EnTi 0 Posted March 16, 2022 Posted March 16, 2022 Hi community! I am having the following issue: My scan shows me some UEFI problems which i don't quite understand. I just installed the lastest firmware for my bios but the problem keeps coming up. I really can not tell if this is malware or not and eset does not clean it. Can someone help me please? Here is my log: Log Scanned disks, folders and files: Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\ \\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted. \\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted. \\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted. \\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - action selection postponed until scan completion C:\DumpStack.log.tmp - unable to open [4] C:\hiberfil.sys - unable to open [4] C:\pagefile.sys - unable to open [4] C:\swapfile.sys - unable to open [4] \\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted. \\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted. \\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted. \\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - retained P.s. Attached is also an image of the eset notification.
Administrators Marcos 5,739 Posted March 16, 2022 Administrators Posted March 16, 2022 Please expand Advanced options, check "Exclude signature from detection" and click Ignore since upgrading UEFI firmware didn't make any difference as you stated.
EnTi 0 Posted March 16, 2022 Author Posted March 16, 2022 Hi Marcos! Thanks for your reply! So i do not have any malware?
itman 1,924 Posted March 16, 2022 Posted March 16, 2022 Refer to this Eset Knowledge base article: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection The problem with CompuTrace is it has vulnerabilities in it: https://www.cvedetails.com/product/46115/Absolute-Computrace-Agent.html?vendor_id=17983 . This means it can be potentially maliciously exploited. Hence, the Eset PUA detection for it.
EnTi 0 Posted March 17, 2022 Author Posted March 17, 2022 So of it is or not malicious how do i find out? How do i get rid of this issue? Sorry for asking again but i am not an IT specialist and i need this laptop to work.
Administrators Marcos 5,739 Posted March 17, 2022 Administrators Posted March 17, 2022 As already recommended, exclude the app from detection by adding it to Detection exclusions.
Recommended Posts