If you have an Asus computer, you’ll want to check if your device was among those affected by the recent “Shadow Hammer” malware attack.
You’ve probably seen worrying headlines about the malware, but for those who aren’t up to date, here’s the deal. A recent bout of malware has made its way across more than 57,000 Asus computers and laptops by exploiting Asus’ method for deploying software updates to its products.
That figure comes from a
recently released overview by online security company Kaspersky, which has been investigating the attack. The report looks into exactly how the attack was carried out, and why these methods have caused so much concern.
Kaspersky’s report also includes a tool the company developed for Asus owners to check if their device was among those impacted by the malware deployment. It only takes a few seconds to see whether or not your device was targeted in the attack.
1. Download “shadowhammercheck.zip” by clicking the “Download an archive with the tool” link in Kaspersky’s
SecureList article2. Unzip the file to your preferred location
3. Open the unzipped “
shadowhammercheck” folder and run shadowhammer.exe
4. The program will perform the test on your PC, and give you the results almost immediately.
What you’ll see if your PC isn’t infected by Shadow Hammer Asus has also released a diagnostics tool for its users to check their PC for the malware infection, and it works similarly to Kaspersky’s tool.
1. Download “ASDT_v1.0.10.zip” from Asus
2. Unzip the file
3. Open the file and run “ASDT.exe”
4. A dialog box will pop up with the diagnosis
You can also use Kaspersky’s online Shadowhammer tool to check if your system was on the targeted list, but you’ll need to know your computer’s MAC address.
1. Open command line terminal. Press the
Windows key+R, search for “cmd”, and hit enter.
2. In Command Line, type “
ipconfig /all” and hit
Enter3. You’ll be given several lines of information. Locate any and all lines that say “Physical address:” then make note of the hexadecimal number strings that come after the
Physical Address lines — these strings are your MAC addresses. You can see an example in the screenshot above.
4. Copy down each MAC address
5. Next, open
Kaspersky’s Shadow Hammer diagnostics page and copy each MAC address into the search field, and click “
Check Now.” Repeat for each MAC address.
If any of your MAC addresses come back positive, you’ll need to take action to find and eliminate the malware, and the first step is to equip yourself with a reliable antivirus program.
In fact, even if an app or website didn’t indicate you were on the “target list,” it doesn’t hurt to run a full antivirus scan (just in case). While there are plenty of excellent premium options out there, there are also many competent free antivirus and antimalware programs, including Windows Defender, that can help you remove any traces of Shadow Hammer.
You’ll also want to update the
Asus Live Update app to the most recent version (V3.6.8 or higher), which closes the security vulnerability that allowed the Shadow Hammer exploit in the first place. Like installing an antivirus/antimalware solution, this update is strongly recommended even for users who were not targeted by Shadow Hammer.
source
