Graphics card virus?

Breakchimp

Prominent
Jun 12, 2017
13
0
510
0
Hi all,

Recently sold my old Gtx Titan X on eBay, buyer sent it back saying it was running hot. Got it back and put it into my system to test and it runs fine and at normal temperatures. Only trouble was, once i’d put my new cards back in and booted up, I got the notice that my C drive was being scanned and repaired? Is this a normal occurrence? It’s not done it before and the pc was powered down correctly beforehand. Once I got back to desktop I also noticed that windows security centre was advising me that my UAC had been turned off, that my temporary internet file default save location had changed, and that my firewall had been turned off. Is there any chance the buyer could have loaded the card with some virus or something?

Thanks for any help offered.
 

Eximo

Titan
Ambassador


I spent about five minutes googling and came up with documented vulnerabilities for doing just that. Loading a rootkit into a vBIOS is not that far fetched in any case. That is memory/code that is loaded when the machine is turned on, before the OS loads. No different then the old BIOS rootkits.

I would hope wiping the infected computer, flashing both the vBIOS and motherboard BIOS would get rid of anything lingering. Might also have to low-level the drives in case it was very smart and pulled down additional rootkits when it had free access to everything.
 

LinuxDevice

Reputable
May 20, 2017
503
37
5,240
86
There are very few possibilities for putting a virus into a video card...there is probably something else going on. Any time you change a high end video card (or anything drawing significant power...or simply working on a system which has been powered up before) there is some possibility of unexpected changes to the system. One might be that during power off the CMOS battery isn't working and a BIOS setting changes or erases. Another would be that if power wasn't completely off and capacitors drained (e.g., holding the power button on for a few seconds after unplugging), then something could be damaged (including firmware/software/hardware). Changing the video card did probably trigger some sort of windows update as well. Don't know what is going on, but it is unlikely the card itself could have been hacked/modified.
 

Eximo

Titan
Ambassador
Apparently yes, there are GPU based rootkits out there.

Not sure how you would go about eradicating them, might start searching (on another computer) about the Jellyfish rootkit. Certainly take that computer offline immediately, it could be searching your computer for all your personal information. Though I suspect these people are probably snooping around for crypto wallets.
 

Eximo

Titan
Ambassador


I spent about five minutes googling and came up with documented vulnerabilities for doing just that. Loading a rootkit into a vBIOS is not that far fetched in any case. That is memory/code that is loaded when the machine is turned on, before the OS loads. No different then the old BIOS rootkits.

I would hope wiping the infected computer, flashing both the vBIOS and motherboard BIOS would get rid of anything lingering. Might also have to low-level the drives in case it was very smart and pulled down additional rootkits when it had free access to everything.
 

Eximo

Titan
Ambassador


Right now is the perfect time...could steal thousands in bitcoins or whatever coin once you have access to people's machines. If nothing else, they could also put your computer to work mining for them when you aren't paying attention. Or simply encrypt it and ransom.

Similar to about ten years ago with flash storage(USB drives, photo frames, mp3 players) coming pre-loaded with malware/adware. Same concept, but a little more clever.
 

Eximo

Titan
Ambassador
What I might do in this situation is to grab a spare drive, install a fresh OS and see if it happens again.

And then see if you can verify the last modification date to the vBIOS and compare it to what is available from the manufacturer.
 
Well hackers, like all criminals, are always looking at new "business opportunities" and they are very resourceful and resolute. If this is a new way they are doing things, it's very troubling. GPU makers need to look into this and perhaps put BIOS change lockdowns on future GPUs. IF this is the case. Even not, it should scare everyone out there to take further precautions anyway.

I'd be curious to know the background of that eBay buyer here in this case. Has the account been around a long time? Is his buyer rating (from the seller) high approval rated like above 97%?
 

Breakchimp

Prominent
Jun 12, 2017
13
0
510
0
Seller has a good rep, 98% positive over 1700 transactions. I’m hoping it was just some coincidence and my computer had a brain fart. Can’t see as many people would know how to put a rootkit on a graphics card, and my anti virus hasn’t found anything since I removed the Titan and went back to my 1080ti’s. I’ll look to wipe drives and everything just to be safe though.
 

ASK THE COMMUNITY

TRENDING THREADS

Latest posts