Jump to content

Help me! Could my new PC's motherboard be infected? (Generic.Malware)


tkm098

Recommended Posts

Hello everyone. I recently got a new PC that has AS US motherboard on it. The PC itself is custom-built, a fresh clean Signature installation of Windows 11 so no extra "bloatware" could be causing any of this. I have not installed anything on this PC apart from few things such as Office software and Discord, from the official safe sources. I started to notice some odd behavior that I suspect could be caused by something specific. More specifically, one file suddenly vanished without leaving any trace (thankfully that wasn't anything too important). It could've been just a corruption but I also suspected a possible ransomware (encrypter) attack. I ditched Windows Defender which didn't catch anything and decided to install Malwarebytes. I was very surprised when Malwarebytes almost instantly caught this one, from the new PC (labeled as Generic.Malware/Suspicious):

image.png.7724f9b3089fa9bf3be6e6452c704622.png

It wasn't labeled as a potentially unawnted program, it was labeled as a threat...

Now I'm not an expert at all with BIOS/motherboards but I googled 'SLP Builder' and apparently it has something to do with BIOS, so that was a bit surprising.

VirusTotal shows 24/70 for this file on my computer (slpbuilderx64.exe), with some labeling it as 'Trojan.Doina' or 'Trojan.Gen'.
https://www.virustotal.com/gui/file/a47f46890477903a476a6329e99e692ac1b305b7a02dc290bf43bf3d38488728

I quarantined it with MBAM and everything works normally here, still. One relief comes from the fact that this seems to be located in C:\temp folder so it's possible (likely I guess?) that the executable was never active in the system. Still though, even the idea of a trojan file existing on a brand-new PC is quite chilling.

What are your thoughts? What should I do? Should I ignore this? If it is a legitimate AS US file, why would so many AVs label it as a trojan?
Is it just AS US being "suspicious" as usual, not a big deal? Please let me know what you think...

Link to post
Share on other sites

  • Root Admin

Hello @tkm098 and :welcome:

1. What is a "clean Signature installation of Windows 11"
2. C:\Temp is not part of the folder structure by Windows - who created that folder and why?

 

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.