Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Curious About some Virus Total Scan Results

  • Please log in to reply
1 reply to this topic

#1 Azors


  • Members
  • 2 posts
  • Local time:05:37 AM

Posted 26 August 2017 - 05:06 PM

Hi, I'm new here and I apologize if this is the wrong place, but it seemed like the best place to ask this question.


I have an Asus T200TA transformer book that I bought about 4 years ago, it worked fine for a long time but eventually I ended up on a sketchy website. Being the cautious person I am I updated the UEFI BIOS using a rom downloaded from asus.com, I then reinstalled Windows 10 using a thumb drive formatted from my primary Ubuntu installation. Afterwards I was setting up my Windows installation and I had only downloaded Firefox when I realized I had two firefox addons that I did not install (right after signing into my firefox sync account so they could have been on my old firefox...maybe...but they didn't show up on my ubuntu firefox, also signed into sync). One was "Firefox search test", which had the description "being used by mozilla to test firefox search", when it was active my searches would be routed to the yahoo search engine with a special HTTP request url denoting that it was a "Firefox search", there was a firefox logo on the page and other than that it seemed like a normal yahoo search. The other was something to do with "firefox help", but I don't remember precisely. Both addons had low user counts on the Firefox addon store, which made me suspicious, additionally the Firefox help addon had several comments indicating it was installed without permission on other computers. I removed these addons promptly.


Once again convinced that I had installed an infected file, or perhaps obtained an infected firmware package, I turned the computer off, taped up the cameras (whos LEDs I couldn't get to work) and stored the computer away. (I didn't need it at the time and it seemed like a lot of trouble to reinstall everything again. Now I am trying to flash the UEFI firmware again, but when I scan the UEFI roms I get from the official asus website (on virus total), they come up as containing some pretty scary binaries.


Let me elaborate they look fine at first glance:



But when you look at the "Bundled Files" there are tons of positives. Those are only two of the roms available for the T200TA, but all three of the ones I tested had sketchy files in them. What is the deal here? Do I fail to understand what "Bundled files" means? Are all of those false positives? Has an Asus content delivery server been hacked? Just trying to find out how to clean my little computer. I don't have data I'm worried about in case that wasn't obvious.


My primary computer also has an ASUS motherboard, and scanning the bios rom I have installed gives me similar scary results, I'd just like to know what's happening here.

Edited by Azors, 26 August 2017 - 05:18 PM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:11:37 PM

Posted 13 September 2017 - 10:10 AM

All the Virus Total response are clean.. No issues there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users