Could LOJAX be the WORST computer virus in HISTORY?
HTML-код
- Опубликовано: 21 авг 2023
- If you haven't heard about this virus yet, you will soon. It's called LoJax and although it hasn't hit the mainstream yet, it's effects can be absolutely devastating. Let's do a deep dive into how this virus works, replicates and destroys your computer's motherboard, hard drives and other peripherals.
Like and share if you find this video valuable to others!
Hope you guys enjoy this!
👉 If you enjoy this video, please like and share it.
👉 Don't forget to subscribe to this channel for more updates.
👉 Subscribe now: cutt.ly/mOW7myv
Help support the channel!
Scott's Computer Stuff wish list: www.amazon.com/hz/wishlist/ls...
Scott's RUclipsy stuff wish list:
www.amazon.com/hz/wishlist/ls...
💢 ALL the tools that I highly recommend and use personally every day...
Hardware ---
◼ 142-piece magnetic electronics precision screwdriver set with 120 bits
👉 amzn.to/3exdNeb
◼ StarTech 4-bay USB 3.0 hard drive docking station 6Gbps
👉 amzn.to/3z6zNpG
◼ StarTech 2-bay USB 3.0 hard drive docking station SATA 6Gbps
👉 amzn.to/3sAGZt0
◼ Netgear A6100 wifi adapter
👉 amzn.to/3DWUp5p
◼ Godshark NVME to USB adapter M.2 SSD to Type-A USB 10Gbps
👉 amzn.to/3FGw3O8
◼ Cordless, rechargeable air duster 6000mAh 10w fast-charging
👉 amzn.to/3pzJWIa
💢 Helpful/useful everyday software ---
◼ Back up your CRITICAL data automatically with Carbonite!
👉 bit.ly/3qvWMqe
◼ Ninite (used to automatically download and install your favorite software):
👉 www.ninite.com
◼ Defraggler (used to defragment and organize your files):
👉 www.defraggler.com
◼ Open Office (Microsoft Office FREE replacement)
👉 www.openoffice.org
💢 Hey, do you want even MORE in-depth techie stuff? Check out my friend Nico's page, Nico Knows Tech:
👉 / nicoknowstech
💢 FOLLOW ME ON SOCIAL MEDIA:
✔ Twitter: / askmecomputers
✔ Facebook: / askyourcomputerguy
✔ LinkedIn: / ask-your-computer-guy-...
✔ Instagram: / askyourcomputerguy
✔ Discord: / discord
** Affiliate link notice **
Some links included in this video are affiliate links. The creator may make a small percentage
from any products you purchase through one of these links. This comes at ZERO extra cost to you, and greatly helps to support the growth of this channel. Thanks so much for watching!
![A Day To Remember: Feedback [OFFICIAL VIDEO]](http://i.ytimg.com/vi/iXVnysmQ4e0/mqdefault.jpg)
OK now I am EXTREMELY scared about this!
Even when I have followed all the steps in this video, I as a faithful computer user for over 15 years, am still scared about getting infected with LoJax on any of my computers.
Just use best practices. Surf smart, keep your AV updated, keep a current backup, don't click on anything unfamiliar, and pray the word gets out to the BIOS vendors sooner than later.
@@AskYourComputerGuy Thanks for the advice, dude.
wonderful video. keep up the good work
Thank you! 👍❤️
I still think the worst virus ever is Windows. It stops you doing what you want to do, it expands to fill your hard drive and it hogs resources. On top of that you have to pay to use it. Anybody who isn't already following your suggested best practices deserves what they get.
Based on those guidelines, I absolutely can't argue that 💪
I was manually backing up some data and complicated installations recently. Left it running overnight. Despite having automatic updates disabled, the next morning I found my PC rebooted, signed out and updated… and the backup interrupted to the extent that it’ll have to completely restarted
@jennymckinnon9528 and yet another reason people hate Windows 🥲
Hey, Killerbill, I was going to say LOL to your comment but the problems that Jennymckinnon was having I can’t now.
😂😂 this made me laugh /.. I’m an Apple person but deal with windows as well so I hear ya !
It sounds like the BIOS manufacturers have the power to fix this. They could simply create an update that writes zeros to those empty spots in the BIOS chip, thus overwriting the virus code. Or before you get the virus, couldn't they somehow mark those empty spots as being reserved or unavailable?
They absolutely could! Even just writing dummy text in tbe empty spots and the virus has no where to embed itself. That's what concerns me...this thing has been around since 2018 and nothing has been done yet
yes
👍
@@AskYourComputerGuy _"...this thing has been around since 2018 and nothing has been done yet"_
Maybe that's the plan? 🤔
@TheRealPureBlood could be 🤷♂️
Sounds similar to the Chernobyl virus from 1990s. My husband's computer was infected with it, they had to redo the core of his pc.
Yep. While I have good practices, I wonder if motherboards with dual BIOS can get around this if infected? By that I mean if the primary BIOS is infected, switching to the secondary would isolate the infection. Alternatively you'd either have to desolder or otherwise replace the BIOS chip.
Personally, ransomware scares me more than LoJax right now. The problem is there's a lot of different components on a motherboard that have programmable firmware and you could be stuck in a whackamole situation.
.. I should add this, You're pretty much screwed if companies like ASUS, Gigabyte, Dell, etc have their servers infected with infected malware, BIOS, drivers or any software. _BTW I'm well aware that this scenario has happened before._
All great points. I am honestly curious about the dual BIOS question 💪
@@AskYourComputerGuy .. I guess it would depend on how the BIOS chips are switched and by that I mean "seen" on your MOBO. Some have physical jumpers and some have "convenient" push button switches .. cough like my ASUS Extreme with a simple push button .. meaning as far as I know of virus can see both BIOS chips on the motherboard, one in an active state and one in a deactive state and just for s**** and giggles infect them both.
I swear some of these viruses, malware l, and hacking in general under conditions should be considered capital crimes.
@DJaquithFL I agree 100%
Does HP surestart protect from this? Edit: just checked HP website. It does. Lucky me!
I've been spending some time learning to create and deploy virtual machines on my NAS. Right now, I have a Windows 11 VM up and running and it's pretty much indistinguishable from using a normal PC installation. Would using a VM provide any level of protection against something like LoJax ?
Great question! The VM, yes. But the VM still runs on a "live" PC. There's your risk right there
@@AskYourComputerGuy But, isn't the VM sandboxed and therefore isolated from the host PC's hardware ? IIRC, when I created the VM, I had to select a BIOS / UEFI which belongs just to the VM.
@DavidM2002 the VM is sandboxed. But if your host pc that the VM runs on gets infected, all bets are off
Great video. However Windows Defender truly is better than most of those "free" AVs out there. You might even want to consider making a video on this topic. Keep up the great work.
I actually plan on it :)
Given how infrequently if ever nost users edit/update their bios, they should make it non-rewritable without plugging in a jack or some such thing.
100% yes!
@@AskYourComputerGuy so...there is a solution ?!
@Julius1225 yes. All explained in the video 👍
It would make sense to have an offline network and use a live cd to access the internet etc. Once the live cd is shut down its all gone and I dont think it writes to the drive. You can still save info to a drive and use it offline while your regular pc is only on an offline network.
A Live system uses the system RAM to work. It will not write on your physical hardware
Yes, but you are still using a system with a bios when you run that live CD. It's not about what gets written and where. You still have a bios controlled pc running the show under the hood
@@AskYourComputerGuy ah yes good point.. In general practicing what I said would help alleviate a lot of other issues like virus's etc... Unless I missed something there also..
👍
I have an X-99 Deluxe 3.1 Motherboard... There is a setting on that motherboard's firmware that can write protect the input output storage to prevent programs from just writing into this circuit. I'm going to turn this setting on, going forward. The firmware has not been anything new since 2017. There is no real reason for me to continue to allow any writing into the input output components. I do have a flashback feature on my motherboard that will allow me to recover the firmware to my system. This motherboard has its own USB interface, that is dedicated to being used as recovery. That's pretty ingenious. Many bios' chip today is EEPROM, which may not need to clear everything, prior to reflashing the IO component.
I was having no bootable device found issue. Tried changing the boot order. The BIOS is updated to the most current version. Followed your Windows 10 video and reinstalled a clean Windows. I've had malwarebytes for forever and avast. Just started having the boot issue after my computer was running really hot and shutting down. A good dusting stop the overhearting but that's when i got the boot error. I'm concerned I may have picked up this thing. As I've never had issues like this before. And i have an additional laptop that is about five years old that works fine
No bootable device usually indicates a drive problem. I would boot to the Windows installer disc or drive and run a chkdsk /r to verify drive integrity. Here how:
How to fix ANY Windows problem with the built-in repair tool
ruclips.net/video/i-QHtJGAXgI/видео.html
Thanks!@@AskYourComputerGuy
@sammykins7778 anytime!
Can this virus also infect core boot running motherboards (instead of UEFI)?
From what I understand, if the system has a BIOS chip, it can be infected. There isn't a ton of information out yet about exactly which components are not vulnerable
Want to know the perfect analogy for the entire computer ecosystem? "I removed my front door for convenience, now I need to figure out some kind of security system to prevent burglars from coming into my home."
Security is always an afterthought with computer hardware and software makers. The whole problem with viruses infecting or corrupting the BIOS could have been 99% eliminated if computer manufacturers had put even a little thought into security. How? First, put a write-enable jumper on the motherboard. For the BIOS to be written to or updated, this jumper has to be physically in place because without it, writing to the BIOS chip is physically impossible. And to prevent people from just leaving the jumper in place, the computer won't boot unless it's removed. Secondly, put a copy of the BIOS in ROM and add a second jumper that when present at boot, will cause the ROM copy of the BIOS to be flashed onto the BIOS chip, blank areas and all. Sure, it may be an older version than the user had at the time, but it will be a CLEAN copy.
These two measures would virtually eliminate the possibility of the BIOS being hijacked, or of a virus hiding in the chip. Simple and effective, and yet none of the geniuses designing this stuff has thought of this?
Probably because it would involve effort, and people (whether manufacturers or end users) don't want to put in any 🤷♂️
I have an HP surestart on my PC and the HP website says it protects against this virus.
Why doesn't the BIOS gets recovered from the backup BIOS recovery ROM chip (I assume there is one as BIOS is so important at hardware level), into secondary BIOS chip bit by bit? Isn't it like copy paste everything (filled or empty spaces)?
Great question, but unfortunately it doesn't work like that. Not when you're dealing with a rootkit BIOS virus 🤷♂️
HP Surestart claims to not only prevent compromising BIOS on Pro machines and higher, but also repairing it via its HP Surestart if such virus found its way into the system (they tested it). It has an encrypted golden copy and can detect if changes were made in the core firmware, overwriting it with a healthy copy. No other company seems to have this protection developed and HP also has it for commercial printers. Learned all this just today, as I am no PC geek, but HP claims they were educating the industry about this for years. Why is it not more known? That's the question.
maybe lift write pin on bios, or secondary protection on write side of bios plus lojax been about around 4 years,
Assuming that is even possible for some bios chips, who is going to coordinate that fix at scale? The BIOS vendors need to fix it at the software end, not count on random novices being able to change or reconfigure a BIOS pin set 🤷♂️
Scary Stuff by Sick people!
Right!?
Secure Boot does not protect the firmware. It only verifies the Operating System on the boot drive.
yea
👍
I am working with computers since 2005 and electronics since 1990, I have seen a lot of viruses, i have never again used antivirus on my computers after windows 7 and now I have over 10 years using Linux where no installer can be launched without Super User DO authentication. BIOS brick What's that? with a heat gun and flux remove the BIOS chip from the board, flash the chip with the ROM provided by the motherboard manufacturers page using Arduino or a Raspberry pi and the right software and solder it back or pay to someone to do it.
madden 24 requires secure boot enabled on pc if on W11. the forums are full of people saying that by enabling secure boot has bricked their pc. i don't want to enable secure boot with how many have said this has happened to them.
Secure boot will never brick your PC. But weird that a *game* requires it! Odd 🤷♂️
Never take PC advice from random gamers in forums.
@NicoKnowsTech probably good advice 😂😂😂
@@NicoKnowsTech i don't think what you said is wrong, i'm just old school and mostly follow the rule "if it ain't broke don't fix it"
@@ShaneH5150 that mentality will actually keep you out of a lot of trouble to be honest.
If you set up the password in bios will blocked it?
Unfortunatey, no. Nothing except secure boot (for now) and an eventual software re-code from the BIOS vendor(s) will have any effect. This is a rootkit virus, it's quite powerful..unfortunately
@@AskYourComputerGuy 👍
Yea on my windows pc i only have windows defender reasons in the past when the subscriptions to the anti virus software ran out turned into a virus of its own to the point where my laptop was put in a boot loop untill i could quickly uninstall it before task manager could load it problem fixed otherwise would of just changed os but thats before i knew i could many years ago qnd the promblem with anti virus also is it looks for known signatures if you modefy the code of the malware you can make it fud pretty easily or make your own secound they could possibly look for behaviors which thats a grey area which could be more of a gead ache then its worth though i also dont keep anything of value on any of my computers so i can wipe them on the fly anything useful or personal stsys on cold storage aka an external harddrive
👍
Does this affect cellphones too ?
At this time, there is no way to know. I suspect no, based on what I know. At least not yet anyway :)
I got it on a fully upgraded windows 11 with nordvpn and Norton 360 active.
It's not only on my bios/uefi but it's on my audio drivers. It spread to two of my laptops. And it appears to be looking for devices with Bluetooth also.
I've reformatted twice, flashed bios ran every av I could find and nothing works. Dunno what I did but someone didn't want me playing starfield.
Sounds like it! 🥲
Do a test. get a HP with HP surestart and try what you did when you got this. if you dare :) HP claim they can fend off the threat with their Surestart protection. I am curios to see whether it is the case.
@D.von.N I'm curious as well
That's... not why UEFI was created.
Wakes up one day to find out Lojax and Black Lotus has malware child BlackJax Lotus..... See lots sad faces worldwide. Sits back and quits computers, goes back to library. ;)
😂
Thanks for the video. I like the free antivirus is better than Windows Micro dollar defender! Anyone who is not backing up data files be it on PC, laptop, tablet, phone and the like is ignorant.
Agreed!
Should be a Death Penalty crime.
100%!
How good is Microsoft Windows Malicious Software Removal tool
Against a UEFI firmware rootkit? About as good as using a bandaid for a slow leak in a boat 🤷♂️
Can lojax infect usb devices such as usb hard drives?
Absolutely yes
@@AskYourComputerGuy even keyboards or mouses?
@@AskYourComputerGuyand if yes how can i delete it from infected usb?
@@AskYourComputerGuy thank you so much
@user-wh2kg6lt9l negative. Only devices that can store data. Your other peripherals are fine 👍
The world's going to hell, so why shouldn't the computer world. Time to give computing away. It's a constant battle and not fun anymore.
More like LoTax
Lojax is possible to fix, but it will require special tooling that 99% of people will not have (I'm going to try and be among the 1%)
LoJax has been around since 2018, and is very well documented, so why all the fuss now?
Because a) the BIOS vendors haven't dealt with the vulnerability and b) it's starting to get talked about in local tech news. And c) it's probably better to be made aware of it before it becomes a problem for an end user 👍
Is this Windows only virus, or universal?
Great question! As far as I know, universal if your PC uses a BIOS 🥲
@@AskYourComputerGuy hmmmm. Of course they all have a bios, but how does the virus enter the computer? Does it not have to start as an executable? Sorry, not trying to be argumentative, just want to understand. A Windows program will not run on a Linux machine, and vice versa. This is why most of my machines run Linux as Windows is the prime target.
@rickharms1 logical response. I would imagine that a virus could also be embedded into a Linux compiled image or even into a JPG image. Regardless, aways be safe!
Really like your channel and content, but ….
Completely disagree that defender is not sufficient and totally surprised that you recommend downloading a free antivirus. I have experienced, without exception, the free and also paid antivirus end up trashing my system.
Don’t make statements that you can’t backup.
I appreciate that. I actually said it "might" be enough but I wasn't expecting it to contend with something this big in the future. Defender is not the crap AV it used to be and for many people, it's plenty. But those same people don't usually pick up UEFI firmware rootkits either. I honestly think Defender and maybe MalwareBytes Pro side by side would probably do the job. But again, nobody knows exactly what or how this will spread (if it does), and it's just my opinion at the end of the day 👍
Umm... what's new? LoJax has been around since 2018...? Why panic now?
Not everyone knew about it. More stories are coming out about it, and it's usage is starting to be seen in more places. If you're already aware of it, count yourself lucky 💪
Also, BIOS vendors have had 6 years to patch these issues. They haven't. It concerns me.
So basically what I'm hearing is it wrecks your bios but that's all it does. Is this correct? In other words it won't brick your hard drive or anything not connected to your motherboard. So you could just move all your drives and devices to another good motherboard or just simply replace the motherboard which can be as cheap as 50 bucks. If I'm wrong, then How does it brick say your hard drive to render it not usable in another system?
This is correct and it will save your system from the UEFI rootkit. Unfortunately, many motherboard are way more expensive, especially on beefy Systems. In this case a Firmware flashing might get rid of the threat
Obviously if your hard drive isn't connected, it can't damage it. And theoretically yes, switching out motherboards would solve it. But not all boards are that cheap. Plus you might have to pay someone to swap it
Have a repair shop remove bios chip, install new chip and write bios to that chip. Problem solved, no new computer or motherboard needed. @@AskYourComputerGuy
Assuming you haven't found a local computer shop that works for donations, do you realize the cost of what that strategy would likely be? It'd be cheaper just to buy a new computer. Plus, not every computer shop has the tools (or skillset) to remove hard-coded bios chips from motherboards. That's a very specialized skill. I wouldn't even attempt it, and I know what I'm doing.
@@AskYourComputerGuyalways follow the money....because it sounds like to me that some hacker wants us to buy new computers.
I won't use Anti Virus software not even Defender. Most of them slow your pc down. Which is why I won't use an SSD. They make the appearance of the system so fast that you can never tell if a slowdown is happening due to bloat software updates which Microsoft loves to push. I do agree with the rest of your Best Practices. Instead of AV's I protect my windows based system with a State saving tool like RX Rollback Home Edition - It's essentially a System Restore Pont creation tool that resides on a layer of your hard drive that is retained even if my hard drive is formatted. I can have my system fully back up and running in 5 minutes after a hard drive wipe. I back this up with Macrium Reflect Free Edition for extra security.
Unfortunately, this virus is a UEFI rootkit, which means it installs itself in the firmware of your computer. No matter how many times you reset your operation system, it will still be active and safe on your PC Firmware
@@Cyanwasserstoff But that Only contingent on using the same motherboard and otherwise you can just plug your hard drives into a good unaffected motherboard. is that correct?
I just saw your other post under my other comment. So I am correct. So this virus is no big deal at all as long as you replace the motherboard.
@@Cyanwasserstoff It's all bs to me. because I replaced my motherboard that cost 300 bucks (when the pc was new) with one that cost 80 bucks that did the exact same job. Yes. the exact replacement was 3 times more expensive but the one i replaced it with had No more functions. They always way over price hardware because the whole industry is super corrupt.
@@DivergentDroid It always depends on your needs. If you need PCI 3 or PCI4 and how many, how many PCI M2 Slots (in your case irrelevant) , RAM DDR4 or DDR5 slots, which CPU socket and so on. If the cheap motherboard does meet all your requirements than it might work just fine
audio level bad
Heard.
Sorry, but you're bit of a drama queen, stepping into a car is far more risky. I use PC's since the first IBM PC was released in 1981, and guess what? The only virus I ever got was in 1988, and only because we didn't have any real-time anti-virus in those days. Move forward 36 years later....never got a single virus... go figure... and I've been at tons of places online that some people would avoid for that reason. My wife, and my kids (adults now), neither. It's all about using common sense, and installing the as best tested virus scanner money can buy, and there is only one in our book, but I'm not going to promote it.
Wow..been called a lot of things before, but "drama queen" is a first. Thank you...?