Jump to content

Recommended Posts

Hi

tried SysRescue live cd, clicked boot but am unshure if it checked the Uefi bios for rootkits.

How to scan the UEFI Bios?

Thanks

Share this post


Link to post
Share on other sites

It's not possible. ESET for Linux does not scan UEFI.

Share this post


Link to post
Share on other sites

So how to do that? On my new laptop I have win10 but with mcaffee trial.

Share this post


Link to post
Share on other sites
Posted (edited)

I am not sure SysRescue will scan the UEFI. According to this: https://support.eset.com/kb3509/?locale=en_US&viewlocale=en_US , it only scans boot sectors. Appears to me you will have to use an Eset installed product to scan UEFI.

-EDIT- You can give Eset's Online Scanner- installed version, a shot and see it has a setting to scan the UEFI: https://support.eset.com/kb2921/?locale=en_US&viewlocale=en_US

Edited by itman

Share this post


Link to post
Share on other sites

Thanks but for not messing up also my harddisk I have not connected any hd. Tried the online scanner but seems not to scan uefi bios but am sure to have such a bios trojan on my pc. Why? Because I don't have any hd connected but get Errors even virus found with hiren's boot cd. on  ubuntu i get 2 files in ~.gnupg which is not normal but used to encrypted download of trojan later on.

anything else to do but to return the asus motherboard? already did that twice. Where else could be the Problem?

Share this post


Link to post
Share on other sites
4 hours ago, mike4 said:

Where else could be the Problem?

It is not unheard of for anything firmware related to be possibly infected. For example, any add-on PC Express bus cards such as a network adapter card, etc.. As far as motherboard chipsets go, JMicron ones have long been suspected.

Are  your memory chip card/s from a reliable vendor? 

Share this post


Link to post
Share on other sites

I don't have any network Cards only a ASUS ROG Strix Z390-F Gaming Motherboard 

but I'll return also my Nvidia graphics Card and the ddr4 memory modules as I suspect the memory to be corrupted by the virus. Hopefully that should fix it finally, or could I miss something else?

Share this post


Link to post
Share on other sites

I really think you're being a bit "paranoid" on this issue. If you really believe you have  firmware related malware and you have shown no proof of this, you should have you device checked out by a competent security professional.

Share this post


Link to post
Share on other sites

im not paranoid I'm simply running out of ideas after resending to asus warranty twice the Motherboard.

Share this post


Link to post
Share on other sites
31 minutes ago, mike4 said:

im not paranoid I'm simply running out of ideas after resending to asus warranty twice the Motherboard.

If you are really worried , you could flash your BIOS again with the latest BIOS update from ASUS , Format your PC and reinstall your Windows and see if there is any differences .

Share this post


Link to post
Share on other sites
Posted (edited)
On ‎3‎/‎19‎/‎2019 at 6:20 AM, mike4 said:

So how to do that? On my new laptop I have win10 but with mcaffee trial.

Let's back up to this posting.

I don't know how good McAfee is at detecting UEFI/BIOS malware. However, I do know Eset's AV scanner can detect the same. I suggest you uninstall McAfee. Reboot and install either NOD32 or Eset Internet Security in 30 day trial mode. Either one as part of the installation process with run an in-depth scan on all connected SDDs/HDDs; see below screen shot. This in-depth scan will include an UEFI/BIOS scan.

Ref.: https://www.eset.com/int/home/free-trial/

Eset_Scan.png.e68d0a06bf6a683007ab84a2069ffe77.png

 

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

Thanks I intend to move to eset when McAfee trial ends also because I use both Win10 and Ubuntu. Is there a product line for both os?

Bios flash I did many times, foremost with my old pc before trashing it.

So I'm fed up with Asus and will ask for a refund and buy a similar Motherboard maybe msi etc. Thanks itman for the link.

Last question, should I return today also the RAM memory and Nvidia graphics or is this paranoid?

Thanks again

Edited by mike4

Share this post


Link to post
Share on other sites
6 hours ago, mike4 said:

Last question, should I return today also the RAM memory and Nvidia graphics or is this paranoid?

I would say its paranoid,

The only memory attack I know of is row hammer and it applies to ECC memory which most users don't purchase due to its higher cost: https://www.wired.com/story/rowhammer-ecc-memory-data-hack/ .

As far as a nVidia firmware hack, I never have heard of one.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...