Hello all,
I have 4 ASUS P9X79-E WS systems all linked to the Internet through a switch. I recently discovered the IME/onboard LAN on one machine is talking over the Internet even when all computers are powered off. It only stops if the modem is turned off or its LAN cable is unplugged, then it waits with LAN light on. Otherwise the computer runs fine.
Also, the BIOS on a 2nd system reports an invalid (N/A) IME. This is the main system I use for everything.
Summary BIOS ME version symptoms
--------------------------------------------
computer1, 1704, 8.1.51.1471, talks on internet
computer2, 1704, _N/A, missing IME, main system
computer3, 1602, 8.1.51.1471, no issues
computer4, 1704, 8.1.51.1471, no issues
I tried updating computer1’s BIOS with the original, recommended, same version BIOS from ASUS using ASUS’s own upgrade tool in the boot BIOS. This reported success but the board failed to boot with numerous audible errors. Reverting to a saved ROM restored the board. (Whew)
Q. How can the board fail to boot after using ASUS’s built-in BIOS update tool to install the recommended original BIOS? Does this suggest there is other malicious code in the BIOS ROM?
Any help or thoughts are much appreciated.
I have a ch341a USB programmer to RD/WR roms and I am using Linux. One system has dual boot Win7
Rabus
@rabas
The “default” ME FW version in bios 1704 is indeed the 8.1.51.1471, by Asus…
On this thread you will find the latest update and tools required to version 8.1.70.1590 (1.5Mb), that can be applied to all the 4 boards. This update is done with the appropriate tool inside the ME8 tools package, not
by standard Asus tools/methods. Only apply this update when the system has the last available bios version.
Points# B1 and C2
For normal bios update, this motherboard model has the Asus Bios Flash Back feature and its the best method to your update issue (NOT EZ-Flash inside bios). Just put the bios file in a blank MBR/FAT32 USB.
File name should be P9X79EWS.CAP.
Without booting any OS, you can reset the CMOS defaults before using the Asus BFB feature.
For the issue N/A, you may try this resolution: [Guide] Clean Dumped Intel Engine (CS)ME/(CS)TXE Regions with Data Initialization
EDIT: Sry but i assume it personally, i dont like miners and will never help, so im gonna assume that youre a miner. Over_N_Out.
Thank you for such a fast and informative post. I’ve spent some time trying a few things.
I tried ASUS Flashback exactly as you suggested and it seemed to work. However, the computer failed to boot as it did when using EZflash. Then I discovered why. My computers have 6 GPUs and RDMA cards that require a BIOS memory setting called “Above 4G”. That interferes with the first boot after reprogramming the ROM.
After resetting Above_4G, Flashback worked fine with a fresh copy of bios 1704 from ASUS. Thanks!
However, that computer still talks over the network with all computers powered off (standby power).
Next, I tried a preprogramed 1704 bios chip bought from Taiwan. It has never touched my computers. It too allows the computer’s LAN to talk over the network. So I am a bit at a loss.
Q. Is it, in fact, abnormal for these mainboards to use their onboard LAN when powered down?
Q. After the Flashback, and more so using a Taiwan bios chip, have I cleaned all potential places that could hide malicious code?
Q. Could it just be a setting somewhere, like a bit, that a previous owner has set?
Again thanks for your help.
Intel MEI is spooky. It is considered to be a backdoor by many it can very much have your PC talk over LAN when your PC is powered down - https://www.techrepublic.com/article/is-…ine-a-backdoor/ . I wish there was an easy way to just disable it.