Jump to content

UEFI ISSUE!


Recommended Posts

Hi community!

I am having the following issue:

My scan shows me some UEFI problems which i don't quite understand. I just installed the lastest firmware for my bios but the problem keeps coming up. I really can not tell if this is malware or not and eset does not clean it. 

Can someone help me please?

Here is my log:

Log
Scanned disks, folders and files: Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\
\\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - action selection postponed until scan completion
C:\DumpStack.log.tmp - unable to open [4]

 

C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
C:\swapfile.sys - unable to open [4]
\\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - retained
 

P.s. Attached is also an image of the eset notification.

eset UEFI.PNG

Link to comment
Share on other sites

  • Administrators

Please expand Advanced options, check "Exclude signature from detection" and click Ignore since upgrading UEFI firmware didn't make any difference as you stated.

Link to comment
Share on other sites

Refer to this Eset Knowledge base article: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

The problem with CompuTrace is it has vulnerabilities in it: https://www.cvedetails.com/product/46115/Absolute-Computrace-Agent.html?vendor_id=17983 . This means it can be potentially maliciously exploited. Hence, the Eset PUA detection for it.

Link to comment
Share on other sites

So of it is or not malicious how do i find out? How do i get rid of this issue? Sorry for asking again but i am not an IT specialist and i need this laptop to work.

Link to comment
Share on other sites

  • Administrators

As already recommended, exclude the app from detection by adding it to Detection exclusions.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...