I'm seeing a lot of comments about how companies will likely make sure the malware is not on review units. In this situation the malware appeared ON reviewer units. Most of the time they ship reviewers out of the same Amazon stock they send to consumers. The initial units I received, the ones that tested clean in this video, arrived before the ones that TheNetGuy got for his channel. I also totally forgot to mention the giveways :). You can sign up for my store alert email: lon.tv/storealert to get notified of upcoming giveaways and gadget sales. You can also follow my account on WhatNot with my affiliate link: lon.tv/whatnot where you'll get $15 to spend on their platform.
Hey Lon, I’ve been a huge fan of your work and long time sub. Thanks for mentioning my video. Wow - blocking defender now?! That is super sketchy. Thank you for your diligent research. It looks like the virus issues were isolated to c:\Windows\OsVer folder and some EXE files that were >100kb. If they are there and over 100kb that’s the bad files. If around 5-6kb they are just their normal bypass. The fact they can bypass the network setup portion of Windows 11 - a Microsoft requirement for the OS even from OEMs, it tells me they’re probably using Enterprise volume keys vs retail/OEM. I had an issue trying to activate on a clean install which is why they have all those stickers 😮. Oh, I'll add my ship date was Dec 20th and by Jan 5th my "P2" machine was clean, but had Chrome. They keep improving... or devolving :(
Thanks for drawing attention to this issue! I've always been curious how these Chinese mini PC makers get these great deals on Windows 11 Pro. In some cases the PCs don't cost much more than a license does standalone. I'm not sure what's going on with them - as you saw the earlier PCs I had looked clean, Defender worked, etc.
AceTragic Great video. I just bought a Beelink mini PC and I ran it through significant scans and continue to. So far so good. I love that little machine.
I work in IT and we apply a custom image for every device that we deploy out. It includes specific software already in the image. You can customize the settings to not even show the OOBE after sysprepping the image and even disable Windows Defender when the computer starts up, blocking Microsoft accounts and even creating backdoor accounts. Even though we only buy from the large OEMs, we still want to make sure that there's no junkware or other malicious products running and that's why we apply the image. It also allows us to keep 1 image up to date and when we deploy it across new devices, it's already mostly updated, whereas some vendors images can be very out of date.
I mentioned below but your system most likely is registered with an enterprise cd key that's meant for clients in a large business. The one's that companies buy in bulk and use to install on all their office pc's. So your cd key is for a client and not the admin. This is my guess but considering that you can buy these cd keys for cheap online through the "black market" I'd say it might be it.
12:35 - To be fair, plenty of nerds feel that being forced to use a Microsoft account is equally concerning and appreciate the instructions on how to bypass it and set up a local account instead.
@CantankerousDave Just google "bypass Microsoft account setup". During windows installation, when asked to enter you Microsoft account, look for "skip this step" or "use local account" or similar. The installation will ask you a couple of times to setup a Microsoft account, but will eventually allow you to skip that.
The thing is the malware was hidden on the recovery partition which is at the end of the hard drive and which normally is not assigned a drive letter. The same goes for the EFI partition at the beginning of the drive. You would have to use Disk Management to assign drive letters to these partitions. Pull that NvME drive out put it in a NvME drive carrier and scan it outside of the computer in another computer. I would nuke these from orbit and do a clean install on these mini pcs. This would show whether they are using a kludged version of Windows11.
I bought used business laptop from reputable company. Still first thing I did was looked that system seemed to be working fully hardware wise. After that confirmation, boot into Linux live and new mbr and deletion of all partitions and OS reinstall from my own media.
Outside of something hiding in the BIOS or something, shouldn't securely erasing the SSD (or replacing it) and then installing your own copy of Windows, solve any potential problem such as this? Since the Windows license/computer is activated, you shouldn't have a problem doing a fresh installation and having it authenticating just fine...right? Cool video, thanks for sharing and good luck.
@@TrusteftTech Because there literally is no risk. Installing a fresh OS overwrites the partition, so the files are no longer there. Worst case would be that the bytes of the compromised files are still there somewhere, but unused and inaccessible from the file system.
it doesn't matter if you had to go through the OOBE, microsoft included a method to bypass the OOBE for OEMs to preinstall junkware and then reboot back into the OOBE.
From my many years of IT experience. One of the first rules when receiving desktop/laptop computer hardware from less known computer manufactures, containing pre-installed version of Windows; format the drive and re-install your operating system (Windows/Linux).
Great followup. Curious to see where this goes. I recently got one of these mini PC's from a different, but similar, manufacturer and I have always been concerned about malware or spyware. I mainly use it offline and never use any personal passwords.
Every time I purchase one of these mini pc's I wipe it, install a fresh copy of Windows and then spend the better part of a week trying to find all the drivers for the weird arse hardware they used, better to buy a used Dell Micro, at least the drivers are easier to find....
Oh I know buddy, but in the case of these mini PC's it can still be a crap fight to obtain operational drivers, one finds themselves downloading 5yr old driver packs from random places like Lenovo, Dell and HP to get things working, I've been messing with computers for over 40yrs, so I've been around this scenario many times.@@WareWolf801
Hmmmmmmm....Chuwi? The name itself is suspicious. Maybe it'll chew up your IT security. It's good that you wiped and clean installed, but like Lon said, you don't know what in the BIOS or UEFI, or even some of the chipsets.
Hello, I recently bought a mini pc and am seeing the same thing. I am wondering how to do the drive wipe and clean install like you did, can you help me?
My Acemagic from Amazon had Defender, passed initial Scans, seemed fine but some weeks after all of a sudden Edge started spinning then Redline Virus alert popped up....Even though Remote Desktop was Off, I wonder if there is a Backdoor that loads the Virus afterwards or Virus remains dormant for a Time ?
Couple ideas top check for deeper problems in these machine. Print out a copy of the devices that need device drivers, then install a plain copy of Windows onto the device. The hook up a pc between the minipc and the internet that logs all internet interactions. time ip address.port number, and that data going thru the internet and look for anything unusual. This also could be done by loading linux onto the pc and lloking for unusual inr=ternet transactions in the same way. This will probably detect problems in the bios and other hardware with software in them.
The problem I see is, are people really going to want to buy a computer that they can not trust and need to run a virus scan on before they can use it?
The problem is Rootkits kick in before windows and before your antivirus so you should be doing scans from bootable USB devices that also scan the EFI and Recovery Partitions.
Lon, great video. I think they need to switch vendors or do the imaging in house. Something stinks here because even though there is the occasional dud, no one is complaining about the quality of the box.itself. I really like this mini PC trend and would hate to see bad actors spoil that trend- these machines are easy on the wallet and easy on the electric bill. I'm awaiting the follow up.
My thoughts exactly.. This is really about a quality control issue and setting some standards about what these machines should look like when they leave the factory.
I wonder what would happen if a fresh Windows from a USB drive was installed from the media creation tool? Or a Linux distribution? I like the mini PCs for small tasks and will keep in mind to trash the hard drives or wipe them clean.
I recently purchased an ex-gov lease HP mini G3 PC for my father and it came with Windows 11 Pro pre-installed and setup with a user account (User?) which I didn't like because it was already active and setup by someone else. I immediately formatted it and downgraded to a volume licensed version of Win 10 Pro. No issues to worry about now.
Thanks for the video. My question is that if I initialize Windows and allow internet access, haven't I already opened the barn door for problems for malware etc already on the machine. Shouldn;t there be a process that I DON'T allow internet access and run tests. Hitman won;t work if I do that, by the way
Windows has a superuser admin account you can activate so you might be able to reenable Windows Defender. The superuser account allows much more access to Windows than the "normal" admin account. There are instruction on how to do this online. That might illuminate some issues.
unfortunately purchased one of the Redline infected AD08 mini pc in January from Amazon, I replaced the SSD and installed a Retail copy of WIN11Pro. But now I'm concerned if there may be a Logo Virus on its AMI motherboard, has anybody checked for this ?
Lon. Could you try to recover the machine and see if Defender is still missing? If it is, then someone has fiddled around a lot with the OS level files.
I reviewed a AceMagic mini pc almost a year ago and it didn’t have Chrome or anything weird on it thankfully. That said, this is all very disturbing and reminds all reviewers to make sure they double and triple check this stuff. Really bad stuff. 😢
If I were to buy one of these computers I would immediately install a version of Linux on the hard drive and blow out windows would that alleviate the spyware or is it in the bios
Serious question, just one of their units from Amazon and i signed into my google account after initial setup. I noticed chrome looked odd so i had google kick the login out through my 2 part verification on my phone. Am i screwed as far as the password stealing etc....? Im not tech savvy so im in the dark as to how a lot of this works.....
Windows Defender being disabled is a MAJOR red flag. There could be malware on _any_ level of that machine; even down to the chip level. The only way to be sure is to run Wireshark (et al) & trace the IPs for a period of time to vet the machine, & even that might not be conclusive. I'd be nervous about even putting that on my network. - ex game programmer
Depends on the price since wiping is trivial before doing your own install. I keep a Ventoy live USB with a variety of live toolkits. All free so why not?
I want to get a new PC but this is happening all over the place. Even if you do a factory reset it doesn't help because it's in the chips. Scary stuff coming straight from a corporation.
I see that I can get an Acemagician A06 Pro for just over $200.00 right now. I have no intention of ever running Windows 11 on it, but am wondering if it can run Linux Mint Cinnamon without issue. Any feedback from others that have done this would be welcome. Processor would be AMD Rizen 7.
I'm looking to purchase a Mini Pc and from what I can tell, all the Chinese branded mini pc's are suspicious with some brands a complete no go. Are there any that I can even consider? Beelink and Trigkey from what I've researched seem the least likley to have malware/virus/spyware infections. Does anyone know a reliable, safe brand to consider? The machine isn't for me so I won't be able to run malwarebyte scans etc.
If it's Chinese or Russian or from India, you want to wipe the hard drive immediately. Now, we have found that many Chinese computers, smart plugs and Cameras have malwares inside their firmware.. Not your average joe can inspect a firmware and be knowledgeable enough to detect these malwares. A good percentage of them are found on Amazon as top sellers. Also a lot of these high 4k security cameras are used in sensitive areas and that's exactly what the Chinese dictator wants. I highly recommend you avoid all Chinese stuff, your smart plugs is sending data at 3am 😅. Seriously avoid everything Chinese for safety reasons! Not just computers, also batteries we found to have infected BMS.
It's a shame this is happening - part of me feels sorry for the company but they dropped the ball on their due diligence. It's also exposed several other TH-camrs' cosiness with manufacturers, but I'm glad to see that you've given the issue a good look - that's the responsible approach that others have missed. Ace (insert name here) are probably a tiny brand, reliant on OEMs to do their manufacturing and I'm prepared to believe that they've been screwed by their hired help, but have had these devices manufactured by the container load and shipped to Amazon fulfilment centres for distribution to the general public. I shudder to think how much damage that scale of malware infection could cause
Thanks for walking through this. Hard to trust such things even if completely wiped. I just spoke with an IT and systems engineer who recently returned Hong Hong, and he said they that malware and spyware was found embedded in major brand SSDs at the firmware level that was tied to CCP state actors. Even if you replace the SSD, can you trust the bios on such computers?
These cheap manufacturers using enterprise volume licenses for Windows is concerning. I upgraded a Windows 10 machine from HDD to SSD for a family member with a clean Windows install and I couldn't re-activate Windows. I suspected ahead of time that I might run into that problem because the laptop was purchased from some computer shop in a shopping center long time ago but it had been working ok all along until the reinstall. The only reason for the reinstall was that it had slowed down to a practically unusable crawl + the HDD. So I had to use a legitimate Windows license from an old retired machine that I had laying around.
I bought a couple mini PC''s in the past. Always felt the Windows licensing was a little sketchy. I always wiped drives and installed a fresh Windows from Microsoft's creator tool. The fact the Ace Magician model limits accounts to a local one and Defender is disabled is very concerning.
ALWAYS reinstall your own OS on hardware when you purchase it. Use an installer you obtained from the OS vendor directly, not the hardware vendor. It might be a little more work to track down drivers, but you're probably a tinkerer if you buy these kinds of systems anyway, right? :)
In my opinion, in light of these recent developments, I say these mini pcs are only a viability option if you plan to run linux on them. The possibility that they may be infected means to be safe a clean OS install should be performed. You could install windows and spend time hunting for drivers, or you could install Linux.
agree with psychoacer below that this is most likely a Windows Enterprise Key. might be able to confirm that with some digging. Also, the malware was apparently embedded into the recovery partition or recovery image that came with the pre-load image. ie, you must nuke the whole OS, wipe and reformat and reinstall from a fresh clean drive. we are assuming at this point the bios is legit. still not a great situation. ymmv.
better to get an SFF optiplex or an NUC much cheaper and less malware on them... lenovo was good but they have malware in the bios so you gotta install coreboot or libre boot
I almost bought a Kamuri, but went with the Beelink EQ12, got it's Win 11 Pro on my M$ account, removed that NVMe and put another one in and installed LMDE 6, I don't care for Windows.
Seems quite suspect! Blocking Windows Defender says to me it's been messed with intentionally. I wouldn't want anything to do with that pc. Thanks for the video.
I don't think anyone cracks Windows anymore. They just use a 3rd party authenticator. So that wouldn't cause this issue. Most likely the key was for some form of enterprise Windows install. Probably a bulk IT cd key that treats everyone but the admin as a client/not admin. So it's restricting things that usually are maintained by the corporate admn.
You have a gray market computer as well with respect to Windows. Using the enterprise license I am sure if way outside the T&C, and that is why they want to make sure there is no network connection or it would have failed if you tried to create a MS account. 🤷♂🤦♂
Son on your upfront disclosure: did you say that all the units to be assessed were provided by ACE Magician? Pardon me but whether any money was exchanged, where is the integrity of the units provided? I would dare say those units should be treated as suspect rendering any assess for “spyware” null and void.
If i got one i would put my own copy of Windows on. i do that anyways with any pre loaded OS even with major brand names. This to me would be a tinker toy and no personal info would be on it.
I've always built my own PCs and will continue to do so. I like the Mini PC form factor but the level of control I get from a self built machine is worth a lot more to me.
You can get the best of both. Look into cases by Silverstone. They even have some that can fit a full size ATX board too. They're really good for under the TV.
I guess this is the "magic" being performed by AceMagic... As per doing low level things like pulling BIOS files, Wendell from Level1Techs is one of the guys you can go to.
Who gets these mini PCs and doesn't immediately install a fresh install of Linux or Windows, or any other OS? Don't use the software ANY computer vender installs. Even if you get a Dell or Lenovo wipe it and start from new.
You are right about Lenovo. My Ideapad 3 came with a nasty little trojan. Had to do a fresh install of Win 11 for that to go away it was that tenacious.
Damn it. I have the am06 pro and sure enough it had the trojan.... 😡 thanks for letting us know Lon! Time to change my passwords and nuke this os install
I dodged the virus/malware/trojan with my AM06 Pro 5700u model. Even so I did a clean install of the OS following Carey Holtzman's method and so far it's running like a champ. Here's a link to his method, it really worked well for me. th-cam.com/video/Qp2huqOVDkE/w-d-xo.html
I'm seeing a lot of comments about how companies will likely make sure the malware is not on review units. In this situation the malware appeared ON reviewer units. Most of the time they ship reviewers out of the same Amazon stock they send to consumers. The initial units I received, the ones that tested clean in this video, arrived before the ones that TheNetGuy got for his channel.
I also totally forgot to mention the giveways :). You can sign up for my store alert email: lon.tv/storealert to get notified of upcoming giveaways and gadget sales. You can also follow my account on WhatNot with my affiliate link: lon.tv/whatnot where you'll get $15 to spend on their platform.
Hey Lon, I’ve been a huge fan of your work and long time sub. Thanks for mentioning my video. Wow - blocking defender now?! That is super sketchy. Thank you for your diligent research. It looks like the virus issues were isolated to c:\Windows\OsVer folder and some EXE files that were >100kb. If they are there and over 100kb that’s the bad files. If around 5-6kb they are just their normal bypass. The fact they can bypass the network setup portion of Windows 11 - a Microsoft requirement for the OS even from OEMs, it tells me they’re probably using Enterprise volume keys vs retail/OEM. I had an issue trying to activate on a clean install which is why they have all those stickers 😮. Oh, I'll add my ship date was Dec 20th and by Jan 5th my "P2" machine was clean, but had Chrome. They keep improving... or devolving :(
Bought my am06 pro in November and just scanned it and it was infected! Thanks for finding out about this!
@thenetguy did the P2 Chrome installation have any extensions that changed the search engine? That was one of the things they had done.
@@GregM no, it was vanilla. I think they learned that lesson.
Thanks for drawing attention to this issue! I've always been curious how these Chinese mini PC makers get these great deals on Windows 11 Pro. In some cases the PCs don't cost much more than a license does standalone. I'm not sure what's going on with them - as you saw the earlier PCs I had looked clean, Defender worked, etc.
Maybe they integrated those Microsoft activation scripts into their images. They wouldn't have to pay Microsoft anything if they did it that way.
AceTragic
Great video. I just bought a Beelink mini PC and I ran it through significant scans and continue to. So far so good. I love that little machine.
Appreciate you calling attention to this issue.
who hasnt?
I work in IT and we apply a custom image for every device that we deploy out. It includes specific software already in the image. You can customize the settings to not even show the OOBE after sysprepping the image and even disable Windows Defender when the computer starts up, blocking Microsoft accounts and even creating backdoor accounts.
Even though we only buy from the large OEMs, we still want to make sure that there's no junkware or other malicious products running and that's why we apply the image. It also allows us to keep 1 image up to date and when we deploy it across new devices, it's already mostly updated, whereas some vendors images can be very out of date.
I mentioned below but your system most likely is registered with an enterprise cd key that's meant for clients in a large business. The one's that companies buy in bulk and use to install on all their office pc's. So your cd key is for a client and not the admin. This is my guess but considering that you can buy these cd keys for cheap online through the "black market" I'd say it might be it.
Likely where the keys NorthridgeFix started advertising come from too?
Its getting to the point, when you buy a any PC we should do a clean install.
That's what I always did.
Doing that for decades. Heck early 2000's especially. All brand computers have s tons of useless garbage in them. Simplest to just reinstall os.
Thanks Lon for following up on this, and doing a video on this important subject. #respect
12:35 - To be fair, plenty of nerds feel that being forced to use a Microsoft account is equally concerning and appreciate the instructions on how to bypass it and set up a local account instead.
you can also just type in like test at example or something like that.
@CantankerousDave Just google "bypass Microsoft account setup". During windows installation, when asked to enter you Microsoft account, look for "skip this step" or "use local account" or similar. The installation will ask you a couple of times to setup a Microsoft account, but will eventually allow you to skip that.
It is also recommended to run malwarebytes when scanning those systems, while its full scan is slow, it works quite well.
If you write zeroes to the drive then reinstall that's even better. I don't save factory installs.
Lon, Excellent find of Malware on various units ! Good morning !
Thanks for addressing this. There’s a lot of reviewers of these mini pc’s and I’ve only seen 2 others bring this up.
The thing is the malware was hidden on the recovery partition which is at the end of the hard drive and which normally is not assigned a drive letter. The same goes for the EFI partition at the beginning of the drive. You would have to use Disk Management to assign drive letters to these partitions. Pull that NvME drive out put it in a NvME drive carrier and scan it outside of the computer in another computer.
I would nuke these from orbit and do a clean install on these mini pcs. This would show whether they are using a kludged version of Windows11.
Nukem from orbit. Absolutely!
@@cjc363636 Who wants to go to orbit to do that? I like my comfy chair.
I bought used business laptop from reputable company. Still first thing I did was looked that system seemed to be working fully hardware wise. After that confirmation, boot into Linux live and new mbr and deletion of all partitions and OS reinstall from my own media.
Yeah, when it's that sketch and you're already suspicious that malware is present, definitely scan it on another system entirely. Forensics 101.
@@cjc363636 It's the only way to be sure.
Thanks Lon. I know we can all count on you to stay on this! This situation does not bode well for any of the off brand computers.
Outside of something hiding in the BIOS or something, shouldn't securely erasing the SSD (or replacing it) and then installing your own copy of Windows, solve any potential problem such as this? Since the Windows license/computer is activated, you shouldn't have a problem doing a fresh installation and having it authenticating just fine...right?
Cool video, thanks for sharing and good luck.
Safe activation is an option (the MDL and other forums explain how and why) so you can run whatever you like and activate it.
No need for secure erase, just install another OS (be it Windows or anything else) is enough.
@@Gramini What? no. Why risk it?
@@TrusteftTech Because there literally is no risk. Installing a fresh OS overwrites the partition, so the files are no longer there. Worst case would be that the bytes of the compromised files are still there somewhere, but unused and inaccessible from the file system.
@@Gramini It's silly not to do it.
Thanks!
Thanks for your support! Sorry for the late reply :)
it doesn't matter if you had to go through the OOBE, microsoft included a method to bypass the OOBE for OEMs to preinstall junkware and then reboot back into the OOBE.
From my many years of IT experience. One of the first rules when receiving desktop/laptop computer hardware from less known computer manufactures, containing pre-installed version of Windows; format the drive and re-install your operating system (Windows/Linux).
Great followup. Curious to see where this goes. I recently got one of these mini PC's from a different, but similar, manufacturer and I have always been concerned about malware or spyware. I mainly use it offline and never use any personal passwords.
Do a clean install of Windows using the installer from Microsoft and see if it still activates and has Defender working.
And this is why I don't trust Mini-PCs in terms of lesser known manufacturers
Every time I purchase one of these mini pc's I wipe it, install a fresh copy of Windows and then spend the better part of a week trying to find all the drivers for the weird arse hardware they used, better to buy a used Dell Micro, at least the drivers are easier to find....
In device manager, the device ID of whatever item needs a driver, will help you find it's driver...
Oh I know buddy, but in the case of these mini PC's it can still be a crap fight to obtain operational drivers, one finds themselves downloading 5yr old driver packs from random places like Lenovo, Dell and HP to get things working, I've been messing with computers for over 40yrs, so I've been around this scenario many times.@@WareWolf801
with dell and thier service tag thingy they make it very easy to get exact drivers too @@WareWolf801
I recently bought a laptop from Chuwi. When Windows didn't ask me for my Microsoft account, I wiped the drive and did a fresh install of Windows.
Hmmmmmmm....Chuwi? The name itself is suspicious. Maybe it'll chew up your IT security. It's good that you wiped and clean installed, but like Lon said, you don't know what in the BIOS or UEFI, or even some of the chipsets.
Hello, I recently bought a mini pc and am seeing the same thing. I am wondering how to do the drive wipe and clean install like you did, can you help me?
Might want to do a scan with Malware Bytes. It has always found stuff missed by most Anti Virus software.
My Acemagic from Amazon had Defender, passed initial Scans, seemed fine but some weeks after all of a sudden Edge started spinning then Redline Virus alert popped up....Even though Remote Desktop was Off, I wonder if there is a Backdoor that loads the Virus afterwards or Virus remains dormant for a Time ?
yes that is exactly what they do
Couple ideas top check for deeper problems in these machine. Print out a copy of the devices that need device drivers, then install a plain copy of Windows onto the device. The hook up a pc between the minipc and the internet that logs all internet interactions. time ip address.port number, and that data going thru the internet and look for anything unusual. This also could be done by loading linux onto the pc and lloking for unusual inr=ternet transactions in the same way. This will probably detect problems in the bios and other hardware with software in them.
The problem I see is, are people really going to want to buy a computer that they can not trust and need to run a virus scan on before they can use it?
Saving a few bucks is not worth the hassle to me
The problem is Rootkits kick in before windows and before your antivirus so you should be doing scans from bootable USB devices that also scan the EFI and Recovery Partitions.
No defender. To me, that means only one thing, time for a fresh OS install. I would not trust that thing at all.
And I've had problems with their Enterprise keys not letting you use non-Work Microsoft accounts to install. Quite the pickle.
Sounds fishy.
Lon, great video. I think they need to switch vendors or do the imaging in house. Something stinks here because even though there is the occasional dud, no one is complaining about the quality of the box.itself. I really like this mini PC trend and would hate to see bad actors spoil that trend- these machines are easy on the wallet and easy on the electric bill. I'm awaiting the follow up.
My thoughts exactly.. This is really about a quality control issue and setting some standards about what these machines should look like when they leave the factory.
I wonder what would happen if a fresh Windows from a USB drive was installed from the media creation tool? Or a Linux distribution?
I like the mini PCs for small tasks and will keep in mind to trash the hard drives or wipe them clean.
I recently purchased an ex-gov lease HP mini G3 PC for my father and it came with Windows 11 Pro pre-installed and setup with a user account (User?) which I didn't like because it was already active and setup by someone else. I immediately formatted it and downgraded to a volume licensed version of Win 10 Pro. No issues to worry about now.
I received my AD08 mini pc last October, and I'm glad I received it "clean"! I think it may just be a problem with one batch.
Thanks for the video. My question is that if I initialize Windows and allow internet access, haven't I already opened the barn door for problems for malware etc already on the machine. Shouldn;t there be a process that I DON'T allow internet access and run tests. Hitman won;t work if I do that, by the way
They sent me a mini PC as well, the one with the thermals on the front & I ran a malware scan.... mine also had malware
Windows has a superuser admin account you can activate so you might be able to reenable Windows Defender. The superuser account allows much more access to Windows than the "normal" admin account. There are instruction on how to do this online. That might illuminate some issues.
Regular Admin should be enough to change group policies.
Britec09 did 2 videos in the past week about this issue.
unfortunately purchased one of the Redline infected AD08 mini pc in January from Amazon, I replaced the SSD and installed a Retail copy of WIN11Pro. But now I'm concerned if there may be a Logo Virus on its AMI motherboard, has anybody checked for this ?
Lon. Could you try to recover the machine and see if Defender is still missing? If it is, then someone has fiddled around a lot with the OS level files.
most malware scanners only scan your main partition, the guy who scanned it did a full scan on the recovery partition and that's where he found it.
I reviewed a AceMagic mini pc almost a year ago and it didn’t have Chrome or anything weird on it thankfully. That said, this is all very disturbing and reminds all reviewers to make sure they double and triple check this stuff. Really bad stuff. 😢
Even more reason to make sure any mini PC you buy is Linux compatible and always do a clean installation of your favorite distro🐧
AceMagic is cooked. Why would anyone bother with them after watching your very informative and thorough video. Keep up the good work.
Reminds me of when Lenovo got caught with the spyware they were installing on the PCs they sold.
If I were to buy one of these computers I would immediately install a version of Linux on the hard drive and blow out windows would that alleviate the spyware or is it in the bios
Hi lon,
Can you check if gmktec mini pc's are affected with any malware?
Serious question, just one of their units from Amazon and i signed into my google account after initial setup. I noticed chrome looked odd so i had google kick the login out through my 2 part verification on my phone. Am i screwed as far as the password stealing etc....? Im not tech savvy so im in the dark as to how a lot of this works.....
Security is something that many people don't take seriously.
Windows Defender being disabled is a MAJOR red flag. There could be malware on _any_ level of that machine; even down to the chip level. The only way to be sure is to run Wireshark (et al) & trace the IPs for a period of time to vet the machine, & even that might not be conclusive. I'd be nervous about even putting that on my network.
- ex game programmer
Best to buy barebones and install your own HDD and Ram. Only way to ensure you have a clean installation.
Depends on the price since wiping is trivial before doing your own install. I keep a Ventoy live USB with a variety of live toolkits. All free so why not?
Or simply install the OS on your own. Using you own part is likely cheaper, but not necessary to do a clean installation.
some malware resides in UEFI/BIOS as well so you gotta watch out for that as well @@Gramini
how they managed to disable defender via group policy? i tried modifying gpedit, it always fails...
I want to get a new PC but this is happening all over the place. Even if you do a factory reset it doesn't help because it's in the chips. Scary stuff coming straight from a corporation.
I see that I can get an Acemagician A06 Pro for just over $200.00 right now. I have no intention of ever running Windows 11 on it, but am wondering if it can run Linux Mint Cinnamon without issue. Any feedback from others that have done this would be welcome. Processor would be AMD Rizen 7.
Maybe a windows clean install will solve the "defender" problem ?!
I'm looking to purchase a Mini Pc and from what I can tell, all the Chinese branded mini pc's are suspicious with some brands a complete no go. Are there any that I can even consider? Beelink and Trigkey from what I've researched seem the least likley to have malware/virus/spyware infections. Does anyone know a reliable, safe brand to consider? The machine isn't for me so I won't be able to run malwarebyte scans etc.
If it's Chinese or Russian or from India, you want to wipe the hard drive immediately.
Now, we have found that many Chinese computers, smart plugs and Cameras have malwares inside their firmware.. Not your average joe can inspect a firmware and be knowledgeable enough to detect these malwares. A good percentage of them are found on Amazon as top sellers. Also a lot of these high 4k security cameras are used in sensitive areas and that's exactly what the Chinese dictator wants.
I highly recommend you avoid all Chinese stuff, your smart plugs is sending data at 3am 😅. Seriously avoid everything Chinese for safety reasons!
Not just computers, also batteries we found to have infected BMS.
What use of these computers would be so important that it exceeds the level of risk. I can't conceive any scenario.
Does anyone know if the ‘FIREBAT T8 Pro Plus Mini PC Intel Celeron N5095 N100’ from AliExpress are safe?
It's a shame this is happening - part of me feels sorry for the company but they dropped the ball on their due diligence. It's also exposed several other TH-camrs' cosiness with manufacturers, but I'm glad to see that you've given the issue a good look - that's the responsible approach that others have missed.
Ace (insert name here) are probably a tiny brand, reliant on OEMs to do their manufacturing and I'm prepared to believe that they've been screwed by their hired help, but have had these devices manufactured by the container load and shipped to Amazon fulfilment centres for distribution to the general public. I shudder to think how much damage that scale of malware infection could cause
This is why I always boot to a USB having used the Windows Media creation tool to wipe the image the laptop comes with
Thanks for sharing.
Thanks for walking through this. Hard to trust such things even if completely wiped. I just spoke with an IT and systems engineer who recently returned Hong Hong, and he said they that malware and spyware was found embedded in major brand SSDs at the firmware level that was tied to CCP state actors. Even if you replace the SSD, can you trust the bios on such computers?
AceMalware
These cheap manufacturers using enterprise volume licenses for Windows is concerning. I upgraded a Windows 10 machine from HDD to SSD for a family member with a clean Windows install and I couldn't re-activate Windows. I suspected ahead of time that I might run into that problem because the laptop was purchased from some computer shop in a shopping center long time ago but it had been working ok all along until the reinstall. The only reason for the reinstall was that it had slowed down to a practically unusable crawl + the HDD. So I had to use a legitimate Windows license from an old retired machine that I had laying around.
I bought a couple mini PC''s in the past. Always felt the Windows licensing was a little sketchy. I always wiped drives and installed a fresh Windows from Microsoft's creator tool. The fact the Ace Magician model limits accounts to a local one and Defender is disabled is very concerning.
Is it (Windows) activated? Is the product key linked to your MS account or is it stuck somewhere in the BIOS?
OK @9:22
ALWAYS reinstall your own OS on hardware when you purchase it. Use an installer you obtained from the OS vendor directly, not the hardware vendor. It might be a little more work to track down drivers, but you're probably a tinkerer if you buy these kinds of systems anyway, right? :)
Ventoy usb - fresh w10pro install
😊🙌🏽
I would start by replacing SSD and reinstalling Win 11 Pro. Then see if Windows Defender is able to run. If not STOP and try to get a BIOS image.
In my opinion, in light of these recent developments, I say these mini pcs are only a viability option if you plan to run linux on them. The possibility that they may be infected means to be safe a clean OS install should be performed. You could install windows and spend time hunting for drivers, or you could install Linux.
And what mini pc you buy? Its easy to clean install linux mint?
agree with psychoacer below that this is most likely a Windows Enterprise Key. might be able to confirm that with some digging. Also, the malware was apparently embedded into the recovery partition or recovery image that came with the pre-load image. ie, you must nuke the whole OS, wipe and reformat and reinstall from a fresh clean drive. we are assuming at this point the bios is legit. still not a great situation. ymmv.
I usually use these mini PCs as my firewall. This could be scary if the malware was in the BIOS.
better to get an SFF optiplex or an NUC much cheaper and less malware on them... lenovo was good but they have malware in the bios so you gotta install coreboot or libre boot
whats the pc in the thumbnail? a rendering or an actual product?? thanks.
Rendering
I almost bought a Kamuri, but went with the Beelink EQ12, got it's Win 11 Pro on my M$ account, removed that NVMe and put another one in and installed LMDE 6, I don't care for Windows.
Seems quite suspect! Blocking Windows Defender says to me it's been messed with intentionally. I wouldn't want anything to do with that pc. Thanks for the video.
genius can you review ACEMAGIC again for other newer models from his family? Like the ACEMAGIC M2A.I've heard they've solved that problem.🤔🤨
i miss a lot of thing in your check see hiden files, check program list in control panel an wipe out the original drive
If you reinstall windows immediately does this resolve the issue?
No
That offline profile, isn't that a red flag for a cracked Windows installation? 😳
I don't think anyone cracks Windows anymore. They just use a 3rd party authenticator. So that wouldn't cause this issue. Most likely the key was for some form of enterprise Windows install. Probably a bulk IT cd key that treats everyone but the admin as a client/not admin. So it's restricting things that usually are maintained by the corporate admn.
You have a gray market computer as well with respect to Windows. Using the enterprise license I am sure if way outside the T&C, and that is why they want to make sure there is no network connection or it would have failed if you tried to create a MS account. 🤷♂🤦♂
Son on your upfront disclosure: did you say that all the units to be assessed were provided by ACE Magician? Pardon me but whether any money was exchanged, where is the integrity of the units provided? I would dare say those units should be treated as suspect rendering any assess for “spyware” null and void.
If I remember correctly these were shipped to me from them but through their stock in Amazon - the same stock customers would receive them from.
If i got one i would put my own copy of Windows on. i do that anyways with any pre loaded OS even with major brand names. This to me would be a tinker toy and no personal info would be on it.
They're still active on Amazon and they are very busy deleting comments mentioning the malware. This absolutely looks like it's being done on purpose.
PSA: don't plug any suspicious device into a home LAN :)
dang bro, I'm pretty sure you are in the dry cold north east, but get some gold bond on that skin... or get a humidifier...
I bought one and it was registered to Hu Flung Poo.
The ONLY recommendation you should be giving if people choose to still purchase these products is to wipe the entire drive and start from scratch.
I've always built my own PCs and will continue to do so. I like the Mini PC form factor but the level of control I get from a self built machine is worth a lot more to me.
You can get the best of both. Look into cases by Silverstone. They even have some that can fit a full size ATX board too. They're really good for under the TV.
Metal Jesus sent me here and said windows defender is all you need to be protected.
I guess this is the "magic" being performed by AceMagic... As per doing low level things like pulling BIOS files, Wendell from Level1Techs is one of the guys you can go to.
Do a Malwarebytes scan.
I play the The magician of spyware card ,
Sorry i had to lol love the work you did !
Who gets these mini PCs and doesn't immediately install a fresh install of Linux or Windows, or any other OS? Don't use the software ANY computer vender installs. Even if you get a Dell or Lenovo wipe it and start from new.
You are right about Lenovo. My Ideapad 3 came with a nasty little trojan. Had to do a fresh install of Win 11 for that to go away it was that tenacious.
no defender no way for me
Your not a low level to me .Your videos are always great.
Just reformat it to a clean windows or Linux if the price is very compiling.
Keep up the great work
Damn it. I have the am06 pro and sure enough it had the trojan.... 😡 thanks for letting us know Lon! Time to change my passwords and nuke this os install
I dodged the virus/malware/trojan with my AM06 Pro 5700u model. Even so I did a clean install of the OS following Carey Holtzman's method and so far it's running like a champ. Here's a link to his method, it really worked well for me. th-cam.com/video/Qp2huqOVDkE/w-d-xo.html
Sophos scan and clean is the 100% free version of hitman pro