I found another AceMagic PC with a Concerning Security Issue

I'm seeing a lot of comments about how companies will likely make sure the malware is not on review units. In this situation the malware appeared ON reviewer units. Most of the time they ship reviewers out of the same Amazon stock they send to consumers. The initial units I received, the ones that tested clean in this video, arrived before the ones that TheNetGuy got for his channel.
I also totally forgot to mention the giveways :). You can sign up for my store alert email: lon.tv/storealert to get notified of upcoming giveaways and gadget sales. You can also follow my account on WhatNot with my affiliate link: lon.tv/whatnot where you'll get $15 to spend on their platform.

Hey Lon, I’ve been a huge fan of your work and long time sub. Thanks for mentioning my video. Wow - blocking defender now?! That is super sketchy. Thank you for your diligent research. It looks like the virus issues were isolated to c:\Windows\OsVer folder and some EXE files that were >100kb. If they are there and over 100kb that’s the bad files. If around 5-6kb they are just their normal bypass. The fact they can bypass the network setup portion of Windows 11 - a Microsoft requirement for the OS even from OEMs, it tells me they’re probably using Enterprise volume keys vs retail/OEM. I had an issue trying to activate on a clean install which is why they have all those stickers 😮. Oh, I'll add my ship date was Dec 20th and by Jan 5th my "P2" machine was clean, but had Chrome. They keep improving... or devolving :(

AceTragic
Great video. I just bought a Beelink mini PC and I ran it through significant scans and continue to. So far so good. I love that little machine.

Appreciate you calling attention to this issue.

I work in IT and we apply a custom image for every device that we deploy out. It includes specific software already in the image. You can customize the settings to not even show the OOBE after sysprepping the image and even disable Windows Defender when the computer starts up, blocking Microsoft accounts and even creating backdoor accounts.
Even though we only buy from the large OEMs, we still want to make sure that there's no junkware or other malicious products running and that's why we apply the image. It also allows us to keep 1 image up to date and when we deploy it across new devices, it's already mostly updated, whereas some vendors images can be very out of date.

Its getting to the point, when you buy a any PC we should do a clean install.

12:35 - To be fair, plenty of nerds feel that being forced to use a Microsoft account is equally concerning and appreciate the instructions on how to bypass it and set up a local account instead.

I mentioned below but your system most likely is registered with an enterprise cd key that's meant for clients in a large business. The one's that companies buy in bulk and use to install on all their office pc's. So your cd key is for a client and not the admin. This is my guess but considering that you can buy these cd keys for cheap online through the "black market" I'd say it might be it.

Lon, Excellent find of Malware on various units ! Good morning !

Great followup. Curious to see where this goes. I recently got one of these mini PC's from a different, but similar, manufacturer and I have always been concerned about malware or spyware. I mainly use it offline and never use any personal passwords.

Thanks for addressing this. There’s a lot of reviewers of these mini pc’s and I’ve only seen 2 others bring this up.

Thanks Lon for following up on this, and doing a video on this important subject. #respect

And this is why I don't trust Mini-PCs in terms of lesser known manufacturers

It is also recommended to run malwarebytes when scanning those systems, while its full scan is slow, it works quite well.

The thing is the malware was hidden on the recovery partition which is at the end of the hard drive and which normally is not assigned a drive letter. The same goes for the EFI partition at the beginning of the drive. You would have to use Disk Management to assign drive letters to these partitions. Pull that NvME drive out put it in a NvME drive carrier and scan it outside of the computer in another computer.
I would nuke these from orbit and do a clean install on these mini pcs. This would show whether they are using a kludged version of Windows11.

Every time I purchase one of these mini pc's I wipe it, install a fresh copy of Windows and then spend the better part of a week trying to find all the drivers for the weird arse hardware they used, better to buy a used Dell Micro, at least the drivers are easier to find....

The problem I see is, are people really going to want to buy a computer that they can not trust and need to run a virus scan on before they can use it?

My Acemagic from Amazon had Defender, passed initial Scans, seemed fine but some weeks after all of a sudden Edge started spinning then Redline Virus alert popped up....Even though Remote Desktop was Off, I wonder if there is a Backdoor that loads the Virus afterwards or Virus remains dormant for a Time ?

Thanks Lon. I know we can all count on you to stay on this! This situation does not bode well for any of the off brand computers.

I recently bought a laptop from Chuwi. When Windows didn't ask me for my Microsoft account, I wiped the drive and did a fresh install of Windows.

Britec09 did 2 videos in the past week about this issue.

Couple ideas top check for deeper problems in these machine. Print out a copy of the devices that need device drivers, then install a plain copy of Windows onto the device. The hook up a pc between the minipc and the internet that logs all internet interactions. time ip address.port number, and that data going thru the internet and look for anything unusual. This also could be done by loading linux onto the pc and lloking for unusual inr=ternet transactions in the same way. This will probably detect problems in the bios and other hardware with software in them.

Lon, great video. I think they need to switch vendors or do the imaging in house. Something stinks here because even though there is the occasional dud, no one is complaining about the quality of the box.itself. I really like this mini PC trend and would hate to see bad actors spoil that trend- these machines are easy on the wallet and easy on the electric bill. I'm awaiting the follow up.

Thanks for sharing.

it doesn't matter if you had to go through the OOBE, microsoft included a method to bypass the OOBE for OEMs to preinstall junkware and then reboot back into the OOBE.

I received my AD08 mini pc last October, and I'm glad I received it "clean"! I think it may just be a problem with one batch.

I've always built my own PCs and will continue to do so. I like the Mini PC form factor but the level of control I get from a self built machine is worth a lot more to me.

Might want to do a scan with Malware Bytes. It has always found stuff missed by most Anti Virus software.

Do a clean install of Windows using the installer from Microsoft and see if it still activates and has Defender working.

Lon. Could you try to recover the machine and see if Defender is still missing? If it is, then someone has fiddled around a lot with the OS level files.

No defender. To me, that means only one thing, time for a fresh OS install. I would not trust that thing at all.

Outside of something hiding in the BIOS or something, shouldn't securely erasing the SSD (or replacing it) and then installing your own copy of Windows, solve any potential problem such as this? Since the Windows license/computer is activated, you shouldn't have a problem doing a fresh installation and having it authenticating just fine...right?
Cool video, thanks for sharing and good luck.

AceMalware

They sent me a mini PC as well, the one with the thermals on the front & I ran a malware scan.... mine also had malware

Security is something that many people don't take seriously.

Thanks!

Ventoy usb - fresh w10pro install
😊🙌🏽

Windows Defender being disabled is a MAJOR red flag. There could be malware on _any_ level of that machine; even down to the chip level. The only way to be sure is to run Wireshark (et al) & trace the IPs for a period of time to vet the machine, & even that might not be conclusive. I'd be nervous about even putting that on my network.
- ex game programmer

Hi lon,
Can you check if gmktec mini pc's are affected with any malware?

most malware scanners only scan your main partition, the guy who scanned it did a full scan on the recovery partition and that's where he found it.

I recently purchased an ex-gov lease HP mini G3 PC for my father and it came with Windows 11 Pro pre-installed and setup with a user account (User?) which I didn't like because it was already active and setup by someone else. I immediately formatted it and downgraded to a volume licensed version of Win 10 Pro. No issues to worry about now.

Even more reason to make sure any mini PC you buy is Linux compatible and always do a clean installation of your favorite distro🐧

Seems quite suspect! Blocking Windows Defender says to me it's been messed with intentionally. I wouldn't want anything to do with that pc. Thanks for the video.

AceMagic is cooked. Why would anyone bother with them after watching your very informative and thorough video. Keep up the good work.

I want to get a new PC but this is happening all over the place. Even if you do a factory reset it doesn't help because it's in the chips. Scary stuff coming straight from a corporation.

I wonder what would happen if a fresh Windows from a USB drive was installed from the media creation tool? Or a Linux distribution?
I like the mini PCs for small tasks and will keep in mind to trash the hard drives or wipe them clean.

I play the The magician of spyware card ,
Sorry i had to lol love the work you did !

I reviewed a AceMagic mini pc almost a year ago and it didn’t have Chrome or anything weird on it thankfully. That said, this is all very disturbing and reminds all reviewers to make sure they double and triple check this stuff. Really bad stuff. 😢

Maybe a windows clean install will solve the "defender" problem ?!

how they managed to disable defender via group policy? i tried modifying gpedit, it always fails...

Your not a low level to me .Your videos are always great.

Serious question, just one of their units from Amazon and i signed into my google account after initial setup. I noticed chrome looked odd so i had google kick the login out through my 2 part verification on my phone. Am i screwed as far as the password stealing etc....? Im not tech savvy so im in the dark as to how a lot of this works.....

agree with psychoacer below that this is most likely a Windows Enterprise Key. might be able to confirm that with some digging. Also, the malware was apparently embedded into the recovery partition or recovery image that came with the pre-load image. ie, you must nuke the whole OS, wipe and reformat and reinstall from a fresh clean drive. we are assuming at this point the bios is legit. still not a great situation. ymmv.

Reminds me of when Lenovo got caught with the spyware they were installing on the PCs they sold.

Is it (Windows) activated? Is the product key linked to your MS account or is it stuck somewhere in the BIOS?

It's a shame this is happening - part of me feels sorry for the company but they dropped the ball on their due diligence. It's also exposed several other TH-camrs' cosiness with manufacturers, but I'm glad to see that you've given the issue a good look - that's the responsible approach that others have missed.
Ace (insert name here) are probably a tiny brand, reliant on OEMs to do their manufacturing and I'm prepared to believe that they've been screwed by their hired help, but have had these devices manufactured by the container load and shipped to Amazon fulfilment centres for distribution to the general public. I shudder to think how much damage that scale of malware infection could cause

I usually use these mini PCs as my firewall. This could be scary if the malware was in the BIOS.

Windows has a superuser admin account you can activate so you might be able to reenable Windows Defender. The superuser account allows much more access to Windows than the "normal" admin account. There are instruction on how to do this online. That might illuminate some issues.

ALWAYS reinstall your own OS on hardware when you purchase it. Use an installer you obtained from the OS vendor directly, not the hardware vendor. It might be a little more work to track down drivers, but you're probably a tinkerer if you buy these kinds of systems anyway, right? :)

They're still active on Amazon and they are very busy deleting comments mentioning the malware. This absolutely looks like it's being done on purpose.

whats the pc in the thumbnail? a rendering or an actual product?? thanks.

In my opinion, in light of these recent developments, I say these mini pcs are only a viability option if you plan to run linux on them. The possibility that they may be infected means to be safe a clean OS install should be performed. You could install windows and spend time hunting for drivers, or you could install Linux.

Best to buy barebones and install your own HDD and Ram. Only way to ensure you have a clean installation.

What use of these computers would be so important that it exceeds the level of risk. I can't conceive any scenario.

unfortunately purchased one of the Redline infected AD08 mini pc in January from Amazon, I replaced the SSD and installed a Retail copy of WIN11Pro. But now I'm concerned if there may be a Logo Virus on its AMI motherboard, has anybody checked for this ?

These cheap manufacturers using enterprise volume licenses for Windows is concerning. I upgraded a Windows 10 machine from HDD to SSD for a family member with a clean Windows install and I couldn't re-activate Windows. I suspected ahead of time that I might run into that problem because the laptop was purchased from some computer shop in a shopping center long time ago but it had been working ok all along until the reinstall. The only reason for the reinstall was that it had slowed down to a practically unusable crawl + the HDD. So I had to use a legitimate Windows license from an old retired machine that I had laying around.

Thanks for walking through this. Hard to trust such things even if completely wiped. I just spoke with an IT and systems engineer who recently returned Hong Hong, and he said they that malware and spyware was found embedded in major brand SSDs at the firmware level that was tied to CCP state actors. Even if you replace the SSD, can you trust the bios on such computers?

I bought a couple mini PC''s in the past. Always felt the Windows licensing was a little sketchy. I always wiped drives and installed a fresh Windows from Microsoft's creator tool. The fact the Ace Magician model limits accounts to a local one and Defender is disabled is very concerning.

PSA: don't plug any suspicious device into a home LAN :)

I almost bought a Kamuri, but went with the Beelink EQ12, got it's Win 11 Pro on my M$ account, removed that NVMe and put another one in and installed LMDE 6, I don't care for Windows.

Does anyone know if the ‘FIREBAT T8 Pro Plus Mini PC Intel Celeron N5095 N100’ from AliExpress are safe?

If i got one i would put my own copy of Windows on. i do that anyways with any pre loaded OS even with major brand names. This to me would be a tinker toy and no personal info would be on it.

This is why I always boot to a USB having used the Windows Media creation tool to wipe the image the laptop comes with

Metal Jesus sent me here and said windows defender is all you need to be protected.

That offline profile, isn't that a red flag for a cracked Windows installation? 😳

Damn it. I have the am06 pro and sure enough it had the trojan.... 😡 thanks for letting us know Lon! Time to change my passwords and nuke this os install

Do a Malwarebytes scan.

If it's Chinese or Russian or from India, you want to wipe the hard drive immediately.
Now, we have found that many Chinese computers, smart plugs and Cameras have malwares inside their firmware.. Not your average joe can inspect a firmware and be knowledgeable enough to detect these malwares. A good percentage of them are found on Amazon as top sellers. Also a lot of these high 4k security cameras are used in sensitive areas and that's exactly what the Chinese dictator wants.
I highly recommend you avoid all Chinese stuff, your smart plugs is sending data at 3am 😅. Seriously avoid everything Chinese for safety reasons!
Not just computers, also batteries we found to have infected BMS.

better to get an SFF optiplex or an NUC much cheaper and less malware on them... lenovo was good but they have malware in the bios so you gotta install coreboot or libre boot

I bought one and it was registered to Hu Flung Poo.

If you reinstall windows immediately does this resolve the issue?

Sophos scan and clean is the 100% free version of hitman pro

dang bro, I'm pretty sure you are in the dry cold north east, but get some gold bond on that skin... or get a humidifier...

no defender no way for me

I guess this is the "magic" being performed by AceMagic... As per doing low level things like pulling BIOS files, Wendell from Level1Techs is one of the guys you can go to.

I would start by replacing SSD and reinstalling Win 11 Pro. Then see if Windows Defender is able to run. If not STOP and try to get a BIOS image.

❤❤❤

More importantly , what did you have for lunch?

You have a gray market computer as well with respect to Windows. Using the enterprise license I am sure if way outside the T&C, and that is why they want to make sure there is no network connection or it would have failed if you tried to create a MS account. 🤷‍♂🤦‍♂

Keep up the great work

Who gets these mini PCs and doesn't immediately install a fresh install of Linux or Windows, or any other OS? Don't use the software ANY computer vender installs. Even if you get a Dell or Lenovo wipe it and start from new.

Just reformat it to a clean windows or Linux if the price is very compiling.

genius can you review ACEMAGIC again for other newer models from his family? Like the ACEMAGIC M2A.I've heard they've solved that problem.🤔🤨

i miss a lot of thing in your check see hiden files, check program list in control panel an wipe out the original drive

Just an AC Ya know comment. I got one of these Mini different brand Intel N1000 PC. When I first got it I was going to switch out the M.2 512 with a 1T but did not. I started the Win ll pro set up and it wanted me to get on the internet and I did not want to or could I figure out a wa to do that. So I Rufused me a Win 11 home version and set up I tell you how that went. I noticed the drive had a 2 partitions on it. It had a looked like a recovery partition i could not delet and the other I could. The install went okay and I had no drivers which tells me it did not read the recovery part. The system did pick up the activation key from UEFI it seems and did after I took a Wifi USB device on it. and then did do the activation and updated the drivers. I unplugged the USB wifi and it still could get on the internet so it did find the right drivers. Other than that the only real strange thing I seen is the USB DVD drive will not work. Which is a shame. Do to I could have upscaled my movie DVDs to 60hz 4k.

wow are they cool computer to have

Son on your upfront disclosure: did you say that all the units to be assessed were provided by ACE Magician? Pardon me but whether any money was exchanged, where is the integrity of the units provided? I would dare say those units should be treated as suspect rendering any assess for “spyware” null and void.

i think fresh reinstall of windows is required...

Well, definitely stay away from computers with either of these names now.

This has been a concern for me from the start with these mini PCs. They just are too good to be true. There is no way you can get a $200 PC with a full activated copy of Windows Pro and not have something sketchy going on. This just reinforces my concern. Glad i have not bought any of these.