@TheFlash1300
3 Questions just for starter purposes:
1 )This:
"I got a better idea. How about checking the checksum of my UEFI "
What is your understanding of how a checksum works?
2) And:
"As far as I know, UEFI/BIOS viruses can survive re-flashing."
What research have you done and/or what have you read that let you to that conclusion?
3) Plus:
"Also, shouldn't there be suspicious messages in the Event Viewer? :
Event Viewer is a useful tool but has some limitations. One of which (my view) is that Event Viewer is not particularly user friendly.
Read the following Event Viewer/tutorial link:
https://www.windowscentral.com/how-use-event-viewer-windows-10
Based on the link and the information therein would you expect to see "suspicious messages"?
What would be or could be deemed a "suspicious message"?
Feel free to look for other Event Viewer links. (Note: Reliability History is a similar tool - read about Reliability History as well).
= = = =
My point being is that you really need to ask questions that demonstrate that you have, on your own, done some research on the matter at hand. Then cite some factual details that have led to the question(s) you are asking.
Always a good idea to provide or otherwise present what you honestly and fairly believe to be the correct or applicable answer.
You will discover that some questions are easily answered by just an extra bit of work on your own.
Much more satisfying and you will learn more as well.
1. Checksums are values. I haven't learned their 16bit value in a transmission and other functions they perform, but I have learned only what I need - the fact that checksums are pre-fixed to a file, and will be changed if the file is changed.
For example, although I don't understand all functions of checksums, I know how to use them to verify if .ISO file of Windows or Linux have integrity and authenticity. I know how to use PowerShell, what commands to enter there, in order to get the checksum of the file - then to compare the value and see if the file is 100% original and untouched. If the value I got from PowerShell is the same as the value provided by the creator of the file, the file is untouched and non-corrupted - safe to use.
So, I would like to do the same with UEFI - to get the checksum value, to compare it to the value provided by the manufacturer, and see if the values are the same. If they are the same, there is no virus making changes.
2. The re-flashing process is controlled by the ALREADY installed BIOS. This means that the virus code can be written in a way to recognize flashing, and start pretending an actual flash is being done, while it actually blocks the flash.
Here is some text:
The reflash operation is under control of... the BIOS, so the infected BIOS only pretends to do the reflash (or reinfects the new BIOS immediately afterwards).
Another flashable firmware in the machine is also infected, and when either it or the BIOS is reflashed, the still infected firmware reinfects the other one. Any device with DMA can hijack the live machine at any point, and most devices with a firmware have an onboard CPU which would be up to the task (GPU, hard disks...).
The disk firmware is infected, and inserts malicious code in the boot code which reinfects the BIOS. (Not sure it matches the symptoms, but that's a possibility.)
SOURCE:
https://security.stackexchange.com/questions/44750/malware-that-can-survive-bios-re-flashing
I have read other information, too, including official publications - they all have similar conclusions like the described in the text I showed above.
Doesn't it make sense? If the BIOS control the re-flashing, why wouldn't the hacker make the code able to recognize the flashing and hijack it?
Still waiting on just one of the "plenty of good reasons."
Knowing just one of the plenty of good reasons would demonstrate there's any reason to participate in these bizarre threads. And that's important; there's no reason to keep open threads that exist simply for your personal amusement.
Here are some reasons:
1. Multiple times I have downloaded cracked software for experimental purposes. How can I know some of the software wast engineered to install BIOS viruses?
2. Multiple times I have visited websites that don't support HTTPS protocol and downloaded files from them.
3. Used TOR to visit websites on the dark web and download things from them, like mods for Windows.
4. Downloaded multiple cracked games on the smartphone, then connected it to the computer, which could have transferred viruses to the computer.
5. Has kepts the Secure Boot option disabled for around 5 months, so I can experiment with other OSs. This option being disabled means boot viruses will not be blocked, but allowed at the boot.
There are probably more reasons, but I don't remember.
I no longer engage in risky behavior. Now I want to be sure the computer is 100% clean and safe, so I can put some data on it. I'm afraid that if there is a virus, it may modify my data, making it infected, which means the data will infect every other computer's BIOS I put the data in. I don't want to have permanently infected data. Also, I don't want someone to spy on me, in case the BIOS virus sends data to its creator.
So, as you can see, I really have reasons to think the BIOS is infected.
And why do you think that BIOS and UEFI are something special and can't be infected? If there are viruses designed for operating systems, why should I think there are no viruses for BIOS, too?
Why should I think although my OS was infected multiple times, the BIOS was definitely not infected?
My OS is no clean, because I reinstalled it. But how can I know the BIOS is clean, too? Reinstalling the OS doesn't affect the chip, neither standard virus scanners can reach the chip.
What makes you to believe my BIOS is clean? 2hy do you think my BIOS isn't infected, despite the fact BIOS viruses exist, meaning infecting the BIOS is possible?
Facebook
Twitter
Instagram