Jump to content

Troubleshoot UEFI Virus


Recommended Posts

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below:

image.png.27eb6e7c11db4db60a0a2482613ecee8.png

I did the full scan on the computer and it can't remove what do I do?

Link to comment
Share on other sites

6 minutes ago, SeriousHoax said:

The link you sent has no way to solve the problem, but to hide the problem. It's just showing how to remove it from the checklist. what I want and remove that threat.😐

Link to comment
Share on other sites

2 hours ago, New_Style_xd said:

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem

Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed.

Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace.

If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so.

You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article.

Edited by itman
Link to comment
Share on other sites

22 minutes ago, itman said:

Is this a new PC? Eset states it detected a variant of CompuTrace. If Eset has been installed on this device for some time, it should have detected it shortly after Eset was installed.

Eset can't remove UEFI based software like this since its base components are installed in the BIOS firmware. The only way to permanently remove it is by flashing the BIOS with a device vendor provided firmware update that doesn't contain CompuTrace.

If CompuTrace has never been activated in the BIOS, it can be disabled which in effect "neuters" it from being abused by malware. If CompuTrace has been activated, there is no way to disable it other than contacting the PC manufacturer and see if they have a procedure to do so.

You can stop Eset alerting for Computrace by creating a detection exclusion for it per the above linked Eset KB article.

It's not a new pc. and the same one I've always used. however when I put it to scan this threat was detected I removed Eset I installed other antivirus no antivirus so far has detected the threat. I'm still testing other antiviruses to see if they can remove this threat.

Link to comment
Share on other sites

3 minutes ago, New_Style_xd said:

I installed other antivirus no antivirus so far has detected the threat.

This is because many don't have UEFI scanning capability.

4 minutes ago, New_Style_xd said:

I'm still testing other antiviruses to see if they can remove this threat.

Good luck on this effort.

Link to comment
Share on other sites

I just noticed something about the Eset detection log entry. I states "Volume6." However, the CompuTrace app software appears to be installed on Volume1.

Link to comment
Share on other sites

As itman said, no AV might be able to remove this UEFI threat since it's part of the hardware firmware. 

But I'm curious to know what other products actually consider this a malware. AVs that I'm sure has UEFI malware scanning capabilities are Microsoft Defender, Avast, Bitdefender and Kaspersky. 

Can you share the hash of the detected sample? It should be in the detection log.

Link to comment
Share on other sites

I will also note that a PC's UEFI can contain vulnerabilities that can be exploited by an attacker non-withstanding the CompuTrace issue. Such is the case for select HP PC's per this advisory article: https://support.hp.com/us-en/document/ish_5661066-5661090-16/hpsbhf03765 . It is therefore imperative to periodically check the manufacturer's web site for BIOS firmware updates and apply those ASAP.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
On 8/11/2022 at 12:04 AM, New_Style_xd said:

Good night, I have a problem, ESET detected a UEFI virus, but it can't remove and solve the problem, print below:

image.png.27eb6e7c11db4db60a0a2482613ecee8.png

I did the full scan on the computer and it can't remove what do I do?

You can only disable COMPUTRACE on the BIOS settings , but that won't prevent ESET from detecting it further unless you add it to exclusions , but as it's disabled , it's better.

There could be a BIOS update for your computer model that will not include COMPUTRACE , you can find more about it in Google , and even they have changed the name as per post here : https://www.dell.com/community/Alienware-General-Read-Only/What-is-computrace/td-p/5557546

The thing is that AVs that will detect UEFI/BIOS threats will not be able to make modifications or changes to there

The only way possible to get rid of a threat in the BIOS is by flashing a version that doesn't have it, so different AVs will not give a solution.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...