Jump to content

Recommended Posts

Posted

Hi community!

I am having the following issue:

My scan shows me some UEFI problems which i don't quite understand. I just installed the lastest firmware for my bios but the problem keeps coming up. I really can not tell if this is malware or not and eset does not clean it. 

Can someone help me please?

Here is my log:

Log
Scanned disks, folders and files: Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\
\\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - action selection postponed until scan completion
C:\DumpStack.log.tmp - unable to open [4]

 

C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
C:\swapfile.sys - unable to open [4]
\\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - retained
 

P.s. Attached is also an image of the eset notification.

eset UEFI.PNG

  • Administrators
Posted

Please expand Advanced options, check "Exclude signature from detection" and click Ignore since upgrading UEFI firmware didn't make any difference as you stated.

Posted

Hi Marcos!

Thanks for your reply! So i do not have any malware?

Posted

Refer to this Eset Knowledge base article: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

The problem with CompuTrace is it has vulnerabilities in it: https://www.cvedetails.com/product/46115/Absolute-Computrace-Agent.html?vendor_id=17983 . This means it can be potentially maliciously exploited. Hence, the Eset PUA detection for it.

Posted

So of it is or not malicious how do i find out? How do i get rid of this issue? Sorry for asking again but i am not an IT specialist and i need this laptop to work.

  • Administrators
Posted

As already recommended, exclude the app from detection by adding it to Detection exclusions.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...