Can a malware power on a computer?
I've just downloaded and executed a malware on my computer.
I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.
Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?
malware
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
|
show 2 more comments
I've just downloaded and executed a malware on my computer.
I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.
Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?
malware
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
Power off or sleep?
– schroeder♦
11 hours ago
1
I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.
– schroeder♦
11 hours ago
@schroeder: I turned it off via the Start menu.
– Benoit Esnard
10 hours ago
2
Then there is no power available to the malware to run
– schroeder♦
10 hours ago
4
(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?
– AndrolGenhald
10 hours ago
|
show 2 more comments
I've just downloaded and executed a malware on my computer.
I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.
Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?
malware
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
I've just downloaded and executed a malware on my computer.
I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.
Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?
malware
malware
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
asked 11 hours ago
Benoit EsnardBenoit Esnard
7,10333850
7,10333850
Power off or sleep?
– schroeder♦
11 hours ago
1
I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.
– schroeder♦
11 hours ago
@schroeder: I turned it off via the Start menu.
– Benoit Esnard
10 hours ago
2
Then there is no power available to the malware to run
– schroeder♦
10 hours ago
4
(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?
– AndrolGenhald
10 hours ago
|
show 2 more comments
Power off or sleep?
– schroeder♦
11 hours ago
1
I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.
– schroeder♦
11 hours ago
@schroeder: I turned it off via the Start menu.
– Benoit Esnard
10 hours ago
2
Then there is no power available to the malware to run
– schroeder♦
10 hours ago
4
(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?
– AndrolGenhald
10 hours ago
Power off or sleep?
– schroeder♦
11 hours ago
Power off or sleep?
– schroeder♦
11 hours ago
1
1
I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.
– schroeder♦
11 hours ago
I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.
– schroeder♦
11 hours ago
@schroeder: I turned it off via the Start menu.
– Benoit Esnard
10 hours ago
@schroeder: I turned it off via the Start menu.
– Benoit Esnard
10 hours ago
2
2
Then there is no power available to the malware to run
– schroeder♦
10 hours ago
Then there is no power available to the malware to run
– schroeder♦
10 hours ago
4
4
(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?
– AndrolGenhald
10 hours ago
(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?
– AndrolGenhald
10 hours ago
|
show 2 more comments
4 Answers
4
active
oldest
votes
TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.
Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.
As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.
Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.
Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.
But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.
edited 10 hours ago
schroeder♦
75.1k29165200
answered 10 hours ago
LSerniLSerni
17.3k23848
You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.
– bta
4 hours ago
@bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.
– user71659
3 hours ago
add a comment |
It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.
Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.
To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.
There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.
See Forests excellent answer on how this can happen.
https://security.stackexchange.com/a/180107/121894
Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.
answered 10 hours ago
J.A.K.J.A.K.
4,368825
add a comment |
As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).
What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.
The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).
If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.
As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).
edited 7 hours ago
Monty Harder
48436
answered 8 hours ago
Matija NalisMatija Nalis
895613
the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.
– dandavis
7 hours ago
2
I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...
– Monty Harder
7 hours ago
@MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.
– MSalters
7 hours ago
1
Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state
– Matija Nalis
6 hours ago
add a comment |
The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.
answered 6 hours ago
LoryOneLoryOne
11
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203436%2fcan-a-malware-power-on-a-computer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.
Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.
As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.
Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.
Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.
But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.
edited 10 hours ago
schroeder♦
75.1k29165200
answered 10 hours ago
LSerniLSerni
17.3k23848
You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.
– bta
4 hours ago
@bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.
– user71659
3 hours ago
add a comment |
TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.
Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.
As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.
Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.
Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.
But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.
edited 10 hours ago
schroeder♦
75.1k29165200
answered 10 hours ago
LSerniLSerni
17.3k23848
You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.
– bta
4 hours ago
@bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.
– user71659
3 hours ago
add a comment |
TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.
Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.
As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.
Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.
Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.
But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.
edited 10 hours ago
schroeder♦
75.1k29165200
answered 10 hours ago
LSerniLSerni
17.3k23848
TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.
Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.
As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.
Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.
Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.
But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.
edited 10 hours ago
schroeder♦
75.1k29165200
answered 10 hours ago
LSerniLSerni
17.3k23848
edited 10 hours ago
schroeder♦
75.1k29165200
edited 10 hours ago
schroeder♦
75.1k29165200
edited 10 hours ago
schroeder♦
75.1k29165200
75.1k29165200
answered 10 hours ago
LSerniLSerni
17.3k23848
answered 10 hours ago
LSerniLSerni
17.3k23848
answered 10 hours ago
LSerniLSerni
17.3k23848
17.3k23848
You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.
– bta
4 hours ago
@bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.
– user71659
3 hours ago
add a comment |
You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.
– bta
4 hours ago
@bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.
– user71659
3 hours ago
You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.
– bta
4 hours ago
You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.
– bta
4 hours ago
@bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.
– user71659
3 hours ago
@bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.
– user71659
3 hours ago
add a comment |
It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.
Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.
To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.
There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.
See Forests excellent answer on how this can happen.
https://security.stackexchange.com/a/180107/121894
Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.
answered 10 hours ago
J.A.K.J.A.K.
4,368825
add a comment |
It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.
Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.
To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.
There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.
See Forests excellent answer on how this can happen.
https://security.stackexchange.com/a/180107/121894
Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.
answered 10 hours ago
J.A.K.J.A.K.
4,368825
add a comment |
It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.
Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.
To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.
There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.
See Forests excellent answer on how this can happen.
https://security.stackexchange.com/a/180107/121894
Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.
answered 10 hours ago
J.A.K.J.A.K.
4,368825
It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.
Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.
To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.
There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.
See Forests excellent answer on how this can happen.
https://security.stackexchange.com/a/180107/121894
Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.
answered 10 hours ago
J.A.K.J.A.K.
4,368825
answered 10 hours ago
J.A.K.J.A.K.
4,368825
answered 10 hours ago
J.A.K.J.A.K.
4,368825
answered 10 hours ago
J.A.K.J.A.K.
4,368825
4,368825
add a comment |
add a comment |
As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).
What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.
The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).
If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.
As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).
edited 7 hours ago
Monty Harder
48436
answered 8 hours ago
Matija NalisMatija Nalis
895613
the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.
– dandavis
7 hours ago
2
I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...
– Monty Harder
7 hours ago
@MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.
– MSalters
7 hours ago
1
Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state
– Matija Nalis
6 hours ago
add a comment |
As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).
What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.
The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).
If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.
As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).
edited 7 hours ago
Monty Harder
48436
answered 8 hours ago
Matija NalisMatija Nalis
895613
the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.
– dandavis
7 hours ago
2
I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...
– Monty Harder
7 hours ago
@MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.
– MSalters
7 hours ago
1
Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state
– Matija Nalis
6 hours ago
add a comment |
As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).
What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.
The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).
If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.
As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).
edited 7 hours ago
Monty Harder
48436
answered 8 hours ago
Matija NalisMatija Nalis
895613
As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).
What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.
The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).
If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.
As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).
edited 7 hours ago
Monty Harder
48436
answered 8 hours ago
Matija NalisMatija Nalis
895613
edited 7 hours ago
Monty Harder
48436
edited 7 hours ago
Monty Harder
48436
edited 7 hours ago
Monty Harder
48436
48436
answered 8 hours ago
Matija NalisMatija Nalis
895613
answered 8 hours ago
Matija NalisMatija Nalis
895613
answered 8 hours ago
Matija NalisMatija Nalis
895613
895613
the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.
– dandavis
7 hours ago
2
I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...
– Monty Harder
7 hours ago
@MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.
– MSalters
7 hours ago
1
Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state
– Matija Nalis
6 hours ago
add a comment |
the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.
– dandavis
7 hours ago
2
I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...
– Monty Harder
7 hours ago
@MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.
– MSalters
7 hours ago
1
Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state
– Matija Nalis
6 hours ago
the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.
– dandavis
7 hours ago
the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.
– dandavis
7 hours ago
2
2
I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...
– Monty Harder
7 hours ago
I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...
– Monty Harder
7 hours ago
@MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.
– MSalters
7 hours ago
@MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.
– MSalters
7 hours ago
1
1
Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state
– Matija Nalis
6 hours ago
Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state
– Matija Nalis
6 hours ago
add a comment |
The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.
answered 6 hours ago
LoryOneLoryOne
11
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.
answered 6 hours ago
LoryOneLoryOne
11
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.
answered 6 hours ago
LoryOneLoryOne
11
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.
answered 6 hours ago
LoryOneLoryOne
11
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 6 hours ago
LoryOneLoryOne
11
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 6 hours ago
LoryOneLoryOne
11
answered 6 hours ago
LoryOneLoryOne
11
11
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203436%2fcan-a-malware-power-on-a-computer%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Power off or sleep?
– schroeder♦
11 hours ago
1
I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.
– schroeder♦
11 hours ago
@schroeder: I turned it off via the Start menu.
– Benoit Esnard
10 hours ago
2
Then there is no power available to the malware to run
– schroeder♦
10 hours ago
4
(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?
– AndrolGenhald
10 hours ago