Jump to content

UEFI dedection


Go to solution Solved by Nightowl ,

Recommended Posts

Hi, first of all, I shared a similar topic and my goal is to get advice. In consultation with experts, this extension

a variant of EFI.CompuTrace.A

 I understood that it is not a rootkit or cyber attack, do you think I should ignore it or disable the computrace and do bios updates and I do not know how to do it if I disable the compute, will it damage the system
 

\\Uefi Partition = UEFI = uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - EFI/CompuTrace.A 

Not dangerous for sure, right ?

Link to post
Share on other sites
  • Most Valued Members
  • Solution

From BIOS settings there should be an option to turn off CompuTrace but there is a possibiltiy that ESET will keep detecting it no matter if you disable it or not , because it's still remains in the BIOS

If the PC manufacturers have a BIOS update that doesn't include CompuTrace , then you can get rid of it , but if not then there is nothing to do other than replace the PC or disable it from BIOS settings.

Link to post
Share on other sites
3 minutes ago, Nightowl said:

From BIOS settings there should be an option to turn off CompuTrace but there is a possibiltiy that ESET will keep detecting it no matter if you disable it or not , because it's still remains in the BIOS

If the PC manufacturers have a BIOS update that doesn't include CompuTrace , then you can get rid of it , but if not then there is nothing to do other than replace the PC or disable it from BIOS settings.

as far as I understand, I will close computrace and update bios if there is one, but if eSet finds it again, do I need to deal with it any more? Will it damage the computer? And thanks for a advice

Link to post
Share on other sites
  • Most Valued Members

You can just ignore it , exclude it from ESET detection if you don't want to keep it from coming up

Once disabled in BIOS it should be more safe that CompuTrace will not be able to run as it's disabled from the BIOS.

Quote

computrace is a program, normally in BIOS, that allows you to subscribe to a service that will track your laptop if it were ever stolen.  Its now called LoJack.  Activating or deactivating it shouldn't hurt anything weather you use it or not. 

If I am not mistaken , there should be an option to switch it off or completely disable it.

Disable it for your case.

Edited by Nightowl
Link to post
Share on other sites
1 minute ago, Nightowl said:

You can just ignore it , exclude it from ESET detection if you don't want to keep it from coming up

Once disabled in BIOS it should be more safe that CompuTrace will not be able to run as it's disabled from the BIOS.

 

Thanks for a advice i understand

Link to post
Share on other sites
7 hours ago, Nightowl said:

You are welcome , I hope it will help. :)

I follow the instructions in the videos I watch, but the BIOS option does not appear. I am using Windows 10. How can I enter the BIOS?

Link to post
Share on other sites
  • Most Valued Members
23 hours ago, Duhan Orhan said:

I follow the instructions in the videos I watch, but the BIOS option does not appear. I am using Windows 10. How can I enter the BIOS?

When you restart your PC , right before it goes to load Windows , you should be able to get into BIOS settings by clicking the HOTKEY , each motherboard manufacturer has a different hotkey for the options , I found those might help :

  • Acer: F2 or DEL
  • ASUS: F2 for all PCs, F2 or DEL for motherboards
  • Dell: F2 or F12
  • HP: ESC or F10
  • Lenovo: F2 or Fn + F2
  • Lenovo (Desktops): F1
  • Lenovo (ThinkPads): Enter + F1.
  • MSI: DEL for motherboards and PCs
  • Microsoft Surface Tablets: Press and hold volume up button.
  • Origin PC: F2
  • Samsung: F2
  • Sony: F1, F2, or F3
  • Toshiba: F2
Link to post
Share on other sites

Assuming you are running Win 10 and have a newer PC that uses UEFI versus BIOS, you can access UEFI settings via Win 10 Advanced Startup settings: https://www.wikihow.com/Enter-the-BIOS-on-a-Lenovo-Laptop . The article references Lenovo but this should work for most PCs with a UEFI.

Just be careful about any modifications done in the UEFI. Modifying the wrong one can bork your device unless you know what you are doing.

Link to post
Share on other sites
14 hours ago, Nightowl said:

When you restart your PC , right before it goes to load Windows , you should be able to get into BIOS settings by clicking the HOTKEY , each motherboard manufacturer has a different hotkey for the options , I found those might help :

  • Acer: F2 or DEL
  • ASUS: F2 for all PCs, F2 or DEL for motherboards
  • Dell: F2 or F12
  • HP: ESC or F10
  • Lenovo: F2 or Fn + F2
  • Lenovo (Desktops): F1
  • Lenovo (ThinkPads): Enter + F1.
  • MSI: DEL for motherboards and PCs
  • Microsoft Surface Tablets: Press and hold volume up button.
  • Origin PC: F2
  • Samsung: F2
  • Sony: F1, F2, or F3
  • Toshiba: F2

Thanks I entered, but there is no computrace setting. I need to update the BIOS but it is too risky. I have 2 questions. What is the seriousness of this vulnerability? Can you explain it a little bit and I did not activate the computrace, did it remain as a vulnerability since the computer was installed?

Link to post
Share on other sites
13 hours ago, itman said:

Assuming you are running Win 10 and have a newer PC that uses UEFI versus BIOS, you can access UEFI settings via Win 10 Advanced Startup settings: https://www.wikihow.com/Enter-the-BIOS-on-a-Lenovo-Laptop . The article references Lenovo but this should work for most PCs with a UEFI.

Just be careful about any modifications done in the UEFI. Modifying the wrong one can bork your device unless you know what you are doing.

Thanks I entered, but there is no computrace setting. I need to update the BIOS but it is too risky. I have 2 questions. What is the seriousness of this vulnerability? Can you explain it a little bit and I did not activate the computrace, did it remain as a vulnerability since the computer was installed?

Link to post
Share on other sites
3 hours ago, Duhan Orhan said:

What is the seriousness of this vulnerability?

Read this article and draw your own conclusions: https://www.cyberscoop.com/lojack-computrace-fancy-bear-absolute-kaspersky/ .

The gist of the issue is Absolute, the creator of the Lojack software, states they patched the vulnerability in newer versions of Lojack. The problem is they never offered any verifiable proof this is the case.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...