Jump to content
Rami

a variant of EFI.CompuTrace.A

Recommended Posts

Hello ,

I am encountering a Dell Optiplex 5250 (AIO) , when enabling unsafe applications scan , and scanning the UEFI (Deep Scan) it will show me a variant of EFI.CompuTrace.A , while the startup scan doesn't

So I did understand that the BIOS is very old and should be updated , so I went to Dell website and downloaded the latest BIOS which is July 2019 , I have flashed the up-to date BIOS , and I scan again , ESET still detects the CompuTrace

 

Can anyone explain to me more about the CompuTrace ?

 

Thanks.

Share this post


Link to post
Share on other sites
Posted (edited)
7 minutes ago, Marcos said:

I will try to begin with Secure Boot and try again.

Do you know why it doesn't get detected in the Startup scan?

Thanks for the information Marcos

Edited by Rami

Share this post


Link to post
Share on other sites

@Marcos, Secure Boot didn't fix it , BIOS is up-to date , there is nothing I can do about it right ? , old piece of hardware?

Share this post


Link to post
Share on other sites
Just now, Rami said:

@Marcos, Secure Boot didn't fix it , BIOS is up-to date , there is nothing I can do about it right ? , old piece of hardware?

It happens that vendors don't provide an updated UEFI firmware without CompuTrace. In such case, the only solution is to exclude the pot. unsafe application from detection by the detection name as suggested in the KB.

Share this post


Link to post
Share on other sites
6 minutes ago, Marcos said:

It happens that vendors don't provide an updated UEFI firmware without CompuTrace. In such case, the only solution is to exclude the pot. unsafe application from detection by the detection name as suggested in the KB.

Ok thank you for the assistance.

Share this post


Link to post
Share on other sites
Posted (edited)
On 7/25/2019 at 11:17 AM, Rami said:

So I did understand that the BIOS is very old and should be updated , so I went to Dell website and downloaded the latest BIOS which is July 2019 , I have flashed the up-to date BIOS , and I scan again , ESET still detects the CompuTrace

Can anyone explain to me more about the CompuTrace ?

CompuTrace on Dell PCs can be disabled via BIOS/UEFI setting. Since you just updated your UEFI? the setting might now be called "Absolute." Refer to this Dell article: https://www.dell.com/support/article/us/en/04/sln316123/computrace-replaced-by-absolute-module-in-newest-bios-revisions?lang=en and other related articles on the Dell support web site.

BTW - old hardware only use a BIOS. Newer hardware contain both a BIOS and UEFI. Lojax and like malware only affect the UEFI.

-EDIT- Eset's classification of Computrace is correct. It is a potential unwanted application as contrast to Lojax which is malware.

 

Edited by itman

Share this post


Link to post
Share on other sites

Also there is some confusion about terminology. Computrace was originally named Lojack. There is a Trojanized malware version of Lojack which Eset name "Lojax" that is creating the confusion:

Quote

Starting in at least early 2017, trojanized versions of an older userland agent of the popular LoJack anti-theft software from Absolute Software were found in the wild . We call this trojanized LoJack agent LoJax . LoJack attracted a lot of attention in recent years as it implements a UEFI/BIOS module as a persistence mechanism .

https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf

Of note is Eset's detection for the malware version is LoJack agent LoJax.

Share this post


Link to post
Share on other sites
10 hours ago, itman said:

Also there is some confusion about terminology. Computrace was originally named Lojack. There is a Trojanized malware version of Lojack which Eset name "Lojax" that is creating the confusion:

https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf

Of note is Eset's detection for the malware version is LoJack agent LoJax.

ESET is detecting CompuTrace , as far as I see because it's set in the BIOS even though it's deactivated , still the same , there is an option to disable , I will try that and scan again.

Share this post


Link to post
Share on other sites
37 minutes ago, Rami said:

ESET is detecting CompuTrace , as far as I see because it's set in the BIOS even though it's deactivated , still the same , there is an option to disable , I will try that and scan again.

Even as Disabled it's still getting detected.

Share this post


Link to post
Share on other sites
2 minutes ago, Rami said:

Even as Disabled it's still getting detected.

You have 2 options:
- disable detection of potentially unsafe applications
- exclude the app by the detection name

Share this post


Link to post
Share on other sites
Just now, Marcos said:

You have 2 options:
- disable detection of potentially unsafe applications
- exclude the app by the detection name

Yes I understood that from your earlier post , but I thought if I disable it in the BIOS(It was set as Deactivated) it would disappear(the detection)

Thanks again.

Share this post


Link to post
Share on other sites
Posted (edited)
5 hours ago, Rami said:

Yes I understood that from your earlier post , but I thought if I disable it in the BIOS(It was set as Deactivated) it would disappear(the detection)

Thanks again.

Did a bit more checking.

It appears once Computrace is activated in the BIOS/UEFI, there is no way to permanently disable it. This actually is by design to prevent whomever stole your laptop, etc. from doing the same. It also appears that setting is controlled by the chip firmware itself. And reflashing the BIOS/UEFI won't deactivate it.

Edited by itman

Share this post


Link to post
Share on other sites
5 minutes ago, itman said:

Did a bit more checking.

It appears once Computrace is activated in the BIOS/UEFI, there is no way to permanently disable it. This actually is by design to prevent whomever stole your laptop, etc. from doing the same. It also appears that setting is controlled by the chip firmware itself. And reflashing the BIOS/UEFI won't deactivate it.

Yeah once you disable it you can't enable also , the PC is set as deactivated when ESET detected , disabling didn't help that much , I could understand because the code of CompuTrace is still in BIOS even though it's disabled.

I can understand it's Dell's ..

Share this post


Link to post
Share on other sites
1 hour ago, Rami said:

I can understand it's Dell's ..

Contact Dell support. They might have a special firmware flash utility or procedure to deactivate. I would imagine this would require you proving to them that you are the real owner of the device.

Also if the chip is not soldered to the motherboard, they could sent you a new chip. Chip replacement is dicey.

Share this post


Link to post
Share on other sites
17 minutes ago, itman said:

Contact Dell support. They might have a special firmware flash utility or procedure to deactivate. I would imagine this would require you proving to them that you are the real owner of the device.

Also if the chip is not soldered to the motherboard, they could sent you a new chip. Chip replacement is dicey.

I will check about that , Thanks again.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...