sailsail22 0 Posted March 13, 2023 Share Posted March 13, 2023 I have a router that I suspect may have delivered malware to my Acer Nitro5 laptop, which could be persistent somewhere other than the HDD. I was using bitdefender which did not help at all, and once connected to the router, the laptop froze, and subsequently Firefox disappeared completely after restart, no longer installed at all, and icons started turning into white blocks. I installed a backup SSD, which used to work perfectly on this laptop, and it threw strange errors, like Unable to Read Firefox profile, and Unable to Log into Windows, even after being logged in. After a shutdown, battery disconnect, and startup again, I got a blue screen, so I went on to a 3rd SSD which seems to run fine now. The question is, what's the best action at this point? Should I connect it to Internet to get ESET?, .. if there is still some malware remaining, it would be a good idea to be separated from the Internet to avoid downloading extra malware. Is there an offline ESET scanner I should use? Any help is appreciated. I'll be switching to ESET, as bitdefender did not help at all. thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted March 13, 2023 Administrators Share Posted March 13, 2023 It's unlikely that the BSOD would be caused by malware. If you can't boot the OS, you can create a Sysrescue USB or CD and have the disk scanned offline to make sure it's malware free. Link to comment Share on other sites More sharing options...
sailsail22 0 Posted March 13, 2023 Author Share Posted March 13, 2023 6 hours ago, Marcos said: It's unlikely that the BSOD would be caused by malware. If you can't boot the OS, you can create a Sysrescue USB or CD and have the disk scanned offline to make sure it's malware free. Does the Sysrescue CD have UEFI scanning? The blue screen was odd, but Firefox disappearing and the Brave icon turning into a white square was very unusual. Also being able to boot on my backup SSD was ok at first, but only the Firefox profile was not working, and the strange "Unable to log in".. That's without Internet even connected at all. It seems like something was targeting Firefox to me. I have never had Firefox disappear.. and I had the latest version, so no update was pending. I also hadn't had a system freeze since it was installed. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,288 Posted March 13, 2023 Administrators Share Posted March 13, 2023 15 minutes ago, sailsail22 said: Does the Sysrescue CD have UEFI scanning? No, only ESET security products for Windows that are installed on a disk can scan UEFI. Link to comment Share on other sites More sharing options...
itman 1,755 Posted March 13, 2023 Share Posted March 13, 2023 BitDefender scans the UEFI: https://community.bitdefender.com/en/discussion/92146/uefi-malware . So does Microsoft Defender: https://www.microsoft.com/en-us/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/ "The rub" here is most AV UEFI scanners will only detect UEFI malware if the malware is known and they have a signature for the malware. As far as BitDefender goes, it appears you have to run an on-demand scan for it to scan the UEFI. Link to comment Share on other sites More sharing options...
sailsail22 0 Posted March 15, 2023 Author Share Posted March 15, 2023 On 3/13/2023 at 11:27 AM, itman said: BitDefender scans the UEFI: https://community.bitdefender.com/en/discussion/92146/uefi-malware . So does Microsoft Defender: https://www.microsoft.com/en-us/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/ "The rub" here is most AV UEFI scanners will only detect UEFI malware if the malware is known and they have a signature for the malware. As far as BitDefender goes, it appears you have to run an on-demand scan for it to scan the UEFI. that's the BIG rub.. and I just found out all of Acer's tools are floating around the Internet as of a few days ago, which would make what I'm experiencing much more plausible. Am I right to say that this leak makes all Acer computers more vulnerable to firmware/persistent malware? How are antiviruses going to keep up with this? https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/ Link to comment Share on other sites More sharing options...
sailsail22 0 Posted March 15, 2023 Author Share Posted March 15, 2023 In the Acer leak, it says all their digital signing keys were leaked. Is there any way to change the locks so speak, so that the leaked keys stop working?? If not, anybody with the key can sign a new bios for my laptop, right? Link to comment Share on other sites More sharing options...
el el amiril 0 Posted March 16, 2023 Share Posted March 16, 2023 8 hours ago, sailsail22 said: In the Acer leak, it says all their digital signing keys were leaked. Is there any way to change the locks so speak, so that the leaked keys stop working?? If not, anybody with the key can sign a new bios for my laptop, right? best option i suggest you should not your computer connected to the internet not until acer have made patch Link to comment Share on other sites More sharing options...
Recommended Posts