English Expand for more options.
Home Laptops Aspire, E and F Series Laptops
image

uefi has ransomware. where and how can i reflash it, and where can i find a file/download?

gmtechgmtech Member Posts: 6 New User
edited November 2017 in Aspire, E and F Series Laptops
I am trying to fix an e-series laptop. it is infected with ransomware. I can clean up the HDD on another machine, but during boot, it does a checkdisk and reinfects the operating system. I think I need to reflash uefi. where can I find this file? thank you, Dave

FAQ & Answers

  • IronFlyIronFly ACE Posts: 18,412 Trailblazer
    https://www.acer.com/ac/en/US/content/support
    input your model and click on BIOS, by the way BIOS flash will work only under windows OS.
    I'm not an Acer employee.
  • gmtechgmtech Member Posts: 6 New User
    Oh boy, that's going to be a problem. my uefi is infected with ransomware. I can take the drive out, and run software to get rid of it, but it is reinstalled during a "checkdisk", at boot. I can't get to windows.The only other way I see to get around this is replace motherboard or is there a uefi chip I can desolder and replace?
  • gmtechgmtech Member Posts: 6 New User
    I should add that before I get to windows screen, I get a system password required. I have not been able to get past that.
  • IronFlyIronFly ACE Posts: 18,412 Trailblazer
    no other ideas.
    I'm not an Acer employee.
  • JordanBJordanB ACE Posts: 3,724 Pathfinder
    edited November 2017
    When you plug the HDD in to a different computer, does it have an EFI partition?  If it doesn't have an EFI partition, then you probably just have an MBR infection.....root kit. 

    If his computer has UEFI, the OS might possibly have been installed in legacy mode.....thus giving you an MBR disk instead of GPT. 
    I'm not an Acer employee.
  • JordanBJordanB ACE Posts: 3,724 Pathfinder
    1. Create Windows 10 USB media

    2. Boot the Windows 10 USB

    3. After you select your language, select "repair your computer"

    4.  Navigate to command prompt

    5.  Bootrec /fixmbr
    I'm not an Acer employee.
  • JordanBJordanB ACE Posts: 3,724 Pathfinder
    https://support.microsoft.com/en-us/help/927392/use-bootrec-exe-in-the-windows-re-to-troubleshoot-startup-issues
    I'm not an Acer employee.
  • gmtechgmtech Member Posts: 6 New User

    I found an article at pc world that is very close to my condition. I might add I tried running sfc /scannow, can't pending disk repair(on every start up) tried all options, including complete factory reset. I can not get in, even in safe mode, a system password has been added. The owner had a pop up, Microsoft tech (I don't think so!) was in the laptop for 30 mins. Now I get stuck with fixing(maybe) it. The desktop I am using to repair this, is a clean win 10 64bit. it has uefi. I can not post links, yet, but the PC world article is 3046626. I am creating a win 10 usb, as I type.

  • JordanBJordanB ACE Posts: 3,724 Pathfinder
    edited November 2017
    @gmtech

    If it were my computer, here's what I would do...if I determined it was just an MBR infection.  When you examine the disk in Windows Disk Managment, and it doesn't have an EFI partition, then you will know it's an MBR disk.  You can also determine if the disk is MBR or GPT in diskpart. (check for asterisk)

    1. Connect HDD to other PC to get the important personal files off of it.

    2. Wipe the drive with diskpart clean all  (this might take a few hours to run)

    from a command prompt:

    diskpart
    list disk
    select disk x   (x=the drive you want to clean---be careful)
    clean all
    exit

    3.  Reinstall the operating system

    https://www.microsoft.com/en-us/software-download/windows8

    https://www.microsoft.com/en-us/software-download/windows10

    https://store.acer.com/en-us/extended/recovery/


    Edit: If you're truly gettings a BIOS password request, then you're probably going to have to resolve that first.  I can't help you with that.

    I'm not an Acer employee.
  • gmtechgmtech Member Posts: 6 New User
    Thank you JordanB. I gave it a shot, and watched the exact same thing happen again, reboot and a repair took place, and I am back to where I started. I ran ClamWinPortable, Emsisoft Emergency Kit Starter, ClamWin found Trojan, that was removed. Reinstalled drive. While it was open, I found a recovery file, that was empty, 0kb. deleted that, rebooted, caught dos window, blink, scandisk started, gave me option to stop it. I did. it started at recovery window. I have started a full PC reset. It has started, I have my fingers crossed.
  • JordanBJordanB ACE Posts: 3,724 Pathfinder
    edited November 2017
    @gmtech

    make sure you use these two commands if you're not yet ready to wipe the drive.

    bootrec /FixMbr

    bootrec /FixBoot


    If you wipe the drive with diskpart clean all, then you don't need to worry about any of this bootrec stuff
    I'm not an Acer employee.
  • gmtechgmtech Member Posts: 6 New User
    Update. Can't believe it. everything malware reinstalled. used another  hard drive formatted with Linux, and acer, I think, sent me uefi image. updated uefi with image, re-installed orig. hard drive. performed a factory reset, that worked. This is new to me, and I have been fooling around with windows since 3.1, lol. now to put effective countermeasures in place. defender is not enough. Thank you all for your thoughtful responses.
Sign In or Register to comment.

Who's Online1.2K

Andrew_Sn
Andrew_Sn
costamatheus
costamatheus
ErikAlvarez00
ErikAlvarez00
KanagawaTomasu
KanagawaTomasu
Kno63
Kno63
LíviaMelo
LíviaMelo
Nadk
Nadk
ralppp
ralppp
Reytak
Reytak
user221203
user221203
Viper_09
Viper_09
xapim
xapim
xZare
xZare
+1.2K Guests

Join in, share your experience!

It looks like you're new here. Sign in or register to get started.

Sign-in / Register

Assistance by Acer


Drivers &
Manuals
Acer
Answers

This Month's Leaders

The opinions expressed on Acer Community are the personal opinions of the authors, not of Acer. By using this site, you accept Acer's Privacy Policy and the Acer Community User Agreement.

Sign-in / Register