Fair warning-- Virused Gigabyte Drivers!!
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
I just scanned some drivers I got for a client's computer, from Gigabyte's main server in Taiwan. ALL of them had W32/Zire.A viruses in them, and F-Prot deleted them for me after asking if I wanted them removed-- F-Prot said they matched the Zire def EXACTLY. F-Prot found this virus today in an autoscan-- it detects on open, for email on receipt, and I have it in aggressive scanning (all files, archives, boot sectors, the works)and it daily scans as well. They were all IN THE UNOPENED DRIVER ARCHIVES directly from Gigabyte's Taiwan server-- files linked to from Gigabyte's support site. Those of you with malfunctioning boxes after installing any of the following:
Silicon Image 3112 RAID driver
Realtek 81XX driver (8100 series driver pack for that series)
Realtek Audio driver
on Gigabyte motherboards of series 7VAXP OR any Gigabyte motherboard that uses the devices listed above should scan for the Zire.a virus. Since the Silicon Image driver is used on more than one gigabyte board, ditto Realtek audio, all of you who have grabbed drivers for those devices on any Gigabyte board that uses these drivers might have infected boxes. In this case, those devices will seem to act up. I will be telling Gigabyte about this.
I have seen posts about RAID and other issues on Gigabyte boards, here, so am posting this warning here. Those issues can be caused by Zire and not be hardware faults at all. Myu box is not infected, I never opened the compressed archives that have the drivers in them. These are the only archives on my systerms that are infected.
I hope that not many boxes are infected....
I HATE doing this kind of notify, and replicated the download set and scanned with a different AV product on the new download set before posting just to be certain I did not have a mistrigger\false positive.
John D.
Silicon Image 3112 RAID driver
Realtek 81XX driver (8100 series driver pack for that series)
Realtek Audio driver
on Gigabyte motherboards of series 7VAXP OR any Gigabyte motherboard that uses the devices listed above should scan for the Zire.a virus. Since the Silicon Image driver is used on more than one gigabyte board, ditto Realtek audio, all of you who have grabbed drivers for those devices on any Gigabyte board that uses these drivers might have infected boxes. In this case, those devices will seem to act up. I will be telling Gigabyte about this.
I have seen posts about RAID and other issues on Gigabyte boards, here, so am posting this warning here. Those issues can be caused by Zire and not be hardware faults at all. Myu box is not infected, I never opened the compressed archives that have the drivers in them. These are the only archives on my systerms that are infected.
I hope that not many boxes are infected....
I HATE doing this kind of notify, and replicated the download set and scanned with a different AV product on the new download set before posting just to be certain I did not have a mistrigger\false positive.John D.
0
Comments
John D.
If any of you guys get an official response, let me know please. Thanks.
So far, Danny at Gigabyte Technical Support Engineering has asked how I got to the drivers. They are looking into it.
Will update this thread as needed.
Lesson, since some of these viruses are starting in the far east, scan ALL archived driver packs you download also, please, before you unarchive them. They come from the far east in many cases.
I also advised F-Prot of what had happened, suggested they might like having Gigabyte as a customer.... They DO also offer enterprise grade AV, in fact they STARTED OUT as an Enterprise AV company.
One reason Hauri's ViRobot Expert is popular, is that is a Japanese origin product, the viruses that start there are picked up by the AV folks there before they hit the US and rest of North America. The problem is that any archive can hide a virus, unless the archive is scanned internally before opening, the archive's ditribution channel can be an inadvertant or deliberate vector for viruses.
In Gigabyte's case, I am reasonably sure the vector is inadvertant (understatement for emphasis, mfrs cannot afford to have their driver products virused). But, when packs are put up, they need to be scanned before uploading and the file servers need to be IDS'd and scannned every once in a while (like once a week, minimum).
I did not post this to embarrass Gigabyte per se, they make decent boards for those who do not want extreme OCing, but some of the issues with Gigabyte products posted here did not make systemic sense unless there was something other than just bad\corrupt drivers at work. Windows will not normally do spontaneous reboots unless it is damaged beyond a simple driver defect. Especially XP, it will roll back drivers and say it has recovered from a serious error (exactly once unless corrupt archive is reinstalled) if something major happens to it that is not also viral or trojans or worms of internet or machine progressive damage type, or real hardware errors, or hardware incompatibilities between the parts in the set of hardware used.
John D.
Ageek - this is a serious thread? No?
And to the IDIOT who talked here about idiots, I HAVE been fighting viruses since the late 1980's. LITERALLY. On boxes that were running MS-DOS 2+ and 3.0, forward to present with Linux and Windows viruses. I get virus news from US-CERT, Kaspersky, F-Prot, and quite a few others. IDIOTS, my sore left foot (the one that gets crimped toes from quadruple E shoes, it needs quintuple E 8-1\2 shoes)!
John D.-- aka Ageek, AKA jdii1215, aka an "Old Fart" who is a professional system builder and A+ CompTIA certiffied tech, Microsoft System Builder, and who started using IBM boxes when PC-DOS was at version 2.0.