Jump to content

Troubleshoot UEFI Virus

New_Style_xd
 Share

Recommended Posts

New_Style_xd

New_Style_xd 62

Posted
Posted

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below:

image.png.27eb6e7c11db4db60a0a2482613ecee8.png

I did the full scan on the computer and it can't remove what do I do?

Link to comment
Share on other sites
New_Style_xd

New_Style_xd 62

Posted
  • Author
Posted
6 minutes ago, SeriousHoax said:

This is what ESET says about it: 

https://support.eset.com/en/kb6567-you-receive-an-eset-uefi-detection

The link you sent has no way to solve the problem, but to hide the problem. It's just showing how to remove it from the checklist. what I want and remove that threat.😐

Link to comment
Share on other sites
itman

itman 1,496

Posted
Posted (edited)
2 hours ago, New_Style_xd said:

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem

Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed.

Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace.

If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so.

You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article.

Edited by itman
Link to comment
Share on other sites
New_Style_xd

New_Style_xd 62

Posted
  • Author
Posted
22 minutes ago, itman said:

Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed.

Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace.

If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so.

You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article.

It's not a new pc. and the same one I've always used. however when I put it to scan this threat was detected I removed Eset I installed other antivirus no antivirus so far has detected the threat. I'm still testing other antiviruses to see if they can remove this threat.

Link to comment
Share on other sites
itman

itman 1,496

Posted
Posted
3 minutes ago, New_Style_xd said:

I installed other antivirus no antivirus so far has detected the threat.

This is because many don't have UEFI scanning capability.

4 minutes ago, New_Style_xd said:

I'm still testing other antiviruses to see if they can remove this threat.

Good luck on this effort.

Link to comment
Share on other sites
itman

itman 1,496

Posted
Posted

I just noticed something about the Eset detection log entry. I states "Volume6." However, the CompuTrace app software appears to be installed on Volume1.

Link to comment
Share on other sites
SeriousHoax

SeriousHoax 70

Posted
Posted

As itman said, no AV might be able to remove this UEFI threat since it's part of the hardware firmware. 

But I'm curious to know what other products actually consider this a malware. AVs that I'm sure has UEFI malware scanning capabilities are Microsoft Defender, Avast, Bitdefender and Kaspersky. 

Can you share the hash of the detected sample? It should be in the detection log.

Link to comment
Share on other sites
itman

itman 1,496

Posted
Posted (edited)

I will also note that a PC's UEFI can contain vulnerabilities that can be exploited by an attacker non-withstanding the CompuTrace issue. Such is the case for select HP PC's per this advisory article: https://support.hp.com/us-en/document/ish_5661066-5661090-16/hpsbhf03765 . It is therefore imperative to periodically check the manufacturer's web site for BIOS firmware updates and apply those ASAP.

Edited by itman
Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 180

Posted
  • Most Valued Members
Posted
On 8/11/2022 at 12:04 AM, New_Style_xd said:

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below:

image.png.27eb6e7c11db4db60a0a2482613ecee8.png

I did the full scan on the computer and it can't remove what do I do?

You can only disable COMPUTRACE on the BIOS settings , but that won't prevent ESET from detecting it further unless you add it to exclusions , but as it's disabled , it's better.

There could be a BIOS update for your computer model that will not include COMPUTRACE , you can find more about it in Google , and even they have changed the name as per post here : https://www.dell.com/community/Alienware-General-Read-Only/What-is-computrace/td-p/5557546

The thing is that AVs that will detect UEFI/BIOS threats will not be able to make modifications or changes to there

The only way possible to get rid of a threat in the BIOS is by flashing a version that doesn't have it, so different AVs will not give a solution.

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...