As we have tested various small systems from the AceMagic brand, among others, and have also included them in our “Mini-PC” category, there is unfortunately no way around today’s rather unpleasant report. Recently, several sites reported that viruses or malware were found on various mini PCs from AceMagic. And not “just” some little worm, but the worst kind of sneaky programs. So let’s take a look at what exactly I was able to find on the computers.
The publication of this video was probably the decisive factor:
Shortly afterwards, I accidentally got in touch with the Youtuber on Reddit and subsequently used a few pictures from the video. I’ll explain why I couldn’t take any pictures of my own in a moment. It all started when “The Net Guy” set up an Acemagic AD08 for personal use and after a while received this wonderful message from Windows Defender:
The warns against the infection of the system with MSIL/Bladabindi, an unwanted backdoor access.
Acemagic AD08 Mini-PC im Test – Exotisches Gehäuse, RGB-RAM und ein Intel Core i9-11900H
I also tested this system, but at the end of last year. During my time with it, I didn’t receive any messages about a virus attack. Before I even run the first benchmark, I first install all Windows and security updates. Why the warning with “The Net Guy” only came during the later setup and not immediately could be explained by an update of the Defender definitions in the background.
After the test, however, I completely reset the AD08 Mini-PC via cloud installation, so any hidden threats that may still be present can no longer be traced. However, other models are also said to be affected, such as the AD15 and S1. A review was actually also planned for the AD15 model, but this was then suddenly canceled at short notice. I don’t want to go too far out on a limb, but this is probably related to the virus findings. However, I still had an unopened copy of the Acemagic S1. It did not have the “ENDIDEV.exe” mentioned in the find above, but it did have “ENDEV.exe” in the same path.
I copied the entire folder and then scanned it. Windows Defender found nothing wrong with it, the few VirusTotal detections are also OK and very likely false positives. However, something was modified in the setup, as the usual Windows 11 account requirement had already been bypassed. Incidentally, this can also be easily done by disconnecting the network connection, shift F10 during setup and entering OOBE\BYPASSNRO.
The Trojan:Win32/Redline.FG!MTB malware hidden in the RGB software was apparently found on the Acemagic S1 a few months ago, but again, I couldn’t find a problem on my model.
- VirusTotal Scan for the entire folder “CYX_TftTool”
- VirusTotal Scan for “LedControl.exe”
- Download of CYX_TftTool.zip
Apparently I have already received a newer revision of both models, which is not affected. And what does the manufacturer actually say about this? In a blog post from last month they apologize for problems with a pre-installed browser, but apart from that I haven’t been able to find an official statement.
So what’s this all about? My Acemagic S1… …comes with Google Chrome pre-installed, but that’s not all:
“navwithus” was already set as the search engine in Chrome.
In addition, the new tab does not open the standard Google Chrome page, but “UpSearches”. According to windowscentral, Acemagic has the following to say about this in addition to a 60$ coupon for its own store:
“The issue affecting web search stemmed from ACEMAGIC’s previous supplier of bulk installation systems. The supplier independently added pre-installed software without ACEMAGIC’s explicit authorization. In response, ACEMAGIC has severed ties with this supplier and has transitioned to a new partner, ensuring strict adherence to transparency and user-centric values.”
Looks like this new partner was an even worse choice than the previous one.
And what happens on our side now?
I will add a manual virus scan to my checklist for test reports on mini PCs or other pre-installed systems. Personally, I would advise everyone never to use the pre-installed Windows anyway, regardless of whether the computer comes from Asus, Dell, Lenovo or a small company from far away. Nevertheless, I am aware of the fact that only very few people follow this advice and prefer to save themselves the effort. At the moment, I still have a few test devices in the queue that have already been confirmed, and there will be articles with a prominent reference to this situation. Whether we will continue our cooperation with Acemagic after that is rather questionable. In any case, the response so far has not been satisfactory by our standards.
116 Antworten
Kommentar
Lade neue Kommentare
Mitglied
Urgestein
Veteran
1
Urgestein
Veteran
Veteran
Urgestein
Veteran
Urgestein
Mitglied
Neuling
Urgestein
Urgestein
Urgestein
Urgestein
Urgestein
Urgestein
Mitglied
Alle Kommentare lesen unter igor´sLAB Community →