Tetranitrocubane 2 Posted April 13 Share Posted April 13 This afternoon while not particularly using my computer, I was stunned when suddenly ESET popped up and gave me two extremely worrying warnings about viruses being detected on my system. I was not trying to access the files at the time, and these files have been on my computer for nearly a year (since 2015). They correspond to a BIOS update package that I required for my Nvidia GTX 980 Ti graphics card long, long ago. The virus notifications are as follows: I don't particularly care about these files, so I asked for them to be cleaned. I've sent the quarantine samples to ESET as well. VirusTotal scans for both of the files come back clean: https://www.virustotal.com/gui/file/b01716285d5b4849263a55215e1eb63f45a8206ba30fceb1a2d494c2c00dcd5e?nocache=1 https://www.virustotal.com/gui/file/f2db560a52ef1259dd053b3a0c391669f55dbd29c7f2ed24f21324d41f37f78b?nocache=1 I'm very concerned that this may indicate a deeper system infection spilling over into or corrupting/infecting older files. But the fact that both the hashes discovered and cleaned by ESET return 0 detections on VT seem to indicate that these may not actually be risks? I'm confused, and afraid. With that in mind, I'd ask the following questions: 1) Are these detections legitimate malware? If so, why were they not seen as threats by ESET until *today*, considering they've been scanned every time I've assessed my system for almost a decade? 2) How on earth were these files "accessed" by the windows search process when I wasn't even running a search? 3) These files were part of a backup of BIOS files I needed for my old GPU. Why would they be seen as malicious? Could they be infected, and if so, why would the infected files have the same hash as files seen previously by VT? Notably, first seen by VT in 2011? 4) Are the VT results trustworthy? Why doesn't ESET flag this as malware via VT, when it clearly doesn't like these files during real time scanning? And most importantly: 5) Does this indicate a system compromise or infection? Or is this just some manner of false positive? Thanks in advance for any help. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted April 14 Most Valued Members Share Posted April 14 (edited) It's the BIOS package or the updater which is vulnerable , updating to more recent BIOS version will make ESET go quiet It's just mad about the BIOS/driver whatever this is , because it's vulnerable , you can exclude the detection so ESET can be quiet about it , or just update the BIOS/drivers(more recommended) which will fix the vulnerability and make ESET go quiet. But I think ESET is mad about the downloaded files of the BIOS , removing them will get rid of the detection, if the detection was from the BIOS itself , we will see another location in the message. Edited April 14 by Nightowl Link to comment Share on other sites More sharing options...
Tetranitrocubane 2 Posted April 14 Author Share Posted April 14 So these BIOS files were archived on an HDD within my system - I've changed my GPU twice since ever needing them. The GPU I'm currently running is three generations newer than the one these BIOS files modify. These files have never touched my current GPU, ever. As such, I'm more than happy to delete them. However, the fact that these files have been on my HDD for so long and ESET has never had an issue with them before tells me that something nefarious is going on. ESET has scanned these files literally hundreds of times over the years, and never had a problem with them. Why would ESET flag them now? I doubt that any vulnerability in the files was discovered recently. That makes me think these files have been recently modified by malware. Furthermore, these files were flagged by ESET outside of a system scan, while my system was idle. That makes me even more suspicious - As if something were trying to modify the files when no one was watching. I've performed two full system scans since these detections, but ESET has found nothing else. Link to comment Share on other sites More sharing options...
Solution matte 4 Posted April 14 Solution Share Posted April 14 I wouldn't worry about those being modified by malware. The drivers themselves aren't malicious, but ESET must have (recently?) been aware of a way to use these drivers in a malicious way (as in they are possibly vulnerable), and is blocking them to play it safe. Also, it only seems to care about the NVFlash utility's drivers themselves, and nothing with the BIOS files of your old GPU. As for why this happened out of nowhere, Windows usually does file indexing for Windows Search randomly in the background. SeriousHoax and itman 2 Link to comment Share on other sites More sharing options...
Tetranitrocubane 2 Posted April 18 Author Share Posted April 18 I'll put it out of my mind in that case, and thank you for the explanation! I'm surprised that ESET would label these files as malicious after nearly 10 years - but I suppose stranger things have happened. Thank you once again Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted April 18 Most Valued Members Share Posted April 18 10 hours ago, Tetranitrocubane said: I'll put it out of my mind in that case, and thank you for the explanation! I'm surprised that ESET would label these files as malicious after nearly 10 years - but I suppose stranger things have happened. Thank you once again Most likely due to a vulnerability found in that file. ESET designates them as unsafe because a malicious actor can exploit them depending how vulnerable they are. Link to comment Share on other sites More sharing options...
Recommended Posts