Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UEFI and BIOS malware


  • Please log in to reply
3 replies to this topic

#1 10101x86

10101x86

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 July 2018 - 04:10 PM

Hello Volks,

 

Sorry to tell you but there is an agressive UEFI Root/Bootkit running circles.

I don't know either it"s name nor the idiot whom wrote it.

 

Fact is: it patches UEFI from infected Pendrive , it unworks the following OSs --> BSD, Openindiana, Linux, Ms Windows.

 

something gets downloaded after booting the machine (level 2 loading)

 

My question is how can a UEFI be extracted from a CMOS to reverse this s* f* kit.

 

The Intruder may delete files, set permissions on folders and files, install other malware like patched NetworkFilterDriver, etc,...

In my case the Intruder(s) malform the human readable Strings in my self compiled Java bytecode jars.

 

 

really unfunny

 

UEFI update doesnt delete it.


Edited by hamluis, 06 July 2018 - 04:18 PM.
Moved from Internal Hardware to General Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 10101x86

10101x86
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 06 July 2018 - 04:17 PM

forgot to mention MacOs.



#3 10101x86

10101x86
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 07 July 2018 - 11:34 AM

so, what i've heard is that an homepage owner gave money to some students from Linz in Austria and they did this job for him.

Dont't know exactly if it's true but it's not impossible.

 

p.s.: i'm on the 17th machine now ... (and still figuring out details)


Edited by 10101x86, 07 July 2018 - 11:36 AM.


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:35 PM

Posted 07 July 2018 - 11:36 AM

I would suggest starting a topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum.  This would be your best shot of cleaning this up.

You will need to do the following prior to starting your topic.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

   * If you cannot complete a step, then skip it and continue with the next.
   * In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done this, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so this topic can be closed by a Moderator.

DO NOT bump your new topic. Wait for a response from one of the Malware Response Team Members.  The MRT members look for topics which have not been addressed.  If you bump your topic it will make it appear that your topic is being addressed.

 


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users