Evga Driver

[Pricilla Igoe]

Thismorning when I woke up and started my computer, ESET threw a warning at me that CompatTelRunner.exe was trying to access C:\Program Files (x86)\LED Sync\WinRing0\WinRing0x64.sys. Which is a file that it has seen for over five years, and comes from the legitimate hardware vendor EVGA. ESET this morning labeled it as a Potentially Unsafe Application. Which I find really odd its being malware for FIVE YEARS that ESET didn't detect?

I went ahead and cleaned by deleting, and then submitted a sample from quarantine to ESET - But I'm just curious if this is in fact legitimate malware, or potentially a false positive. The Hash on the file was 012DB3A80FAF1F7F727B538CBE5D94064E7159DE - Which when searched via VirusTotal, gives a completely clean profile with no detections. Including ESET!

The detection is correct, was added in February already. Detection of pot. unsafe applications is disabled by default. Also we add a PUsA detection when it's obvious that a particular application has been seen to have been exploited and misused in attacks. So it's normal that we may start to detect a particular PUsA after years.

With a backdoor open for that long, I'm somewhat hesitant to conclude everything is okay - But I confess I may be being paranoid. Is there any other measure that would need to be taken after the cleaning of the initial file?

I believe it's nothing to be mad at ESET for , Without analysis but it could be that this software has been used in some exploits several times which made ESET include it as unsafe application, but the safety of the program depends on it's developers , it happened to ASUS before that where malicious actors used their software to deploy their malware to people who had their software

I doubt you are compromised, but the detection just shows that this application can be misused and harm your device, uninstalling it is the better option , if you still don't trust ESET results , you could run another scanner like Kaspersky or Windows Defender which could scan without realtime so it won't conflict with ESET.

As I no longer require this software, I have completely uninstalled it. I'm just curious if any further mitigation is necessary. If the driver itself were directly malicious, I would expect it to compromise the system at a level beyond uninstallation being the solution.

What I meant is that, after uninstalling the EVGA software and running a full system scan, ESET didn't find any further malicious software of note. Is this result to be trusted, or because of the vulnerability in the EVGA software, should it be treated with suspicion (As you mentioned "exploitation can and have bypassed any detection's by security software.")

Since Eset's detection was here:C:\Program Files (x86)\LED Sync\WinRing0\WinRing0x64.sys, I am assuming it was a user mode driver. It appears the vulnerability was to allow exploitation to in essence, give the driver kernel mode privileges.

Exploiting falls in the category of targeted attacks. The targets are entities that either present financial advantages or political motivation to the attacker. Deploying an exploit requires the attacker to perform a number of activities, the first of which is recognizance against the target's IT infrastructure to determine if vulnerable software exists.

So my employer recently got me a new keyboard for my workstation, the EVGA Z20.

I also use a KVM to jump between two Windows PC's, and an Ubuntu MATE PC.

I set it up on a Windows PC using the proper software as well.

The keyboard works perfectly with Windows, but there are a few problems when I switch to Ubuntu.

Namely, some keystrokes aren't recognized while typing, some register as being held down, and then the keyboard eventually disconnects from the PC entirely.

I tried everything I could, from using WINE to install the normal program, to searching for third party software, to searching for some way to modify the existing keyboard driver built into the OS.

I've checked on the EVGA website, and at least with GPU's, they state that they don't support Linux. Other forums haven't turned up any sort of workaround either. I also e-mailed their support team several days ago, but not yet received a response.

So I'm ultimately trying to get this keyboard at base functionality with Ubuntu MATE, and I suspect I may need to learn to write the software myself. That being said, I also have zero experience with that.

If anybody can help me find a way to make this keyboard work, or point me in the right direction to learn how to write the software myself, I would greatly appreciate it!

I've had a few Issues with my Z15 and Z12 and Unleashed , ie not being recognised on computer bootup etc and at least some of it seems to be related to the microprocessor in the Keyboards needing the Power from a USB3 (Three) Port . My MOBO has 4 ports for Keyboards and Mice and I tried them all but all are USB2 it seems and didn't provide the power necessary ( or wake on boot properly? ) switching it out to a spare USB3 port has stopped a lot of that.

Thanks for all the tips!

I'm currently talking with someone with EVGA about getting those control codes, so hopefully it'll come through. Unfortunately, the steps before that did not solve the issue, so it's off to learn how to write a driver and reverse engineer one myself!

I'll post back when I have more progress to report.

EDIT: I heard back from EVGA on this, and short version is, they do not / will not release the API or source code, and were not allowed to say more than, they do not support Linux.

So in short, it looks like the only way left is to outright reverse engineer the driver.

Which is bundled up in RGB control software, so the first step I think, is to isolate the driver from the rest of the software.

If you have any tips on how I should proceed, I'm always open to suggestions!

It would also mean that if you replace your current SSD for a brand new empty system drive, the keyboard wouldn't work until the EFI setup, which means you can't use the keyboard to install windows in the first place.

Is my reasoning correct ?

P.S.

It is scary at least that if the EVGA driver (non-free, closed source, windows only) is discontinued, your keyboard (closed specifications) is reduced to an expensive paperweight because of this.

Anyway, reverse engineering the driver is therefore extremely useful, not only for use with Linux but also for use with Windows in a year or two (so you won't be inconvenienced when MS+EVGA pull the plug on the driver)

Just for clarification I read as your employer supplied the keyboard for some reason (features) that works or are needed in your job workstation which would seem to be using Windows. They determined it is what they need or want. Then you are using a switch on another Windows and Ubuntu computer and trying to configure the keyboard to work on the Ubuntu computer. Thus if I understand you would not be able to replace it with a different one. I understand the possible concept as once had a switch to another room with just monitor and keyboard to utilize my one computer.

Many people use the keyboard very casually. Often, while working at a computer or laptop, they eat because of which crumbs get into the keyboard, as a result of which it starts to work poorly, and in the case of a laptop, you need to pay a lot of money for repairs, and if the keyboard is for a PC, you will have to buy a new one. That is why I can recommend paying attention to the MacBook keyboard cover.

I've been using this keyboard case for a very long time and it's the only reason why my keyboard is still in perfect condition.

Whether you are playing the hottest new games or working with the latest creative applications, NVIDIA drivers are custom tailored to provide the best possible experience. If you are a gamer who prioritizes day of launch support for the latest games, patches, and DLCs, choose Game Ready Drivers. If you are a content creator who prioritizes reliability for creative workflows including video editing, animation, photography, graphic design, and livestreaming, choose Studio Drivers. Do a little bit of both? No worries, either can support running the best games and creative apps.

"Beta Release" Beta drivers are provided by NVIDIA as preview releases for quick bug fixes and access to new features. Beta drivers are under qualification testing, and may include significant issues. It is the end user's responsibility to protect system and data when using Beta drivers with NVIDIA products. It is strongly recommended that end users back up all the data prior to using Beta drivers from this site. Please ensure that newer Recommended/Certified drivers are not already posted on NVIDIA.com prior to installation and usage of Beta drivers. Beta drivers posted do not carry any warranties nor support services.

I did the fresh install and now it gets hung up on installing nvidia drivers. I have checked the risers and they work properly with the 1660S I have. I thought i did my research on this card but missed the fact it was an LHR. I will use it for the time being if I can get it working and then use it for a different build.

Hello,

I am posting here rather than on the EVGA forums as I believe this is a driver-related problem, and EVGA has indicated previously that NVIDIA support should be contacted instead of them for Linux-related issues (see here, I have also tried the steps in this thread)

I would like for either the fans to work as they do by default under Windows, for the Linux driver to expose all three fans separately under their appropriate thermal zones, or expose one fan but have it actually control all three.

As EVGA seems to be making more models with asynchronous fan control, this could become a bigger issue in the near future. I believe the FTW3 and the SC2 in the 1080 Ti line are currently affected.

3a8082e126