id="info"

General discussion

Locked

Virus on a BIOS, myth or reality????

By sebas8194 ·
Hi everyone, i think that the latest BIOS update that i had to do was because a virus manage to write a copy of itself on the BIOS ROM, i suspect that because i formatted the hard disk and install a clean copy of Windows XP SP3 and the antivirus continued to gave me warnings of a suspicious trojan application called "winamp.exe". And no, it's not the media player since i never install it after the formatting and it was located in the system32 folder (a common place for the viruses), i sweep the entire hard disk and operating memory with several reliable antivirus software and they found and killed the damn virus but it appear again after each reboot!, so i flash the BIOS with the latest update and the virus is gone!!!!!

that's my story, i like to know if any of you guys had a similar situation, and sorry for any grammar mistakes, my english is a little rusty.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Your English is fine, Sebas

by santeewelding In reply to Virus on a BIOS, myth or ...

We have a sometimes resident BIOS watcher who warns us about just such as you report.

He is, BALTHOR.

Perhaps he will chime in, to tell that you have your head up your ***, or that he has his.

Collapse -

A BIOS Virus is possible

by maxwell edison In reply to Virus on a BIOS, myth or ...

Some information on BIOS Viruses:

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html

If a virus is recurring, however, it's more likely to be a one that's written itself into the boot sector of a hard drive; and formatting and reinstalling alone won't necessarily rid the drive of the virus. Deleting and recreating the disk partition might rid the drive of the virus. Running a disk-wipe program is probably the best option.

Winamp.exe is the name of a file used for playing MP3 files, and it may or may not be the virus file. It could be a legitimate file, it could be the name of the virus file, or a virus could write itself into the legitimate file.

But if you flashed your BIOS and solved the problem, then it's a done deal.

Collapse -

BIOS is on EEPROM or Flashrom Settings are Stored on CMOS chip

by maxpowers410 In reply to A BIOS Virus is possible

To be honest. I think its almost ipossible for a virus to get ion your systemboard.But thearetically in IT everything is possible, however, do you think someone would bother going to the trouble of programming a virus for one specific BIOS? Theyre all different!

Collapse -

What you think versus what others know

by JamesRL In reply to BIOS is on EEPROM or Flas ...

It is much less likely now because OS's don't allow user level programs to have direct HW access. But for Windows 2000 and earlier it was a problem. I remember it as an issue in DOS days.

Here is one example:
http://en.wikipedia.org/wiki/CIH

James

Collapse -

It's not common, but it can happen

by maxwell edison In reply to BIOS is on EEPROM or Flas ...

I won't speculate on the why or how.

Collapse -

some additional info....

by sebas8194 In reply to BIOS is on EEPROM or Flas ...

Hi guys, i like to put additional information of the possible BIOS virus infection that i had to clean. first, not only the "winamp.exe" malicious file appeared after the cleaning by the antivirus and the following rebooting, but also the "h.exe" showed as well, and i just remember that i had the same infection on another PC with the SAME MOTHERBOARD!!!! the motherboard in question is the Elitegroup 661FX-M7. Now i am 99% sure that the virus copied on the BIOS cause in the other PC(that i formatted the whole hard drive and reinstalled the OS), i spent all day trying to remove the virus but it was impossible, however i didn't clear or re-flash the BIOS, that's why the damn virus continued to show in the system32 folder. All the things makes sense, or not???

Collapse -

Yes, it is possible.

by seanferd In reply to some additional info....

If you had more info about the files and registry entries involved, or what names the virus scanner gave the infection, you could identify what particular malware was involved, and what its capabilities are. Since you seem to have fixed it by flashing BIOS, it would seem to be resident there.

Just some searches for "H.exe", "Winamp.exe trojan", or whatever. For example, this:
http://www.threatexpert.com/files/winamp.exe.html

Collapse -

BIOS Virus

by mjd420nova In reply to Virus on a BIOS, myth or ...

Yes, it is true. I have had the unfortunate job to get rid of these nasty things and have even tracked the source of one. The event is like catching any virus but this one happens to write itself into the CMOS by "flashing" the BIOS. That's why after cleaning and rebboting, it comes tight back. The BIOS itself is on a ROM chip in the computer and cannot be changed, on boot up, it loads into the FLASH chips and the unit will boot from there as long as the battery remains intact. Often just setting the BIOS to default will clear it, sometimes removing the CMOS battery will get rid of it. In a few cases, going to the mfgrs site and reflashing the BIOS with a newer or updated version will clear things out. I have tracked one in particular to a PORN site that one user liked to frequent. After repeated infections, I informed the user to stay away from there and told him I'd not be responsible for any further infections and a report would be required to his boss for continued ignorance and violation of company directives. I haven't had a reoccurance.

Back to Hardware Forum
8 total posts (Page 1 of 1)  

Hardware Forums