Jump to content

Need help I might be infected with UEFI Malware

user882

By user882
in General Discussion

 Share

Recommended Posts

user882

user882 0

Posted
Posted

Log
Scan Log
Version of detection engine: 29113 (20240423)
Date: 4/24/2024  Time: 12:01:40 AM
Scanned disks, folders and files: Boot sectors/UEFI
User: DESKTOP-BIC2Q7L\z
MBR sector of the 0. physical disk - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD - unable to open [4]
\Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG - unable to open [4]
\Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG1 - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG2 - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\bg-BG\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\bg-BG\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\boot.stl - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\bootmgfw.efi - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\bootmgr.efi - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\CIPolicies\Active\{5DAC656C-21AD-4A02-AB49-649917162E70}.cip - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\CIPolicies\Active\{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}.cip - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\CIPolicies\Active\{CDD5CB55-DB68-4D71-AA38-3DF2B6473A52}.cip - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\cs-CZ\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\cs-CZ\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\cs-CZ\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\da-DK\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\da-DK\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\da-DK\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\de-DE\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\de-DE\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\de-DE\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\el-GR\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\el-GR\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\el-GR\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\en-GB\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\en-GB\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\en-US\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\en-US\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\en-US\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\es-ES\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\es-ES\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\es-ES\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\es-MX\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\es-MX\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\et-EE\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\et-EE\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fi-FI\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fi-FI\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fi-FI\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fr-CA\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fr-CA\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fr-FR\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fr-FR\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\fr-FR\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\hr-HR\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\hr-HR\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\hu-HU\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\hu-HU\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\hu-HU\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\it-IT\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\it-IT\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\it-IT\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ja-JP\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ja-JP\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ja-JP\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kdnet_uart16550.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kdstub.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_10df.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_10ec.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_1137.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_14e4.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_15b3.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_1969.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_19a2.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_1af4.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_02_8086.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_07_1415.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\kd_0C_8086.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ko-KR\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ko-KR\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ko-KR\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\lt-LT\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\lt-LT\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\lv-LV\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\lv-LV\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\memtest.efi - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\nb-NO\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\nb-NO\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\nb-NO\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\nl-NL\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\nl-NL\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\nl-NL\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pl-PL\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pl-PL\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pl-PL\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pt-BR\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pt-BR\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pt-BR\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pt-PT\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pt-PT\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\pt-PT\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\qps-ploc\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ro-RO\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ro-RO\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ru-RU\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ru-RU\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\ru-RU\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sk-SK\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sk-SK\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sl-SI\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sl-SI\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sr-Latn-RS\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sr-Latn-RS\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sv-SE\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sv-SE\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\sv-SE\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\tr-TR\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\tr-TR\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\tr-TR\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\uk-UA\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\uk-UA\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\winsipolicy.p7b - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\zh-CN\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\zh-CN\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\zh-CN\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\zh-TW\bootmgfw.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\zh-TW\bootmgr.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\zh-TW\memtest.efi.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\BOOTSTAT.DAT - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\chs_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\cht_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\jpn_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\kor_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\malgunn_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\malgun_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\meiryon_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\meiryo_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\msjhn_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\msjh_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\msyhn_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\msyh_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\segmono_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\segoen_slboot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\segoe_slboot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Fonts\wgl4_boot.ttf - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Resources\bootres.dll - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\Resources\en-US\bootres.dll.mui - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Recovery\BCD - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Recovery\BCD.LOG - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Recovery\BCD.LOG1 - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Recovery\BCD.LOG2 - is OK
\Device\HarddiskVolume1\EFI\Boot\bootx64.efi - is OK
Number of scanned objects: 141
Number of detections: 0
Time of completion: 12:01:40 AM  Total scanning time: 0 sec (00:00:00)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 

 

I ran a scan and there's 2 files can't be opened but there's also another 2 files that were the same but they were scanned but they are named as

 

\Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG1 - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG2 - is OK       and they were opened fine why is that?

Link to comment
Share on other sites
user882

user882 0

Posted
  • Author
Posted

Why \Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG1 - is OK
\Device\HarddiskVolume1\EFI\Microsoft\Boot\BCD.LOG2 - is OK are being opened why they are called log1 and log2 but the original ones cant be opened is that normal?

Link to comment
Share on other sites
user882

user882 0

Posted
  • Author
Posted

when I flashed the bios with a new update.. Does it only overwrite the memory that is supposed to have space written to it and not the entire memory?  cuz if that's the case the rootkit/uefi malware can still be in there after flashing bios..,  

FYI I'm using Asus Motherboard, if there's any idea you know, do they overwrite the entry memory when flashing it or not?

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,085

Posted
  • Administrators
Posted

It is ok that bcd.log cannot be opened for scan, just ignore it. It can't be accessed even with elevated admin rights:

image.png

Link to comment
Share on other sites
user882

user882 0

Posted
  • Author
Posted

I understand but why there's 2 other files called BCD.LOG1 BCD.LOG2 

That were opened fine? Is that could be the malware one or what? please help and also if I uninstall windows and delete all the partitions and completely reinstall my windows and clear cmos then re flashing my bios on asus would that get rid of any uefi malware?

Link to comment
Share on other sites
LesRMed

LesRMed 23

Posted
Posted
7 hours ago, user882 said:

why there's 2 other files called BCD.LOG1 BCD.LOG2 

Those are probably old log files that were renamed and retained when a new log is started. They wouldn't be locked, so they are accessible for scanning.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...