infections which can survive a reinstall of Windows

Haydon said:

That's bull. The reality and practice of safe computing is the same, it does not change whether there is firmware malware or not.

Click to expand...

Dead wrong.

You can do minimal scanning, heavy scanning, scanning for multiple types of infections (and that is where knowing how an infection works, and what are the vectors for getting said infection), and so much more.

I didn't mention the multi-tiered approach just for the hell of it - it's a very real thing. And if you're more than just lackadaisical about protecting your system(s) you need to know this and employ the appropriate measures on multiple levels if you're serious about giving yourself the best overall protection short of going off-grid and offline.

Some people scan some things and not others. Not understanding why it is important to scan everything (or take other steps to mitigate infection susceptibility) can and will get you in trouble.

And, no, it's not just Stay away from bad sites and you'll be fine either.

It's not

Haydon said:

the lofty and empty hoopla

Click to expand...

By any means.

I've been following this thread with interest. @merlin02131 I have to say, I am confused about your situation, exactly how it came to be, and what your indication was that an infection exists in all these secondary computers in the first place . My head can't wrap around all the troubleshooting you've attempted either.
If I am understanding even a little of it correctly, I would think that a hacker would need direct access to a system to wreck such havoc OR one of the downstream computers has to download an infected file.

Sorry to be obtuse, but I am a simple person who needs simple explanations. Can you layout the chain of events how:
1. this infection came about on the primary system (what is this club you belong to) you say someone clicked on it and sent it over the network. How? Are you referring to file sharing here? Is it from a torrent site?
2. how it was then transmitted to others. Are you saying all one had to do to get the infection was to visit this site, or does one have to download the infected file
3. what indications are there on these other secondary systems and what effects it has on these systems.
4. Then, are you saying once the secondary systems are infected, this malware is being transmitted to other computers on one's home network without anyone ever accessing the infected file.

I don't need all your troubleshooting steps. Just clarification.

@johnlgalt I thought you agreed to disagree?

Anyway, you don't seem to know that firmware malware cannot be detected by any scanning tools and methods available to malware professionals in the field. You would need the tools and methods only available in special labs.

And yes, safe computing can be simple.

Well enough said.

@Haydon, i have my doubts about this virus existing, i have never run upon one that has the ability to hide like this one ! JMO

@flashh4 I am pretty sure that the 'virus' tossed up is not a firmware virus which acts in stealthy ways, it would not behave as described at all.

And I have my doubts too about the nature of the 'virus' tossed up. Well, @glasskuter asked questions, let's see if she gets a straight answer.

Haydon said:

@johnlgalt I thought you agreed to disagree?

Anyway, you don't seem to know that firmware malware cannot be detected by any scanning tools and methods available to malware professionals in the field. You would need the tools and methods only available in special labs.

And yes, safe computing can be simple.

Well enough said.

Click to expand...

I agreed to disagree. And I continue to disagree with what you're saying.

No hard feelings, man, but in this case you have your opinions and I have mine, and I'm gonna defend mine. I have nothing against you at all, just this one set of opinions you hold.

My entire post was me doing just that - disagreeing with your opinions.

BIOS, UEFI or Firmware infection are usually highly unlikely - because the attacker needs a tool specifically designed for the targeted machine/s - more exactly - a specific version "which has a vulnerability (if patched - it won't work - obviously)" on a specific model (for example - Dell XPS 15 9520 BIOS v1.8.1 NA revision). Furthermore - the gains of such attack are questionable - "when it comes to a personal computer" - since they're quite limiting - mostly annoying (messing with the fans or peripherals) or destructive (forcing the system in a reboot loop - whenever or as long as it's powered). Since you can't access the Operating System or its data - within BIOS - only the boot info (where again - you can mess with the boot parameters). For that reason - it's more likely for attackers - to target the vulnerabilities "of so called securities apps" - like TPM or SGX (Intel's Software Guard Extensions). That being said - this actually how a machine is securised - how most professionals deal with Firmware, BIOS or EUFI security related issues. Most common scanning tool is even Free/Open Source - tho, not meant for an average Windows user. As in...


"CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low-level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X, and UEFI shell."

Well, for specific vulnerabilities - more exactly - tied to IME (Intel Management Engine) - there is a Windows tool for scanning the IME firmware for vulnerabilities - which even the average user can use:


I do recommenced it (doing a scan) - especially if your system was not recently bought. Point being OEM upper management is usually handled by psychopaths - whom, despite of running a billions $ company - they rarely go beyond the minimum staff requirement - for handling product software updates. Thus, it's quite common for older machines (even 2 years old) - to be disregarded in terms of current/future updates - including security patches. Unless it's a major public fiasco - as was the case with Meltdown & Spectre vulnerability - which compelled the OEM to patch even older machines. So, hey - if you ran the tool and it detects your firmware as vulnerable - you could check the site for an update - but if nobody reported it - you might have to contact the OEM (Dell, HP, MSI, Acer, Lenovo,etc) for a patch.