. It could be begin as in hide what it does while it's being checked out by the AV and abuse  legitimate programs, processes etc. with the goal to mask and hide it's activities. Also the processes used to find new malware can also lead to false positives where something is flagged as malicious but it isn't