Jump to content

How to run ESET When Suspecting Firmware Malware


Recommended Posts

I have a router that I suspect may have delivered malware to my Acer Nitro5 laptop, which could be persistent somewhere other than the HDD.

I was using bitdefender which did not help at all, and once connected to the router, the laptop froze, and subsequently Firefox disappeared completely after restart, no longer installed at all, and icons started turning into white blocks.

I installed a backup SSD, which used to work perfectly on this laptop, and it threw strange errors, like Unable to Read Firefox profile, and Unable to Log into Windows, even after being logged in.

After a shutdown, battery disconnect, and startup again, I got a blue screen, so I went on to a 3rd SSD which seems to run fine now. The question is, what's the best action at this point? Should I connect it to Internet to get ESET?, .. if there is still some malware remaining, it would be a good idea to be separated from the Internet to avoid downloading extra malware.

Is there an offline ESET scanner I should use? Any help is appreciated. I'll be switching to ESET, as bitdefender did not help at all.

thanks

Link to comment
Share on other sites

  • Administrators

It's unlikely that the BSOD would be caused by malware. If you can't boot the OS, you can create a Sysrescue USB or CD and have the disk scanned offline to make sure it's malware free.

Link to comment
Share on other sites

6 hours ago, Marcos said:

It's unlikely that the BSOD would be caused by malware. If you can't boot the OS, you can create a Sysrescue USB or CD and have the disk scanned offline to make sure it's malware free.

Does the Sysrescue CD have UEFI scanning? The blue screen was odd, but Firefox disappearing and the Brave icon turning into a white square was very unusual. Also being able to boot on my backup SSD was ok at first, but only the Firefox profile was not working, and the strange "Unable to log in".. That's without Internet even connected at all. It seems like something was targeting Firefox to me. I have never had Firefox disappear.. and I had the latest version, so no update was pending. I also hadn't had a system freeze since it was installed.

Link to comment
Share on other sites

  • Administrators
15 minutes ago, sailsail22 said:

Does the Sysrescue CD have UEFI scanning?

No, only ESET security products for Windows that are installed on a disk can scan UEFI.

Link to comment
Share on other sites

BitDefender scans the UEFI: https://community.bitdefender.com/en/discussion/92146/uefi-malware .

So does Microsoft Defender: https://www.microsoft.com/en-us/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/

"The rub" here is most AV UEFI scanners will only detect UEFI malware if the malware is known and they have a signature for the malware.

As far as BitDefender goes, it appears you have to run an on-demand scan for it to scan the UEFI.

 

Link to comment
Share on other sites

On 3/13/2023 at 11:27 AM, itman said:

BitDefender scans the UEFI: https://community.bitdefender.com/en/discussion/92146/uefi-malware .

So does Microsoft Defender: https://www.microsoft.com/en-us/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/

"The rub" here is most AV UEFI scanners will only detect UEFI malware if the malware is known and they have a signature for the malware.

As far as BitDefender goes, it appears you have to run an on-demand scan for it to scan the UEFI.

 

that's the BIG rub.. and I just found out all of Acer's tools are floating around the Internet as of a few days ago, which would make what I'm experiencing much more plausible. Am I right to say that this leak makes all Acer computers more vulnerable to firmware/persistent malware? How are antiviruses going to keep up with this?

https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/

 

Link to comment
Share on other sites

In the Acer leak, it says all their digital signing keys were leaked.

Is there any way to change the locks so speak, so that the leaked keys stop working?? If not, anybody with the key can sign a new bios for my laptop, right?

Link to comment
Share on other sites

8 hours ago, sailsail22 said:

In the Acer leak, it says all their digital signing keys were leaked.

Is there any way to change the locks so speak, so that the leaked keys stop working?? If not, anybody with the key can sign a new bios for my laptop, right?

best option i suggest you should not your computer connected to the internet not until acer have made patch

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...