Can a malware power on a computer?












25















I've just downloaded and executed a malware on my computer.



I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.



Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?










share|improve this question























  • Power off or sleep?

    – schroeder
    11 hours ago






  • 1





    I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.

    – schroeder
    11 hours ago













  • @schroeder: I turned it off via the Start menu.

    – Benoit Esnard
    10 hours ago






  • 2





    Then there is no power available to the malware to run

    – schroeder
    10 hours ago






  • 4





    (putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?

    – AndrolGenhald
    10 hours ago


















25















I've just downloaded and executed a malware on my computer.



I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.



Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?










share|improve this question























  • Power off or sleep?

    – schroeder
    11 hours ago






  • 1





    I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.

    – schroeder
    11 hours ago













  • @schroeder: I turned it off via the Start menu.

    – Benoit Esnard
    10 hours ago






  • 2





    Then there is no power available to the malware to run

    – schroeder
    10 hours ago






  • 4





    (putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?

    – AndrolGenhald
    10 hours ago
















25












25








25


1






I've just downloaded and executed a malware on my computer.



I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.



Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?










share|improve this question














I've just downloaded and executed a malware on my computer.



I don't have much time right now, so I just powered it off, hoping that it won't be able to steal any data or do malware stuff until I can nuke it from orbit.



Is it enough to prevent the malware to continue doing its bad stuff? Can the malware power on my computer? Should I also unplug it and remove its battery?







malware






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 11 hours ago









Benoit EsnardBenoit Esnard

7,10333850




7,10333850













  • Power off or sleep?

    – schroeder
    11 hours ago






  • 1





    I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.

    – schroeder
    11 hours ago













  • @schroeder: I turned it off via the Start menu.

    – Benoit Esnard
    10 hours ago






  • 2





    Then there is no power available to the malware to run

    – schroeder
    10 hours ago






  • 4





    (putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?

    – AndrolGenhald
    10 hours ago





















  • Power off or sleep?

    – schroeder
    11 hours ago






  • 1





    I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.

    – schroeder
    11 hours ago













  • @schroeder: I turned it off via the Start menu.

    – Benoit Esnard
    10 hours ago






  • 2





    Then there is no power available to the malware to run

    – schroeder
    10 hours ago






  • 4





    (putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?

    – AndrolGenhald
    10 hours ago



















Power off or sleep?

– schroeder
11 hours ago





Power off or sleep?

– schroeder
11 hours ago




1




1





I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.

– schroeder
11 hours ago







I'm confused, if you are planning to nuke it from orbit, what does it matter if it does what it does? The more important bit is to cut off the network.

– schroeder
11 hours ago















@schroeder: I turned it off via the Start menu.

– Benoit Esnard
10 hours ago





@schroeder: I turned it off via the Start menu.

– Benoit Esnard
10 hours ago




2




2





Then there is no power available to the malware to run

– schroeder
10 hours ago





Then there is no power available to the malware to run

– schroeder
10 hours ago




4




4





(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?

– AndrolGenhald
10 hours ago







(putting on tinfoil hat and noting that I'm not an expert in this area) Is it possible that malware could alter to bios to have it wake at a certain time?

– AndrolGenhald
10 hours ago












4 Answers
4






active

oldest

votes


















29














TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.



Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.



As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.



Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.



Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.



But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.






share|improve this answer


























  • You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.

    – bta
    4 hours ago











  • @bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.

    – user71659
    3 hours ago



















8














It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.



Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.



To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.



There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.



See Forests excellent answer on how this can happen.



https://security.stackexchange.com/a/180107/121894



Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.






share|improve this answer































    4














    As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).



    What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.



    The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).



    If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.



    As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).






    share|improve this answer


























    • the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.

      – dandavis
      7 hours ago








    • 2





      I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...

      – Monty Harder
      7 hours ago











    • @MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.

      – MSalters
      7 hours ago






    • 1





      Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state

      – Matija Nalis
      6 hours ago



















    1














    The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
    A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
    The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
    In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
    The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.






    share|improve this answer








    New contributor




    LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.




















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "162"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203436%2fcan-a-malware-power-on-a-computer%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      29














      TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.



      Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.



      As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.



      Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.



      Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.



      But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.






      share|improve this answer


























      • You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.

        – bta
        4 hours ago











      • @bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.

        – user71659
        3 hours ago
















      29














      TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.



      Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.



      As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.



      Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.



      Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.



      But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.






      share|improve this answer


























      • You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.

        – bta
        4 hours ago











      • @bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.

        – user71659
        3 hours ago














      29












      29








      29







      TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.



      Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.



      As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.



      Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.



      Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.



      But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.






      share|improve this answer















      TL;DR Yes, but it's unlikely. Just to be sure, either unplug the PC or ensure it can't connect to anything.



      Several operating systems - notably Windows 10 - have the possibility of setting "automatic wakeup", using appropriate drivers and related, complicated hardware management.



      As a result, IF (and that's a big if!) a malware program has gained sufficient access to have the operating system do its bidding, it has a way to simply ask the system itself to do this on its behalf.



      Then, the system will automatically power up after some time, for example at a time when you're likely to be asleep.



      Of course, this requires that the malware has already taken control of the system and has replaced the shutdown procedure with a mere going into sleep.



      But did it happen? Probably not. Most malware rely on being run unwittingly and being able to operate without being detected for some time. The "power off simulation" is only useful in very specific scenarios and I don't think it would be worthwhile for a malware writer to worry themselves with them.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 10 hours ago









      schroeder

      75.1k29165200




      75.1k29165200










      answered 10 hours ago









      LSerniLSerni

      17.3k23848




      17.3k23848













      • You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.

        – bta
        4 hours ago











      • @bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.

        – user71659
        3 hours ago



















      • You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.

        – bta
        4 hours ago











      • @bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.

        – user71659
        3 hours ago

















      You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.

      – bta
      4 hours ago





      You'd have a similar problem if the virus infected your BMC (it could use IPMI to power on the system). That's not much of a risk for consumer-class machines, though. BMC hardware is typically only seen on servers.

      – bta
      4 hours ago













      @bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.

      – user71659
      3 hours ago





      @bta Intel ME and AMD PSP on desktop systems serve essentially the same functions as an advanced BMC.

      – user71659
      3 hours ago













      8














      It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.



      Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.



      To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.



      There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.



      See Forests excellent answer on how this can happen.



      https://security.stackexchange.com/a/180107/121894



      Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.






      share|improve this answer




























        8














        It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.



        Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.



        To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.



        There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.



        See Forests excellent answer on how this can happen.



        https://security.stackexchange.com/a/180107/121894



        Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.






        share|improve this answer


























          8












          8








          8







          It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.



          Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.



          To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.



          There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.



          See Forests excellent answer on how this can happen.



          https://security.stackexchange.com/a/180107/121894



          Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.






          share|improve this answer













          It can be done, but for most intents and puposes you can safely assume malware cannot directly power on the computer.



          Something that is somewhat realistic is the malware also gaining persistence on another device. Say your router has default credentials or a vulnerability, the malware could have spread. Someone could then power on your machine if it had wake-on-lan enabled.



          To elaborate, most malware will run in ring 3, and if you're really unlucky in ring 0 as a kernel module or system driver. These are both not running when the system is turned off, and therefore fundamentally cannot exercise control over the machine.



          There are however execution modes below ring 0 such as SMM and other firmware, which does power management. However malware abusing this is extremely rare, the only example in the wild I could name is the NSA codename DEITYBOUNCE class malware and the LoJax likely spread by Fancy Bear.



          See Forests excellent answer on how this can happen.



          https://security.stackexchange.com/a/180107/121894



          Do you have info on the malware such as a hash or family name? That would allow for a more detailed answer.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 10 hours ago









          J.A.K.J.A.K.

          4,368825




          4,368825























              4














              As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).



              What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.



              The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).



              If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.



              As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).






              share|improve this answer


























              • the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.

                – dandavis
                7 hours ago








              • 2





                I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...

                – Monty Harder
                7 hours ago











              • @MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.

                – MSalters
                7 hours ago






              • 1





                Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state

                – Matija Nalis
                6 hours ago
















              4














              As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).



              What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.



              The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).



              If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.



              As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).






              share|improve this answer


























              • the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.

                – dandavis
                7 hours ago








              • 2





                I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...

                – Monty Harder
                7 hours ago











              • @MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.

                – MSalters
                7 hours ago






              • 1





                Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state

                – Matija Nalis
                6 hours ago














              4












              4








              4







              As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).



              What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.



              The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).



              If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.



              As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).






              share|improve this answer















              As others have mentioned, it is quite possible on most PC hardware, although currently not very likely (as vast majority of malware does not bother).



              What others have said is not possible is however wrong. Software actually CAN wake up a computer that has been regularly powered off either via "shutdown" or "poweroff" commands (GNU/Linux) or clicking on "start" button and then "Shutdown" (MS Windows), or via manual press of power button.



              The feature is called RTC wakeup, and it allows software to schedule wakeup at specific time of day. It is controlled by Real time clock chip (chip which keeps track of time while your computer is powered off, and runs off its own CR2032 battery).



              If you run GNU/Linux system, the control of that functionality is provided by rtcwake(8) system command.



              As a related feature, many computers also have a feature called Wake on LAN, which allows other computers and routers to power on your computer over wired ethernet network (note that this functionality has to be enabled on your computer, and whether it defaults to on depends on your BIOS).







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited 7 hours ago









              Monty Harder

              48436




              48436










              answered 8 hours ago









              Matija NalisMatija Nalis

              895613




              895613













              • the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.

                – dandavis
                7 hours ago








              • 2





                I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...

                – Monty Harder
                7 hours ago











              • @MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.

                – MSalters
                7 hours ago






              • 1





                Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state

                – Matija Nalis
                6 hours ago



















              • the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.

                – dandavis
                7 hours ago








              • 2





                I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...

                – Monty Harder
                7 hours ago











              • @MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.

                – MSalters
                7 hours ago






              • 1





                Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state

                – Matija Nalis
                6 hours ago

















              the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.

              – dandavis
              7 hours ago







              the mobo doesn't watch the power switch, the PSU does. the mobo simply connects the small button pin header to the 24-pin atx connector.

              – dandavis
              7 hours ago






              2




              2





              I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...

              – Monty Harder
              7 hours ago





              I tell people that, like Westley in The Princess Bride, a computer that is "shut down" isn't completely off. It's just mostly off. A small part of the motherboard is monitoring the "power switch" on the front of the case [routed through the power supply per @Matija Nails] , the keyboard output for a "power on" signal, and may also be watching for a distinctive packet to hit the NIC...

              – Monty Harder
              7 hours ago













              @MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.

              – MSalters
              7 hours ago





              @MontyHarder: Those are different parts, really, and the power switch logic is likely all in hardware. The WOL part is likely implemented in firmware, so that is software.

              – MSalters
              7 hours ago




              1




              1





              Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state

              – Matija Nalis
              6 hours ago





              Also note, since the advent of ATX power supplies in cca 1995., most of the PC computers no longer have physical off switch (you can pull the cable out, or rarely by mechanical switch at the back of ATX PSU near the AC cable). So if your computer can be "turned off" via software (by clicking on shutdown button), it can almost always also be turned on by software. So actually modern computers are never off, and what we call "off" is actually ACPI G2/S5 "soft-off" state

              – Matija Nalis
              6 hours ago











              1














              The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
              A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
              The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
              In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
              The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.






              share|improve this answer








              New contributor




              LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.

























                1














                The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
                A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
                The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
                In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
                The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.






                share|improve this answer








                New contributor




                LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.























                  1












                  1








                  1







                  The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
                  A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
                  The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
                  In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
                  The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.






                  share|improve this answer








                  New contributor




                  LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.










                  The WOL packet has a particular structure; Is not said it could be sent on internet or routed on intranet to reach the target.
                  A computer is powered off when the alimentation cable is disconnected or is connected but switched off.
                  The RTC wakeup is nice, but i suppose it could be used only on sleep mode.
                  In my personal opinion some SMM firmware features, if not properly configurated and some of them disabled as default, could be potentially dangerous for remote management.
                  The best choice is unplug internet cable or disable wireless card until you're not sure to have sanitized your pc by the virus infection.







                  share|improve this answer








                  New contributor




                  LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  share|improve this answer



                  share|improve this answer






                  New contributor




                  LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.









                  answered 6 hours ago









                  LoryOneLoryOne

                  11




                  11




                  New contributor




                  LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.





                  New contributor





                  LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






                  LoryOne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                  Check out our Code of Conduct.






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203436%2fcan-a-malware-power-on-a-computer%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                      Alcedinidae

                      Origin of the phrase “under your belt”?