Home Tech Antivirus BIOS Malware – Scan Your Bios for Compromised Firmware
BIOS Malware – Scan Your Bios for Compromised Firmware

BIOS Malware – Scan Your Bios for Compromised Firmware


As the revelations of Edward Snowden had unfolded, we had learned the NSA had been able to compromise the bios firmware in targeted computer systems. The BIOS would be infected with low level malware and would forever remain on the system even through operating system installations. Typical antivirus and security software would never scan this area of the system and would only offer a false sense of security. The BIOS malware threat has now become a growing concern in the security industry and has created new vulnerability cases other than those pursued by NSA. These include the Lenovo Service Engine and the Hacking Team’s UEFI rootkit.

Now there is a way to dump your current BIOS firmware and upload it to be scanned with VirusTotal’s 53 antivirus engines from all the major antivirus vendors to see if your BIOS does appear to be compromised.

WARNING: The software we will be using for windows is called Universal BIOS Backup Toolkit 2.0. This software itself does appear as a false positive by some antivirus engines but it is not malware. It simply will read your bios, and you will have the ability to download a backup of your bios which is the file we will be using for the scan.

BIOS Malware - Scan Your Bios for Compromised Firmware

  1. First start by downloading the Universal BIOS Backup Toolkit 2.0 (link below)
  2. You will need to right click on the .exe file and Run as Administrator.
  3.  As you see in the picture, click on Read.
  4. Once the scan is complete, click Backup.
  5. Once the backup is complete, you will have a .rom file which is a backup of your current BIOS.
  6. Upload your .rom file to VirusTotal for analysis.

If any of the antivirus engines report a possible infection, I would go to your computer manufacturers website and download the same firmware version and scan it. If that firmware does not show the same results, you could possibly be infected. If that is the case I would try to flash the firmware with the newest version from the manufacturer or the same version downloaded from the manufacturer which shows a clean scan. You also can look on eBay for a clean Bios EFI Firmware Chip for your computer to replace your infected one.

Here is more information and other operating system support from VirusTotal on BIOS scanning.

If you have another way to scan your bios firmware, leave it in the comment section.


File password: encrypt-the-planet.com

Download Universal BIOS Backup ToolKit 2.0.1

MD5 Hash: E04FAE74E856046F3D67C38C28B3E470  Check here


How Many Million BIOS Would You Like To Infect? by ETP on Scribd