I am not computer expert. But I need theoretical answers on important questions. I think the Equation Group malware is potentially very dangerous for everybody in spite of it is expensive and very targeted. Having read all Kaspersky reports I formed some questions with no concrete answer in Internet. Calling to Kaspersky Labs was useless. So I need your opinion not any way concrete answer on the following questions or some of them.

1. Can all the family of Equation Group malware be found with antivirus check by Kaspersky or other software, using advanced options?

2. Can Equation group malware system replace or modify  drivers, hard drive firmware, make other changes in system loading, if Secure boot is on and there is software with Elam support?

3. Are these changes fixed if they can do it in question 2 conditions?

4. Can be changes be fixed, blocked or reported by TPM module, if they are not fixed by Secured boot?

5. Can Secure boot and TPM module prevent infected system from Loading?

6. Can security or other software tools intercept or prevent direct malware modules interactions?

7. Can these tools intercept or prevent their interaction through windows system?

8. Are there any hard drives firmware can not be compromised by malware or any ways without physical manipulations?

9. Can the malwares and core of Equation group hide themselves and other components to become invisible for  behavioral analysis? Especially I am interested in the effectiveness of Kaspersky software control and Comodo Internet Security HIPS.

10. What signs point on the high possibility that the firmware is patched by Equation group or mother malware? Can there be some files or virtual file systems on the drive?

Hi,

About this issue, you may ask Kaspersky official support. And from WIKI information:

"It infects the hard drive firmware, which in turn adds instructions to the disk's master boot record that causes the software to install each time the computer is booted up. It is capable of infecting certain hard drives from Seagate, Maxtor, Western Digital, Samsung, IBM, Micron and Toshiba."

That is true. Anti-virus/anti-malware scanners cannot detect an infection because it rewrites an infected computer's hard drive's firmware, which kicks into action as soon as the computer starts up. There is no way in which that firmware can be scanned and formatting or low-level formatting cannot put things right because the firmware is not changed in any way during any kind of formatting of a drive.

More information, read this:

http://www.pcbuyerbeware.co.uk/PC-Security.htm

Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.