How to Scan UEFI for Rootkit Malware in Windows

UEFI (Unified Extensible Firmare Interface) is the successor of the old legacy BIOS – both linked to the firmware that is loaded as soon as you turn on your computer. This small code is the first thing that your computer executes before anything else, including the operating system instructions or the antivirus software. This is why if a malware makes home in the UEFI memory of your computer, it becomes a really big headache and is actually not easy to remove.

Fortunately, there are not many UEFI infecting malware out in the wild. So far only two malware capable of infecting UEFI memory have been detected — one by ESET researchers in 2018 and another by Kaspersky Labs in 2020. At the moment, both ESET and Kaspersky products are able to scan the UEFI memory for malware.

If you want to know whether your computer’s UEFI memory has been infected with malware, then here is how you can scan it using ESET Internet Security:

  1. Download and install ESET Internet Security on your Windows PC from https://www.eset.com/. It is available for 30 day trial and you can also purchase 1 year license.
  2. Double-click on the ESET Internet Security’s notification area icon to open its window.
  3. Select Computer scan, click on Advanced scans and then choose Custom scan.Scan UEFI with ESET Internet Security
  4. Select Boot sectors/UEFI from the list of scan destinations and then click on the Scan as Administrator button.Scan UEFI with ESET Internet Security
  5. In a few seconds, you will be shown the results of the UEFI memory scan.

ESET Internet Security scans your UEFI and boot sector at each and every boot to keep all sorts of malware at bay. But if it actually detects some UEFI malware then you should contact the ESET support professionals for help. According to ESET experts, an attempt to reflash the UEFI firmware can be made to remove such malware infections. And if that fails, then the motherboard has to be replaced.