Troubleshoot UEFI Virus

[New_Style_xd 60]

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below:

I did the full scan on the computer and it can't remove what do I do?

[SeriousHoax 63]

This is what ESET says about it: 

https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

[New_Style_xd 60]

6 minutes ago, SeriousHoax said:

This is what ESET says about it: 

https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

The link you sent has no way to solve the problem, but to hide the problem. It's just showing how to remove it from the checklist. what I want and remove that threat.😐

[itman 1,435]

2 hours ago, New_Style_xd said:

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem

Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed.

Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace.

If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so.

You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article.

Edited August 10 by itman

[New_Style_xd 60]

22 minutes ago, itman said:

Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed.

Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace.

If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so.

You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article.

It's not a new pc. and the same one I've always used. however when I put it to scan this threat was detected I removed Eset I installed other antivirus no antivirus so far has detected the threat. I'm still testing other antiviruses to see if they can remove this threat.

[itman 1,435]

3 minutes ago, New_Style_xd said:

I installed other antivirus no antivirus so far has detected the threat.

This is because many don't have UEFI scanning capability.

4 minutes ago, New_Style_xd said:

I'm still testing other antiviruses to see if they can remove this threat.

Good luck on this effort.

[itman 1,435]

I just noticed something about the Eset detection log entry. I states "Volume6." However, the CompuTrace app software appears to be installed on Volume1.

[SeriousHoax 63]

As itman said, no AV might be able to remove this UEFI threat since it's part of the hardware firmware. 

But I'm curious to know what other products actually consider this a malware. AVs that I'm sure has UEFI malware scanning capabilities are Microsoft Defender, Avast, Bitdefender and Kaspersky. 

Can you share the hash of the detected sample? It should be in the detection log.

[itman 1,435]

I will also note that a PC's UEFI can contain vulnerabilities that can be exploited by an attacker non-withstanding the CompuTrace issue. Such is the case for select HP PC's per this advisory article: https://support.hp.com/us-en/document/ish_5661066-5661090-16/hpsbhf03765 . It is therefore imperative to periodically check the manufacturer's web site for BIOS firmware updates and apply those ASAP.

Edited August 11 by itman

[Nightowl 164]

On 8/11/2022 at 12:04 AM, New_Style_xd said:

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below:

I did the full scan on the computer and it can't remove what do I do?

You can only disable COMPUTRACE on the BIOS settings , but that won't prevent ESET from detecting it further unless you add it to exclusions , but as it's disabled , it's better.

There could be a BIOS update for your computer model that will not include COMPUTRACE , you can find more about it in Google , and even they have changed the name as per post here : https://www.dell.com/community/Alienware-General-Read-Only/What-is-computrace/td-p/5557546

The thing is that AVs that will detect UEFI/BIOS threats will not be able to make modifications or changes to there

The only way possible to get rid of a threat in the BIOS is by flashing a version that doesn't have it, so different AVs will not give a solution.