Jump to content

Win64/NVFlashA suddenly found in nearly decade old GPU BIOS update files?


Go to solution Solved by matte,

Recommended Posts

This afternoon while not particularly using my computer, I was stunned when suddenly ESET popped up and gave me two extremely worrying warnings about viruses being detected on my system. I was not trying to access the files at the time, and these files have been on my computer for nearly a year (since 2015). They correspond to a BIOS update package that I required for my Nvidia GTX 980 Ti graphics card long, long ago.

The virus notifications are as follows:

image.png.0ed8008cf0f74f405618927696a31da7.png

image.png.7270597f52d7d3227431a5b295b04496.png

 

I don't particularly care about these files, so I asked for them to be cleaned. I've sent the quarantine samples to ESET as well.

VirusTotal scans for both of the files come back clean:

https://www.virustotal.com/gui/file/b01716285d5b4849263a55215e1eb63f45a8206ba30fceb1a2d494c2c00dcd5e?nocache=1

https://www.virustotal.com/gui/file/f2db560a52ef1259dd053b3a0c391669f55dbd29c7f2ed24f21324d41f37f78b?nocache=1

 

I'm very concerned that this may indicate a deeper system infection spilling over into or corrupting/infecting older files. But the fact that both the hashes discovered and cleaned by ESET return 0 detections on VT seem to indicate that these may not actually be risks? I'm confused, and afraid.

With that in mind, I'd ask the following questions:

 

1) Are these detections legitimate malware? If so, why were they not seen as threats by ESET until *today*, considering they've been scanned every time I've assessed my system for almost a decade?

2) How on earth were these files "accessed" by the windows search process when I wasn't even running a search?

3) These files were part of a backup of BIOS files I needed for my old GPU. Why would they be seen as malicious? Could they be infected, and if so, why would the infected files have the same hash as files seen previously by VT? Notably, first seen by VT in 2011?

4) Are the VT results trustworthy? Why doesn't ESET flag this as malware via VT, when it clearly doesn't like these files during real time scanning?

And most importantly:

5) Does this indicate a system compromise or infection? Or is this just some manner of false positive?

Thanks in advance for any help.

Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)

It's the BIOS package or the updater which is vulnerable , updating to more recent BIOS version will make ESET go quiet

It's just mad about the BIOS/driver whatever this is , because it's vulnerable , you  can exclude the detection so ESET can be quiet about it , or just update the BIOS/drivers(more recommended) which will fix the vulnerability and make ESET go quiet.

But I think ESET is mad about the downloaded files of the BIOS , removing them will get rid of the detection, if the detection was from the BIOS itself , we will see another location in the message.

Edited by Nightowl
Link to comment
Share on other sites

So these BIOS files were archived on an HDD within my system - I've changed my GPU twice since ever needing them. The GPU I'm currently running is three generations newer than the one these BIOS files modify. 

These files have never touched my current GPU, ever. 

As such, I'm more than happy to delete them. However, the fact that these files have been on my HDD for so long and ESET has never had an issue with them before tells me that something nefarious is going on. 

ESET has scanned these files literally hundreds of times over the years, and never had a problem with them. Why would ESET flag them now? I doubt that any vulnerability in the files was discovered recently. That makes me think these files have been recently modified by malware.

Furthermore, these files were flagged by ESET outside of a system scan, while my system was idle. That makes me even more suspicious - As if something were trying to modify the files when no one was watching.

I've performed two full system scans since these detections, but ESET has found nothing else.

Link to comment
Share on other sites

  • Solution

I wouldn't worry about those being modified by malware. The drivers themselves aren't malicious, but ESET must have (recently?) been aware of a way to use these drivers in a malicious way (as in they are possibly vulnerable), and is blocking them to play it safe. Also, it only seems to care about the NVFlash utility's drivers themselves, and nothing with the BIOS files of your old GPU.

As for why this happened out of nowhere, Windows usually does file indexing for Windows Search randomly in the background.

Link to comment
Share on other sites

I'll put it out of my mind in that case, and thank you for the explanation! I'm surprised that ESET would label these files as malicious after nearly 10 years - but I suppose stranger things have happened.

Thank you once again

Link to comment
Share on other sites

  • Most Valued Members
10 hours ago, Tetranitrocubane said:

I'll put it out of my mind in that case, and thank you for the explanation! I'm surprised that ESET would label these files as malicious after nearly 10 years - but I suppose stranger things have happened.

Thank you once again

Most likely due to a vulnerability found in that file.

ESET designates them as unsafe because a malicious actor can exploit them depending how vulnerable they are.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...