General discussion

Locked

Absolutely flummoxed - BIOS virus?

By bfindlay ·
Wierdest behaviour I have ever heard of. I got infected with a trojan (virusblast) that tried to sell me software to 'clean up spypware and viruses'. (It WAS the viruse).

I flashed my BIOS to an updated version, then installed a new hard drive - formatted it, and installed WIndows. The install took far, far longer than it should - on the order of three hours or so. The computer is slow as molasses now taking 3 to 5 minutes to boot into windows, 30 seconds or so to open a window or any other tasks.

This is on a new, virgin windows install on a brand new formatted HD. Then a window pops ups saying that there are 55 errors in my registry (BRAND NEW SYSTEM!) and directs me to a third party site (registryupdate.com) to install a 'registry cleaner' that I am supposed to pay for.

This is the exact same behaviour as the machine had before I stuck the new HD in, and installed windows - except the scam is now pointing to 'registry update' instead of virus blast. Obviously the data for this did not come from corruption on a hard drive - there was no old hard drive in the system - and I deleted all partitions and re-formatted the hard drive upon installing it. The virus must live in the BIOS - but how can this be!? I am so confused, and at a loss on the correct move to bring my machine back to life.

Any help appreciated.

This conversation is currently closed to new comments.

55 total posts (Page 1 of 6)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

yup, bios virus

by Jaqui In reply to Absolutely flummoxed - BI ...

reset the bios back to factory original off the backup chip.
[ pin change on board, check manual to see steps and pin location ]

remove the partition(s) on the hard drive.
replace partitions
use dban
[ http://dban.sourceforge.net ]

then install new system

total time [ cause of dban ] up to one week, dban is as tight as you want it to be.

Collapse -

agree

by Kiltie In reply to yup, bios virus

Short the mobo battery either by pins or simply removing the battery (to be sure I use a cable to short circuit the connections)

You MUST then restart the computer from a CLEAN floppy/CD (or equivalent) and not merely reformat the HD, preferably FDISK (take the time while doing so to consider partitioning) before formatting the drive.

Ideally - for security - you should WIPE the drive first, but there is anoher consideration.
Make sure that you are reinstalling from an original read only medium (ie no chance it has been compromised)
Keep off any network/internet too

With the basics:
an electical short of CMOS,
a HD "wipe" and reformat
a clean source for reinstall,
no connection to another computer or online

Your computer should be sterile.

Collapse -

Most likely..

by LordNyghthawk In reply to agree

if your machine does this AFTER your network connection is all set up, it's nothing more than an ad using Windows Messenger. You likely do not have any BIOS virii.
Now if it does it, even while disconnected from the net, that's a whole 'nother story. But I personally have never seen one.

Collapse -

This is not a solution for a BIOS virus

by Chim Chim 1959 In reply to agree

Generally good advice; however this is simply a reset of CMOS (Memory that holds information for BIOS) If the virus is in BIOS you will need to "flash" the BIOS somehow to get rid of it. I have never personally seen a BIOS virus, I have seen stuff get in at the MBR/MBT level and do odd things.

Do understand that a format or even an fdisk does not rid your drive of all "stuff" use a wipe program like dban or the likes. Someone creative enough can still hide things by marking up a bunch of bad sectors on the HD and storing information in the "reported" bad sectors.

Collapse -

Yup, they're out there...

by dawgit In reply to Absolutely flummoxed - BI ...

I've run into them too. (though not on my machines, thankfully) There are some programs out there to fix (as in kill) that bad bug(s). The Anti-virus companies will give it to you (free) but you'll have to determine which one it is (must do a virus scan) Try AVG from GriSoft (no plug here, I just use it) When you idenify the right bug you'll need to down load a specific program to a flopy, re-boot with the flopy, it will than scan the BIOS and RAM, it's the only way I've found to kill that one. One other way might be to re-set the BIOS altogether.

Collapse -

Reset BIOS to default

by mjd420nova In reply to Absolutely flummoxed - BI ...

Resetting the BIOS to default should clear this up. Remove the battery for the CMOS and if possible, short the terminals (plus and minus) to be sure the capacitors get fully discharged. Replace the battery with a new one and start all over with a new partition and reformat the drive. This is a particular nasty trojan that has "flashed" the BIOS to install itself. I've seen a few and cleaning the hard drive won't get rid of it. The culprit is the company that sells the cleaner software and they should be prosecuted for their intrusions into the machine. I'd like to infect their machines just to demonstrate the havoc they cause. Good luck

Collapse -

No luck...dang!

by bfindlay In reply to Reset BIOS to default

OK, removed/replaced CMOS battery. (Let stand 1 hour - shorted out the contacts)

Flashed the BIOS again. Note - this was done from a floppy that was made WHILE the machine was infected. Don't know if that is a factor.

Deleted all partitions on drive, reformatted.

Re-installed windows - same damn virus (regfixit.com) Windows takes 4:36 to load. Over one minute to open the control panel window. Totally unusable. (Note - no drivers or anything installed yet - this is a virgin copy just a few minutes old.

Seriously - short of throwing this computer away what are my alternatives? Would getting a new motherboard help? How much money should I through at this?? I am totally stumped as to how to get around this, or where the virus is 'living'. This is one real nasty bug!

IS there anywhere we can turn to initiate class action against the company (regfixit) that is doing this! This is extortion ware pure and simple!

I have lost over a week on this now - no computer, and the data on my other hard drives may or may not be contaminated beyond recovery. I hope not, but I am becoming seriously nervous about that. Fortunately, this is mainly a games/fun machine (although it is NOT fun right now!). I cannot imagine the stress this would be if this was a serious productivity machine for me!

Thank god I have this mac to use on the net in the meantime!

Collapse -

I'd Try This

by rwbyshe In reply to No luck...dang!

First I'd wipe the HD clean. A step above reformatting. A FREE solution is to go to http://www.download.com and search for and download Killdisk. The free version is on the slow side but it erases the hard drive completely. It took three hours to rewrite my old 40G HD. Then you'd simply have to format the HD during the Windows install.

I did a quick Google search on "virusblast". There is a lot there on this virus/trojan. I didn't do any research beyond the initial search but suggest you take a look. This is a good place generally to get info on how to remove these pesky pieces of malware.

Good luck.

Collapse -

original "floppy"

by stuoutlaw1 In reply to No luck...dang!

Hey bfindlay, on the 26th you stated that you used a floppy that was made WHILE THE MACHINE WAS INFECTED to reflash your BIOS this could be your problem(where the virus is) try getting on a clean machine that is firewalled and virus protected, download a new BIOS update to a clean floppy then with your machine off of the network then flash the BIOS and low level format the new hard drive on a clean machine and install XP on your machine with the cleaned drive

Collapse -

Yes. . .

by bkinsey In reply to original "floppy"

You're probably re-infecting yourself off of that floppy every time you reflash the BIOS. Get rid of it. Don't ever try to clean up an infected system with anything besides clean media.

Possible sources for an infection that "survives" a format/reinstall:

BIOS virus - never encountered one myself.

MBR - boot code in the Master Boot Record can be infected, and is not rewritten during a disk format. fdisk /mbr from a DOS/Win98 floppy, or (preferably) "fixmbr" from the XP Recovery console will rewrite that code.

Memory resident virus - can happen, but not in this case, since you've actually powered off the system. Sometimes people don't, but just "warm" restart, and get reinfected that way.

"Outside" reintroduction - As above, this is a likely source, if you're using a suspect floppy. Could also come from an infected CD, if a) it's not original media, and b) it was burned on an infected machine. Or can come from a network connection, USB connection, etc.

Back to Malware Forum
55 total posts (Page 1 of 6)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums