Jump to content

UEFI ISSUE!


Recommended Posts

Hi community!

I am having the following issue:

My scan shows me some UEFI problems which i don't quite understand. I just installed the lastest firmware for my bios but the problem keeps coming up. I really can not tell if this is malware or not and eset does not clean it. 

Can someone help me please?

Here is my log:

Log
Scanned disks, folders and files: Operating memory;Boot sectors/UEFI;WMI database;System registry;C:\Boot sectors/UEFI;C:\;D:\Boot sectors/UEFI;D:\
\\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - action selection postponed until scan completion
C:\DumpStack.log.tmp - unable to open [4]

 

C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
C:\swapfile.sys - unable to open [4]
\\Uefi Partition » UEFI » uefi:\\Volume 1\Raw volume {9D9D1829-1F11-7C57-BC16-3DE84E820995}\Unnamed partition - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {1A1E2341-A2FB-42C7-8D17-3073D08EB21D}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\Freeform {DD6569A7-E455-4EE5-B2BA-ECDA84ACBC99}\Unnamed partition\Volume 1 - archive damaged - the file could not be extracted.
\\Uefi Partition » UEFI » uefi:\\Volume 2\Firmware Volume Image {20BC8AC9-94D1-4208-AB28-5D673FD73486}\Volume 1\ComputraceComponents - a variant of EFI/CompuTrace.A potentially unsafe application - retained
 

P.s. Attached is also an image of the eset notification.

eset UEFI.PNG

Link to comment
Share on other sites

  • Administrators

Please expand Advanced options, check "Exclude signature from detection" and click Ignore since upgrading UEFI firmware didn't make any difference as you stated.

Link to comment
Share on other sites

Hi Marcos!

Thanks for your reply! So i do not have any malware?

Link to comment
Share on other sites

Refer to this Eset Knowledge base article: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

The problem with CompuTrace is it has vulnerabilities in it: https://www.cvedetails.com/product/46115/Absolute-Computrace-Agent.html?vendor_id=17983 . This means it can be potentially maliciously exploited. Hence, the Eset PUA detection for it.

Link to comment
Share on other sites

So of it is or not malicious how do i find out? How do i get rid of this issue? Sorry for asking again but i am not an IT specialist and i need this laptop to work.

Link to comment
Share on other sites

  • Administrators

As already recommended, exclude the app from detection by adding it to Detection exclusions.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...