New_Style_xd 62 Posted August 10, 2022 Share Posted August 10, 2022 Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below: I did the full scan on the computer and it can't remove what do I do? Link to comment Share on other sites More sharing options...
SeriousHoax 70 Posted August 10, 2022 Share Posted August 10, 2022 This is what ESET says about it: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection Link to comment Share on other sites More sharing options...
New_Style_xd 62 Posted August 10, 2022 Author Share Posted August 10, 2022 6 minutes ago, SeriousHoax said: This is what ESET says about it: https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection The link you sent has no way to solve the problem, but to hide the problem. It's just showing how to remove it from the checklist. what I want and remove that threat.😐 Link to comment Share on other sites More sharing options...
itman 1,496 Posted August 10, 2022 Share Posted August 10, 2022 (edited) 2 hours ago, New_Style_xd said: Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed. Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace. If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so. You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article. Edited August 10, 2022 by itman Link to comment Share on other sites More sharing options...
New_Style_xd 62 Posted August 10, 2022 Author Share Posted August 10, 2022 22 minutes ago, itman said: Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed. Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace. If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so. You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article. It's not a new pc. and the same one I've always used. however when I put it to scan this threat was detected I removed Eset I installed other antivirus no antivirus so far has detected the threat. I'm still testing other antiviruses to see if they can remove this threat. Link to comment Share on other sites More sharing options...
itman 1,496 Posted August 10, 2022 Share Posted August 10, 2022 3 minutes ago, New_Style_xd said: I installed other antivirus no antivirus so far has detected the threat. This is because many don't have UEFI scanning capability. 4 minutes ago, New_Style_xd said: I'm still testing other antiviruses to see if they can remove this threat. Good luck on this effort. Link to comment Share on other sites More sharing options...
itman 1,496 Posted August 10, 2022 Share Posted August 10, 2022 I just noticed something about the Eset detection log entry. I states "Volume6." However, the CompuTrace app software appears to be installed on Volume1. Link to comment Share on other sites More sharing options...
SeriousHoax 70 Posted August 11, 2022 Share Posted August 11, 2022 As itman said, no AV might be able to remove this UEFI threat since it's part of the hardware firmware. But I'm curious to know what other products actually consider this a malware. AVs that I'm sure has UEFI malware scanning capabilities are Microsoft Defender, Avast, Bitdefender and Kaspersky. Can you share the hash of the detected sample? It should be in the detection log. Link to comment Share on other sites More sharing options...
itman 1,496 Posted August 11, 2022 Share Posted August 11, 2022 (edited) I will also note that a PC's UEFI can contain vulnerabilities that can be exploited by an attacker non-withstanding the CompuTrace issue. Such is the case for select HP PC's per this advisory article: https://support.hp.com/us-en/document/ish_5661066-5661090-16/hpsbhf03765 . It is therefore imperative to periodically check the manufacturer's web site for BIOS firmware updates and apply those ASAP. Edited August 11, 2022 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 180 Posted August 16, 2022 Most Valued Members Share Posted August 16, 2022 On 8/11/2022 at 12:04 AM, New_Style_xd said: Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below: I did the full scan on the computer and it can't remove what do I do? You can only disable COMPUTRACE on the BIOS settings , but that won't prevent ESET from detecting it further unless you add it to exclusions , but as it's disabled , it's better. There could be a BIOS update for your computer model that will not include COMPUTRACE , you can find more about it in Google , and even they have changed the name as per post here : https://www.dell.com/community/Alienware-General-Read-Only/What-is-computrace/td-p/5557546 The thing is that AVs that will detect UEFI/BIOS threats will not be able to make modifications or changes to there The only way possible to get rid of a threat in the BIOS is by flashing a version that doesn't have it, so different AVs will not give a solution. New_Style_xd 1 Link to comment Share on other sites More sharing options...
Recommended Posts