forum threadSuryasis posted Yesterday 01:11 PM
Item 1 of 4
Item 1 of 4
forum threadSuryasis posted Yesterday 01:11 PM
ACEMAGIC S3A Mini PC Barebone: Ryzen 9 8945HS, 2xDDR5, 2x M.2 2280 SSD, 2.5G Lan, USB4 @ $399 & More
$399
$759
47% offAce Magic
Get Deal at Ace MagicGood Deal
Bad Deal
Save
Share
Leave a Comment
5 Comments
Sign up for a Slickdeals account to remove this ad.
Our community has rated this post as helpful. If you agree, why not thank deal0fZeeDay
This is cross-post across all latest Kamrui threads. Purchased refurb Kamrui A2PLUS off of the recent deal for $100+change from eBay. This is the original SlickDeals' "deal": https://slickdeals.net/f/18567523-refurb-kamrui-mini-pc-intel-n100-16gb-ram-512gb-ssd-win11-home-104-free-shipping.
Machine doesn't boot after Windows reinstall. NVMe disk "disappeared". Reaching out to Kamrui support. They offer instructions on resetting bios and their custiomized Windows PE Recovery ISO to "fix" the EFI table. "It's a common problem", I'm told. Suggest me to download https://drive.google.co
Getting their instructions as PDF - reset the BIOS, save. Simple enough. There are links to PE environment ISO in their PDF.
Getting Cusom PE ISO. After unpacking the ISO, Windows Defender immediately triggers warning:
TROJAN/VIRUS
LEVEL: SEVERE
https://www.microsoft.c
A bit of research shows that it affects MBR and BIOS (besides your file system) and it's close to impossible to remove.
Filed a report against the eBay seller - kamrui_outlet_store. Obviously, my Saturday now turned into a Mupped show. Wiping PC clean before return (I need to not only kill the partitions with my data, but create NEW partition table and do a full format which makes it a brick with all cells filled with zeros). The same with all USB drives that touched the Kamrui PC - DISKPART > CLEAN ALL, new partition table, new partitions.
----
### DO NOT BUY KAMRUI, ACEMAGIC, ACEMAGICIAN, NIPOGI OR CTONE. DO NOT BUY FROM KAMRUI_OUTLET_STORE ON EBAY. YOU'VE BEEN WARNED. ###
----
# REPORT BY ANTHROPIC'S CLAUDE FOR TECHNICALLY INCLINED:
## Deep Research Analysis: Kamrui/AceMagic PE Disk Infected with Trojan:Win32/Tiggre!rfn
While specific Reddit discussions about this exact PE disk infection were limited in search results, community forums like Malwarebytes and security sites reveal concerning patterns:
### Key Community Findings:
Multiple users report that Windows Defender often finds Trojan:Win32/Tiggre!rfn but cannot completely remove it, showing "remediation incomplete" status Virus / Trojan or Windows Defender "False Positive" (Trojan:Win32/Tiggre!rf) - Resolved Malware Removal Logs - Malwarebytes Forums
Both Microsoft Defender and Malwarebytes often struggle with this specific variant - some users report Malwarebytes not detecting threats that Defender finds
The malware commonly hides in $Recycle.bin directories and requires manual removal techniques Win32/Tiggre!rfn partially removed by Windows Security - Virus, Trojan, Spyware, and Malware Removal Help
### The AceMagic/Kamrui Connection:
AceMagic, Kamrui, NiPoGi, and CTONE are all owned by Shenzhen Shanminheng Technology Co., Ltd. (Minipc Union). Multiple reviewers found factory-installed malware including Backdoor:Win32/Bladabindi and Trojan:MSIL/RedLine on these devices Tom's HardwareHotHardware. The specific files found were ENDEV.EXE and ENDIDV.EXE, embedded in the Windows recovery image so they survive system resets
AceMagic Promises It Won't Ship Anymore Mini PCs With Pre-Installed Spyware. Well, but now they will ship you compromised troubleshooting tools instead...
## Trojan:Win32/Tiggre!rfn Technical Analysis:
### What It Does:
High-risk malware designed for cryptocurrency mining, data theft (passwords, banking info, keystrokes), and remote access capabilities Trojan Win32/Tiggre!rfn Virus - Malware removal instructions (updated)
Microsoft describes it as capable of performing "a number of actions of a malicious actor's choice on your device" Trojan:Win32/Tiggre!rfn threat description - Microsoft Security Intelligence. It appears to be changing its signature as it moves from PC to PC.
Multi-component malware that establishes persistence through startup entries and system modifications, uses advanced obfuscation to evade detection.
### Files and Locations Typically Affected:
Based on research findings, the malware commonly affects:
- System recovery partitions and images
- C:\Windows\OsVer\ directory (specifically with ENDEV.exe variants)
- $Recycle.bin directories across drives
- Browser cache folders (Chrome-related infections noted)
- Startup registry entries
- System boot sectors and MBR
### If You've Booted from an Infected PE USB:
Immediate Risks:
Booting from infected PE media can spread malware to the host system, though clean boot environments typically provide protection.
Boot sector viruses can modify the boot process and spread to hard drives when infected media is used
Boot Sector Virus: Complete Guide to Detection and Protection
The malware may attempt to infect system files during the PE session
### Files That May Be Affected:
- Boot-related files: MBR, boot sectors, system recovery partitions
- System directories: Windows folder, System32, recovery environments
- Registry hives: Startup entries, service configurations
- User data: Browser caches, saved credentials, temporary files
- Hidden system areas: $Recycle.bin, System Volume Information
Comprehensive Cleanup Procedure:
Phase 1: Immediate Isolation
Disconnect from internet to prevent data exfiltration
[..] a day of pure enjoyment ahead of me now... Skipping the rest for the sake of my own sanity.
P.s. the situation is unfolding RIGH NOW. My apologies for spelling mistakes and poor grammar. Just wanted to get this out to the community ASAP. Will post updates as they are comin in.
### DO NOT BUY KAMRUI, ACEMAGIC, ACEMAGICIAN, NIPOGI OR CTONE. DO NOT BUY FROM KAMRUI_OUTLET_STORE ON EBAY. YOU'VE BEEN WARNED. ###
As for the accused spam:
My elderly father has a Windows 10 laptop that I prepared for him. I generally don't trust him not to download stupid things, so when Windows lost its shit over this exact listing, I read him the riot act. But I had to apologize, because it wasn't his fault. Do you want to know what the offending item was, which Windows wouldn't tell me about until I clicked through?
A Microsoft Office 2003 cracked iso. An over twenty year old installer. Could it possibly contain any reasonably modern virus, like the one listed by Windows? Of course not.
Microsoft is, at best, negligently configuring Windows in a way that creates false positives. Much more likely they're fraudulently trying to terrorize users into paying for licenses.
I'm not saying all these Chinese mini PC companies are trustworthy. But Microsoft's crooked false positives are not a possible reason why they would not be.
I'm genuinely sorry for the copy and paster's concerns here. It's scary when it looks like you have a virus, and one that you paid for.
As for the accused spam:
This looks really familiar. Here's my funny story.
My elderly father has a Windows 10 laptop that I prepared for him. I generally don't trust him not to download stupid things, so when Windows lost its shit over this exact listing, I read him the riot act. But I had to apologize, because it wasn't his fault. Do you want to know what the offending item was, which Windows wouldn't tell me about until I clicked through?
A Microsoft Office 2003 cracked iso. An over twenty year old installer. Could it possibly contain any reasonably modern virus, like the one listed by Windows? Of course not.
Microsoft is, at best, negligently configuring Windows in a way that creates false positives. Much more likely they're fraudulently trying to terrorize users into paying for licenses.
I'm not saying all these Chinese mini PC companies are trustworthy. But Microsoft's crooked false positives are not a possible reason why they would not be.
I'm genuinely sorry for the copy and paster's concerns here. It's scary when it looks like you have a virus, and one that you paid for.
As for the deal, I'm fairly happy with my slightly less impressive Ryzen 7 8745 equivalent from Minisforum, which I paid also $399 for.
As for the accused spam:
This looks really familiar. Here's my funny story.
My elderly father has a Windows 10 laptop that I prepared for him. I generally don't trust him not to download stupid things, so when Windows lost its shit over this exact listing, I read him the riot act. But I had to apologize, because it wasn't his fault. Do you want to know what the offending item was, which Windows wouldn't tell me about until I clicked through?
A Microsoft Office 2003 cracked iso. An over twenty year old installer. Could it possibly contain any reasonably modern virus, like the one listed by Windows? Of course not.
Microsoft is, at best, negligently configuring Windows in a way that creates false positives. Much more likely they're fraudulently trying to terrorize users into paying for licenses.
I'm not saying all these Chinese mini PC companies are trustworthy. But Microsoft's crooked false positives are not a possible reason why they would not be.
I'm genuinely sorry for the copy and paster's concerns here. It's scary when it looks like you have a virus, and one that you paid for.
Personally I am not willing to roll the dice with my data security. And his evidence is compelling enough to listen to. You do you, but personally I have too much to lose to take such gambles.
I am pretty sure that the poster who posted that huge post, is a probably a duplicate account of the same person. Just do a View Profile and you'll see that he just copy paste that whole thing in every thread.
Leave a Comment