Jump to content

UEFI firmware is a virus ? How can i clean ?


Go to solution Solved by Marcos,

Recommended Posts

My computer got trojan emotet 1 week ago and I cleaned it, but today when I did a full scan with eset, it found 3 detections 2 of them were infected and cleaned but Uefi could not remove the extension named firmware how can I clean it ? if it is a virus and do another type of scan to make sure there are no other viruses 

IMG_20210211_222825.jpg

Link to comment
Share on other sites

  • Administrators

Please follow the instructions in https://support.eset.com/en/kb6567. If updating the UEFI firmware doesn't make any difference, exclude the pot. unsafe application from detection by adding it to detection exclusions. CompuTrace is not a virus not threat but a potentially unsafe application, ie. it's not detected with default settings.

Link to comment
Share on other sites

13 minutes ago, Marcos said:

Please follow the instructions in https://support.eset.com/en/kb6567. If updating the UEFI firmware doesn't make any difference, exclude the pot. unsafe application from detection by adding it to detection exclusions. CompuTrace is not a virus not threat but a potentially unsafe application, ie. it's not detected with default settings.

Thanks for your advice, but the process is very complicated. Does this extension install itself on the computer or is it trojan related?

Link to comment
Share on other sites

Just now, Marcos said:

It came pre-installed with your motherboard, it's not malware related.

If it's a self-loading kind of system, why does ESET detect it? And it is shown as dangerous malware in the articles I read, thank you so much for your time, the only thing I want to understand is is this problem for me?

Link to comment
Share on other sites

Search the Eset forum. There are multiple postings on Computrace.

The short description of Computrace is it is installed by the device manufacture as an anti-theft mechanism. Depending on how it was installed, if it was activated, etc., etc., it may be possible to disable it via BIOS/UEFI settings. Contact your device manufacturer for further details on your specific Computrace installion.

Link to comment
Share on other sites

You might want to also read this Eset article: https://www.eset.com/us/about/newsroom/corporate-blog/what-you-need-to-know-about-lojax-the-new-stealthy-malware-from-fancy-bear/ .

Lojax is the malicious malware associated with Computrace's Lojack firmware software. Lojax needs Lojack present to operate. If you receive an Eset alert related to Lojax malware present, then you have a real problem. The present alert you are receiving from Eset is a warning that Computrace's Lojack software exists. In other words, that you are vulnerable to a Lojax attack.

Link to comment
Share on other sites

2 minutes ago, itman said:

You might want to also read this Eset article: https://www.eset.com/us/about/newsroom/corporate-blog/what-you-need-to-know-about-lojax-the-new-stealthy-malware-from-fancy-bear/ .

Lojax is the malicious malware associated with Computrace's Lojack firmware software. Lojax needs Lojack present to operate. If you receive an Eset alert related to Lojax malware present, then you have a real problem. The present alert you are receiving from Eset is a warning that Computrace's Lojack software exists. In other words, that you are vulnerable to a Lojax attack.

All of Eset's protection settings are active and I have not received any notifications. Could there be a wrong perception, should I focus on it more?

Link to comment
Share on other sites

6 minutes ago, Duhan Orhan said:

All of Eset's protection settings are active and I have not received any notifications. Could there be a wrong perception, should I focus on it more?

Refer to @Marcos prior posting.

You can:

1. Exclude the Eset PUA detection.

2. "Live with" the detection being displayed.

3. Contact your laptop/notebook manufacturer as to methods to remove/deactivate Computrace feature - Recommended.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members

If you search for your PC model , there might be a BIOS/UEFI update that doesn't have the CompuTrace , Dell did that before , but it may not even hide the detection from ESET , because ESET is doing it's job and alerting you of something that can trace you and can be used maliciously

You can disable it in the BIOS or you can see if there is an update from your PC manufacturers that doesn't include the CompuTrace part.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...