General discussion

  • Creator
    Topic
  • #2248696

    Absolutely flummoxed – BIOS virus?

    Locked

    by bfindlay ·

    Wierdest behaviour I have ever heard of. I got infected with a trojan (virusblast) that tried to sell me software to ‘clean up spypware and viruses’. (It WAS the viruse).

    I flashed my BIOS to an updated version, then installed a new hard drive – formatted it, and installed WIndows. The install took far, far longer than it should – on the order of three hours or so. The computer is slow as molasses now taking 3 to 5 minutes to boot into windows, 30 seconds or so to open a window or any other tasks.

    This is on a new, virgin windows install on a brand new formatted HD. Then a window pops ups saying that there are 55 errors in my registry (BRAND NEW SYSTEM!) and directs me to a third party site (registryupdate.com) to install a ‘registry cleaner’ that I am supposed to pay for.

    This is the exact same behaviour as the machine had before I stuck the new HD in, and installed windows – except the scam is now pointing to ‘registry update’ instead of virus blast. Obviously the data for this did not come from corruption on a hard drive – there was no old hard drive in the system – and I deleted all partitions and re-formatted the hard drive upon installing it. The virus must live in the BIOS – but how can this be!? I am so confused, and at a loss on the correct move to bring my machine back to life.

    Any help appreciated.

All Comments

  • Author
    Replies
    • #3140955

      yup, bios virus

      by jaqui ·

      In reply to Absolutely flummoxed – BIOS virus?

      reset the bios back to factory original off the backup chip.
      [ pin change on board, check manual to see steps and pin location ]

      remove the partition(s) on the hard drive.
      replace partitions
      use dban
      [ http://dban.sourceforge.net ]

      then install new system

      total time [ cause of dban ] up to one week, dban is as tight as you want it to be.

      • #3140541

        agree

        by kiltie ·

        In reply to yup, bios virus

        Short the mobo battery either by pins or simply removing the battery (to be sure I use a cable to short circuit the connections)

        You MUST then restart the computer from a CLEAN floppy/CD (or equivalent) and not merely reformat the HD, preferably FDISK (take the time while doing so to consider partitioning) before formatting the drive.

        Ideally – for security – you should WIPE the drive first, but there is anoher consideration.
        Make sure that you are reinstalling from an original read only medium (ie no chance it has been compromised)
        Keep off any network/internet too

        With the basics:
        an electical short of CMOS,
        a HD “wipe” and reformat
        a clean source for reinstall,
        no connection to another computer or online

        Your computer should be sterile.

        • #3140443

          Most likely..

          by lordnyghthawk9 ·

          In reply to agree

          if your machine does this AFTER your network connection is all set up, it’s nothing more than an ad using Windows Messenger. You likely do not have any BIOS virii.
          Now if it does it, even while disconnected from the net, that’s a whole ‘nother story. But I personally have never seen one.

        • #2993707

          This is not a solution for a BIOS virus

          by chim chim 1959 ·

          In reply to agree

          Generally good advice; however this is simply a reset of CMOS (Memory that holds information for BIOS) If the virus is in BIOS you will need to “flash” the BIOS somehow to get rid of it. I have never personally seen a BIOS virus, I have seen stuff get in at the MBR/MBT level and do odd things.

          Do understand that a format or even an fdisk does not rid your drive of all “stuff” use a wipe program like dban or the likes. Someone creative enough can still hide things by marking up a bunch of bad sectors on the HD and storing information in the “reported” bad sectors.

    • #3140914

      Yup, they’re out there…

      by dawgit ·

      In reply to Absolutely flummoxed – BIOS virus?

      I’ve run into them too. (though not on my machines, thankfully) There are some programs out there to fix (as in kill) that bad bug(s). The Anti-virus companies will give it to you (free) but you’ll have to determine which one it is (must do a virus scan) Try AVG from GriSoft (no plug here, I just use it) When you idenify the right bug you’ll need to down load a specific program to a flopy, re-boot with the flopy, it will than scan the BIOS and RAM, it’s the only way I’ve found to kill that one. One other way might be to re-set the BIOS altogether.

    • #3140876

      Reset BIOS to default

      by mjd420nova ·

      In reply to Absolutely flummoxed – BIOS virus?

      Resetting the BIOS to default should clear this up. Remove the battery for the CMOS and if possible, short the terminals (plus and minus) to be sure the capacitors get fully discharged. Replace the battery with a new one and start all over with a new partition and reformat the drive. This is a particular nasty trojan that has “flashed” the BIOS to install itself. I’ve seen a few and cleaning the hard drive won’t get rid of it. The culprit is the company that sells the cleaner software and they should be prosecuted for their intrusions into the machine. I’d like to infect their machines just to demonstrate the havoc they cause. Good luck

      • #3139689

        No luck…dang!

        by bfindlay ·

        In reply to Reset BIOS to default

        OK, removed/replaced CMOS battery. (Let stand 1 hour – shorted out the contacts)

        Flashed the BIOS again. Note – this was done from a floppy that was made WHILE the machine was infected. Don’t know if that is a factor.

        Deleted all partitions on drive, reformatted.

        Re-installed windows – same damn virus (regfixit.com) Windows takes 4:36 to load. Over one minute to open the control panel window. Totally unusable. (Note – no drivers or anything installed yet – this is a virgin copy just a few minutes old.

        Seriously – short of throwing this computer away what are my alternatives? Would getting a new motherboard help? How much money should I through at this?? I am totally stumped as to how to get around this, or where the virus is ‘living’. This is one real nasty bug!

        IS there anywhere we can turn to initiate class action against the company (regfixit) that is doing this! This is extortion ware pure and simple!

        I have lost over a week on this now – no computer, and the data on my other hard drives may or may not be contaminated beyond recovery. I hope not, but I am becoming seriously nervous about that. Fortunately, this is mainly a games/fun machine (although it is NOT fun right now!). I cannot imagine the stress this would be if this was a serious productivity machine for me!

        Thank god I have this mac to use on the net in the meantime!

        • #3202705

          I’d Try This

          by rwbyshe9 ·

          In reply to No luck…dang!

          First I’d wipe the HD clean. A step above reformatting. A FREE solution is to go to http://www.download.com and search for and download Killdisk. The free version is on the slow side but it erases the hard drive completely. It took three hours to rewrite my old 40G HD. Then you’d simply have to format the HD during the Windows install.

          I did a quick Google search on “virusblast”. There is a lot there on this virus/trojan. I didn’t do any research beyond the initial search but suggest you take a look. This is a good place generally to get info on how to remove these pesky pieces of malware.

          Good luck.

        • #3202664

          original “floppy”

          by stuoutlaw1 ·

          In reply to No luck…dang!

          Hey bfindlay, on the 26th you stated that you used a floppy that was made WHILE THE MACHINE WAS INFECTED to reflash your BIOS this could be your problem(where the virus is) try getting on a clean machine that is firewalled and virus protected, download a new BIOS update to a clean floppy then with your machine off of the network then flash the BIOS and low level format the new hard drive on a clean machine and install XP on your machine with the cleaned drive

        • #3140638

          Yes. . .

          by bkinsey1 ·

          In reply to original “floppy”

          You’re probably re-infecting yourself off of that floppy every time you reflash the BIOS. Get rid of it. Don’t ever try to clean up an infected system with anything besides clean media.

          Possible sources for an infection that “survives” a format/reinstall:

          BIOS virus – never encountered one myself.

          MBR – boot code in the Master Boot Record can be infected, and is not rewritten during a disk format. fdisk /mbr from a DOS/Win98 floppy, or (preferably) “fixmbr” from the XP Recovery console will rewrite that code.

          Memory resident virus – can happen, but not in this case, since you’ve actually powered off the system. Sometimes people don’t, but just “warm” restart, and get reinfected that way.

          “Outside” reintroduction – As above, this is a likely source, if you’re using a suspect floppy. Could also come from an infected CD, if a) it’s not original media, and b) it was burned on an infected machine. Or can come from a network connection, USB connection, etc.

        • #3140536

          When you pulled the battery….

          by ibanezoo ·

          In reply to No luck…dang!

          Did you also unplug the computer from the wall? And while it is unplugged, did you hit the power button to make sure the caps were drained?

      • #3202716

        May be somthing else entirely

        by warren.sparks ·

        In reply to Reset BIOS to default

        I have seen a few examples of this spamphony companys activity in the past and unless this is a realy new trojan there all based within windows and difficult to remove.
        your clean install on a new HD Shold have cleared almost any chance of the trojan surviving. So thats ruled out. Which leaves Two possible Sources. 1 – The Bios -Clear Cmos trick should do this or 2.- Somthing on your network.

        The usual method for trojan injection is through popups tricking the user (the weakest link) A firewall should prevent this.

        You can also stop some of the popups by turning off the messenger service thus – http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

        • #3202686

          I agree with warren ^^^

          by alordofchaos ·

          In reply to May be somthing else entirely

          You reflashed your bios and put in a fresh drive… I’m assuming you used a factory CD to install Windows and not a backup CD you burned yourself.

          When you reinstall Windows, make sure you are not connected to your network or to the Internet. After you get Windows reinstalled, make sure you are running a firewall before you reconnect to the Internet.

          I’d check any other computers on your network, too.

        • #3140532

          or…

          by ibanezoo ·

          In reply to May be somthing else entirely

          Are there any USB/firewire external hard drives or thumb drives plugged in?

      • #2601483

        Battery Removal – Virus still lives?

        by ifwootton ·

        In reply to Reset BIOS to default

        My motherboard has a cmos_clear couple of pins.
        When joined it sets the cmos back to defaults. Do you
        think this would also rid the system of the virus?

        Does the old FDisk from DOS days repartition the drives
        without putting the virus back into the bios? I format
        afterswards (3 drives) Cause my unknown boot,bios virus
        keeps coming back. I think its because some bastard
        keeps just giving it to me. I take out battery for 25 mins
        when documentation for ga-k8n-sli says about 10 mins is
        enough. 1 min of shorting aparantly which I didnt try.

        exact steps.

        I make Dos Boot disk. get format.com and fdisk.exe from
        net and put on disk (from another computer obviously) I
        used net cafe. And on New disk. I put my motherboards
        latet flash on the disk. I write protect the disk.

        I take the battery out of motherboard for 25 mins when
        manual says about 10mins is enough. I put battery back
        in repower and my system hangs. I think I blew it up. but I
        reopen and put battery in properly (one of terminals not
        touching) reboot and computer works and I go straight
        into the bios. Reset all my bios settings to what runs
        optimally for my computer Save and Exit. Reenter bios
        straight away enter flashing utility – flash the bios with
        latest update (probably didnt need doing but I did
        anyway). I reset and boot from my bootable floppy. It
        comes up with a:\. I type fdisk /mbr to wipe Master Boot
        Record. I then type fdisk.exe to runt he program. I delete
        a partion, I create a partition, I move to the next drive and
        repeat. I exit program and reboot, booting from floppy
        drive again. it comes up with a:\. I format c:, then d:
        then e: without changing from the a: to do it.
        I reboot, boot from original vista 64 cd. insall, delete and
        reformat all partitions to use NTFS format. finish
        installation.

        I think this should wipe any known virus on the planet if it
        still leaves your bios semi intact.

        have I done anything wrong, because the virus comes
        back again?

        Hope it helps any people with viruses out there.

        regards Ivan Wootton

    • #3139660

      bfindlay …dang, here’s some luck!

      by dawgit ·

      In reply to Absolutely flummoxed – BIOS virus?

      Ok, here’s some help for you, I have used a program called vcleaner from AVG (vcleaner.exe) form GriSoft ( http://www.grisoft.de/doc/112/lng/de/tpl/tpl01 ) ok, yes, that the German site, but I believe there is an English version site some-where under the GriSoft/AVG web system. The Wiki that was in the TR QA (below) will explain the what’s and How’s on this. You might try also the ‘tool’ from MicroSoft, “Tool for removeing bad stuff”. (ok, not quite the correct name) I have heard from some people who claim they’ve had luck with that. (It is, after all from MS) And yes, That is a bad one.
      (and Yes, one good reason I still use an AV)
      see also from: (yup, our own TR)
      ( http://techrepublic.com.com/trcommunity/5208-11186-0.html?forumID=52&threadID=196708 ) and from that see: ( http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal )
      >Re: on the AVG site After you get to that site, look up, top right hand corner, and just change the Land/Lang. -instructions are there also. (easy) -d

      • #3202712

        Another attempt

        by rp.jones ·

        In reply to bfindlay …dang, here’s some luck!

        Hi bfindley, what I did was to look at what programs system was running, when it was running nothing. There was one program whizzing away at 99%. Then I went into the registry and deleted its entry. I rebooted, and I was back to normal. My system, I suppose, still has the virus, but it’s harmless now as it has no registry entry. A bit like a DOS virus, ha ha.

        Good luck

    • #3139635

      Some ideas….

      by now left tr ·

      In reply to Absolutely flummoxed – BIOS virus?

      Did you ‘Flash’ before you started all the work – perhaps this caused the problem?

      USB Drives or Memory Keys used over the two systems?

      Printer with HD or some storable area has been infected?

      BIOS – Remove the battery, terminating any TSR’s??

      Any ‘rescued’ files from the old installation been carried over?

      Both drives still active withn the PC – but Windows on new one (old still there for access?)

      • #3202889

        Possibly boot sector virus?

        by bfindlay ·

        In reply to Some ideas….

        My local PC shop says it sounds like a BSV. However, how did my new drive get it? It was never exposed to the infected Boot sector on my primary drive. (It WAS exposed to my secondary drive briefly – it may have picked it up there, but if so how? There is no boot sector on that drive – it isn’t bootable!)

        Am running DBAN now (a 37 hour process!!), but confidence is pretty much zero at this point.

        • #3202701

          Try Symantec response

          by tek5555 ·

          In reply to Possibly boot sector virus?

          If its VirusBlast – then symantec has removal instructions – go to link below
          I had a friend who formatted his hard drive then installed XP from scratch (but without shutting down the computer and removing power lead) so the virus he had (Virus name was Klez) remained in memory and infected new install
          http://www.symantec.com/enterprise/security_response/threatexplorer/risks/index.jsp

        • #3140631

          Found it then…

          by now left tr ·

          In reply to Possibly boot sector virus?

          “WAS exposed to my secondary drive briefly”
          Who knows what the virus is doing – this will be the cause I guess!

        • #3140508

          YES!

          by alordofchaos ·

          In reply to Found it then…

          That was the vector we were after… it obviously came over from outside the new BIOS/HD, so we were talking about network/internet connections, USB/external HDs, etc.

          #1 rule for virus (computer or medical): QUARANTINE!

        • #3138580

          There’s always a boot sector

          by nicknielsen ·

          In reply to Possibly boot sector virus?

          even if the partition isn’t bootable. It’s also possible that this little nasty has infiltrated itself into unused bytes in the MBR or partition table on the secondary drive.

        • #2607748

          ITS IN THE CHIP

          by dave1seattle ·

          In reply to Possibly boot sector virus?

          YOU HAVE VERY NASTY VIRUS THAT IS INITIALY TAKING LOW LEVEL CONTROL OF YOUR SYSTEM AND WILL GRADUALLY TAKE MORE AND MORE CONTROL.IT IS A DESIGN FLAW IN THE CHIP WHICH MAKES THIS POSSIBLE.SYMANTEC RELEASED A STATEMENT ABOUT THIS A WEEK AGO THAT WAS MOSTLY BULLSHIT.THEY CANT KILL IT.ITS ALSO IN YOUR BIOS AND HAS INFECTED THE BOOTSECTOR.IT CANNOT BE REMOVED FROM YOUR MACHINE.SORRY.WHATS MORE,IT HAS ALSO INFECTED EVERY CHIP IN EVERY DEVICE IN YOUR HOME.IF YOU BUY A NEW COMPUTER IT WILL GET IT ALSO.IT SENDS CODE THROUGH YOUR WIRING USING XP GLOBAL POWER POLICY AND YOUR POWER SUPPLY,[LOOK FOR SIGNS OF OVERHEATING AT TRANSFORMER].FIRST,COMPRESS C:\,THEN DEFRAGMENT.NEXT,RESTART USING XP CD.GO TO RECOVERY CONSOLE.USE COMMAND BOOTCFG /REBUILD.THEN”MICROSOFT WINDOWS XP”ENTER,THEN /fastdetect /noguiboot /NODEBUG /C:\=”PREVIOUS OPERATING SYSTEM ON C:\”ENTER IT WILL HELP.

        • #2986566

          bull

          by insanexade ·

          In reply to ITS IN THE CHIP

          um sorry dave, I don’t know where you heard this from but a computer virus is just that a >computer< virus it cannot jump through a power line, it cannot jump through a transformer, and it sure as heck cannot infect the dishwasher. Your advice is faulty as well, why would you want to compress C:? that causes more troubles than it solves, defrag simply rearranges your files, that will not help remove a virus. the rest of your post makes no sense either, I'm not going to even go there but say its senseless. Furthermore an all caps message are for losers, and only show how much fluid is inside your brainpan compared to actual brain mass. Anyone who honestly knows what they are talking about doesn't use caps and makes sure that their spelling and grammar is right, or apologizes if English is not native to them. Now,, please go crawl back in the hole you came out of and learn how to offer quality help before sneaking back out of it, okay? whoops, didnt notice this was over 2 years old, my bad

    • #3202703

      Probably the Master Boot Record

      by j.lambing ·

      In reply to Absolutely flummoxed – BIOS virus?

      The virus more likely has infected the Master Boot Record on the HD. (Yes, viruses can and do infect the MBR) Simple formatting doesn’t include formatting the MBR. (All HDs have a Boot Sector or Record regardless if they were used to boot the system or not) That must be done separately and from a DOS prompt. You’ll need an old Win9x boot floppy that includes the Format program. From there it simply requires the command ‘format/MBR’. I’d suggest Googling for some more thorough instructions about how to do this. I’d be really surprised if this did not take care of the problem.

      • #3202699

        Try these

        by comsec1 ·

        In reply to Probably the Master Boot Record

        Nasty one there.
        Ensure the system is off the network and internet.
        First, get your trusty win98 boot disk and ensure that your system is able to boot from the floppy. next, once you get a prompt, use the FDisk command to remove all the partitions. when this is done, restart the system, with the disk again and then at the prompt, give the command fdisk /mbr to blow away the master boot record. You can then use the Gdisk command and then shut down the system for 1 full minute. This shouldn’t be too hard to do since the next step is to remove the CMOS Battery and leave it out for 30 minutes. once you replace the battery, and boot the system up, remember to go back into the bios and reset the time/date on the system as it will be back in the 70’s. Reboot and then reformat the system with either a clean boot disk or a live cd version of linux (make sure that the system can boot to the cd.
        you can use these to check the system to see if there is any residual problem left on the hard drive. Reboot the system and install your O\S. If these don’t work, post back here and let me know

        Good luck.

        • #3140679

          One extra warning

          by manitobamike ·

          In reply to Try these

          When you put in your win98 or other floppy make sure its write protected beforehand. Especially with a BSV they like to infect any bootable media that appears on the system.

      • #3140499

        Agreed!!

        by jafa ·

        In reply to Probably the Master Boot Record

        Absolutely agree!!
        I went through the exact same scenario just a few months ago. Everything except the popups. It took 3 hours to format the drive and it ran damn doggy slow during boot up and opening programs.
        I played with it for 3 weeks and finaly switched drives. Now it hauls butt!! I know you said you put a new drive in but try another. It worked for me!

    • #3140642

      Old old remedy

      by jimmie ·

      In reply to Absolutely flummoxed – BIOS virus?

      The bios can only remember things because of the battery power. Remove the battery and allow the bios to “die” (run out of power). This will cause any “non-embedded” program instructions to simply disappear.

      Try booting the computer a few times to speed up the using up of the remaining bios power after the battery has been removedd.

    • #3140637

      Have you tried replacing th eBIOS chip altogether?

      by cepedajoe ·

      In reply to Absolutely flummoxed – BIOS virus?

      From what seems to be going on the only thing that may work would be to replace the chip.
      Is this an option?

    • #3140610

      Refusal to label and address Malware, Adware as Viruses by Manufacuturers

      by pbrownlee ·

      In reply to Absolutely flummoxed – BIOS virus?

      I had a similar trial by fire over this virusburst slamware. I dscovered this a few weeks back. It beat my firewall and AV and only the onchip AV stopped it from going further. After contacting my AV co. and several other highly respected AV firms ie. Symantec, McAffee, Sophos et. al.. They informed me it was just malware and not a Virus.
      I then did a web search and found that this is an offshore programmmer probably laundering their slamware from Geneva, Switzerland. On this search a gentleman programmer had written a rootkit removal program that removes and kills this G@#….$&*T from the HDD and RAM for FREE. Thankfully I don’t believe this is a BIOS virus. However once fully installed there are chunks of it that may infect the embedded RAM on the H.D.D. itself.
      When are the Programmmers and Software Co.s and Manufacturers going to realize most of us users just want this crap stopped dead we don’t care what it affects only that it wastes our time and resources.

    • #3140496

      BIOS virus

      by jw1ls5n0129 ·

      In reply to Absolutely flummoxed – BIOS virus?

      I have read that you have a trojan and it can live on a CD or DVD even the XP CD and I went round every thing till I did a scan on the CD and there it was ,hope this helps. where did I buy the CD (ebay)

    • #3140487

      Re Virusburst

      by gypsy2 ·

      In reply to Absolutely flummoxed – BIOS virus?

      I had this beast but try Roguescan fix. It worked for me.

    • #3140447

      Just a Thought

      by devious mind ·

      In reply to Absolutely flummoxed – BIOS virus?

      While your slowdown COULD be virus-related, eliminate other possibilities first. I agree with JAFA that even a new HDD can be defective. I’ve heard that some manufacturers don’t even test their drives, but leave that up to the buyer! An easy way to see where the slowdown is occurring would be to install FreshDiagnose (free), and use the benchmark utilities therein to see if your CPU or HDD is the culprit. If the drive seems to be the cause, try replacing the cables first, then try your second IDE or SATA port before trying another drive. Most drive manufacturers supply a diagnostic program that will run from a boot floppy. This would get around any virus, assuming you first go into setup and select the floppy as the first boot device. If all else fails, try another power supply, as low voltage or noise on the +12V could affect data transfers. If the CPU benchmark is bad, go into setup when you boot and make sure the CPU cache is enabled, and that CPU and memory settings are what they should be. Finally, go into Windows Device Manager and make sure DMA is enabled in your HDD settings.

      • #3140404

        fdisk /mbr without losing data?

        by bfindlay ·

        In reply to Just a Thought

        can I do this on my existing, data filled drives, without destroying
        them ? (The data on them that is).

        Ie, if I run fdisk /mbr does this automatically delete partitions, or
        reformat, or otherwise render the drive inaccessible until formated?

    • #3140414

      I dont think

      by zlitocook ·

      In reply to Absolutely flummoxed – BIOS virus?

      It is a BIOS virus, most new mainboards come with some type of bios protection. Ether by jumper or by bios protection, a warning will come up saying something is trying to write to the system or cmos. This is a system message not a software message, mine has a jumper on it and has to be moved if I need to flash the bios.

      • #3140362

        I think it was a boot sector – killed it. puter still won’t work

        by bfindlay ·

        In reply to I dont think

        Got rid of the BSV by fdisk /mbr (PS – can this be done to a drive
        without destroying the data on it?)

        Now the computer is slow slow slow as molasses. I cannot
        understand it. I have re-installed windows 5 times in the past
        few days, and it still takes 5 minutes to boot, 1 minute to open a
        window, or browser, and 3 full minutes to shut down!

        Renders the machine non – functional for me. (It is my gaming
        rig)

        I am giving up on doing it myself – taking it in to the shop
        tomorrow. Wish me luck.

    • #3140395

      Trojan removal

      by pp1 ·

      In reply to Absolutely flummoxed – BIOS virus?

      In some cases the trojan can hide in the memory
      of the motherboard and on reboot it reinstalls itself in windows.To insure total removal
      1,unplug the computer from the power and let it
      sit for a couple of hours or remove your memory
      chip from the motherboard and wait at least 20
      minutes before reinstalling.
      2,clear the cmos,refer to your motherboard manual
      to find out how to do this.
      3,plug the power back in.
      4,use a boot disk or harddrive manufacturers
      disk to reformat your hardrive.reformat three
      times because information from your previous format is still retained in the boot sector of
      your harddrive.
      5,reload windows,do not go online until you have
      installed an antivirus program
      I personally install two antivirus programs for
      my clients,AVG and Antivir work well together,
      I also install only the Zonealarm Firewall(not
      the whole security suite as it will slow your
      computer)
      I also install Spybot S&D spyware protection
      program and then Spyblaster which works well
      with Spybot
      6,immediately on going online do not open your
      browser!!,go to windows update and install all
      windows updates.the hole that the trojan uses
      to get into windows can be fixed by installing
      the windows updates.once this is done your
      computer will reboot.
      7,go online and update your antivirus programs
      and spyware programs and then zonealarm firewall.
      8,after rebooting DEFRAGMENT your computer and
      reboot.Defragment regularly.
      9,Open the Control Program/Internet Options
      and go to Advanced,scroll down and tick the
      Empty Temporary Internet Folder when browser
      is closed box.Most trojans hide in the temporary
      internet folder and activate when windows is
      rebooted,by checking this box it clears the folder
      and helps keep your computer secure(at least more
      secure than if you don`t check the box)
      Cheers and have fun with Windows.

    • #3140368

      Some Have Touched on It

      by hforman9 ·

      In reply to Absolutely flummoxed – BIOS virus?

      The one common thing I keep coming back to here is: MEDIA. You keep flashing the BIOS, Installing Windows. Are you sure that you are using a “real” windows CD? or is it a “copy” possibly with a virus burned on it? Are you using floppies? I bought a whole box of them brand new and they were all infected (stick to MAJOR brands).

      Here is what I’d do. Find a friend. A very GOOD friend. One who has the latest a/v and spy-stop software loaded and current. Ask if he can check your media. Bring floppies. The OS install CD. Jump drive? Anything you used or might use. Scan..scan…scan….

      If everything is OK, or you go out and buy the right stuff, wipe the bios following everyone’s suggestions. How are you downloading the bios flash to your media? Are you sure that the PC you are doing that on is not infected with something? Maybe get that friend to download it for you and remember to write-protect it after!

      Flash the bios. Have your friend load fdisk on a clean floppy. Maybe a disk scrubber too.

      Clean that hard disk!

      Now, making sure you are not using infected install media, go ahead and install your OS. Immediately, install a good Virus Scanner software. Do that using clean media as well. Do NOT connect to your home network unless you do this OR shut down all other computers on the network.

      Basically, anything that can be written on or that could have been written on is suspect. Check ALL media!

      Hope this helps.

    • #3140358

      Ridding Hard drive of viruses once and for all !

      by mrinternet ·

      In reply to Absolutely flummoxed – BIOS virus?

      Unfortunately you need to do a low-level format.
      You normally can download the utility from hard drive manufacturer’s website. You think a format takes a long time … if your hard drive is large, a low level format could take up to 24 hours !
      Otherwise watch the weekend sales or price compare on the internet only after reading user ratings etc.

      Good luck !

      Did I mention saving files off your hard drive beforehand and making a list of programs to re-install !!

    • #3138570

      HDD Interleaving

      by hardwareeng ·

      In reply to Absolutely flummoxed – BIOS virus?

      bfindlay,
      You’ve received a lot of good suggestions from your cyberspace friends. Here’s another possibility for your slow running PC.

      Normally, today’s hard drives are low level formatted with an interleave factor of 1:1, meaning that each physical sector follows the previous one. In past times when slow computers could not keep up with the HDD, better performance resulted by interleaving the drive at a 1:2 or 1:4 ratio so that the data was stored every other physical sector. Thus, the slight delay in HDD transfer rate allowed the computer electronics to keep up and overall drive transfer rate performance increased.

      Is it possible that somehow, unknowingly, you may have formatted the HDD with a non-optimal interleave factor?

      Just a thought. Good luck.

    • #3280116

      bios virus create

      by safaei_mh ·

      In reply to Absolutely flummoxed – BIOS virus?

      hi
      i want create a bios virus
      can i help you?
      i do not start, beacuse i have not knowelage in bios commponent

      tank you for help

      • #3279962

        What in the fly’n flippers?????

        by dawgit ·

        In reply to bios virus create

        No, No, & No.
        What happened to TR?
        HELP.!.
        This can’t be happening…. some-one Please tell me that I’m seeing this in my sleep. -d

    • #3221419

      Same Problem

      by brandoncurley ·

      In reply to Absolutely flummoxed – BIOS virus?

      Just so you know, you’re not alone, and it’s not all in your head.

      I’m having the exact same problem. The problem first appeared around October 1st. I just did a fresh install, and now I’m infected again. Here’s what I tried:

      Clear CMOS with jumper, wait 1/2 hour.
      Boot from Windows 98 startup disk (original disk, write protected).
      Run fdisk, delete HD partitions.
      Reboot to Windows 98 startup disk.
      Run fdisk /mbr to delete master boot record.
      Turn off computer.
      Clear CMOS with jumper, wait 1/2 hour.
      Boot up with Windows 98 startup disk, Format HD, install Windows 98 with original factory CD.
      Reboot with Windows XP CD (original factory CD) and install.
      Install Norton Antivirus (original factory CD).
      Run system virus check. (no viruses detected)
      Setup internet connection, turn on firewall.
      Connect to internet and update Norton Antivirus.
      Run system virus check. (no viruses detected)
      Update Windows.

      The computer seems to be running normally up till now. But while updating Windows, the computer reboots for no reason. Consequently it reboots with increasing frequency. Various bad things happen during reboot, such as disk errors or freezing. Sometimes, the computer doesn’t reboot, but just stops working correctly, i.e. the monitor goes blank or the mouse stops working. Sometimes it takes 2 or 3 cold reboots to get it to boot up again. I’ve finally gotten all the Windows updates installed and the computer is running, but extremely slow. Norton Antivirus doesn’t detect anything wrong, but I’m sure my computer is infected. Internet Explorer is especially slow.

      I haven’t tried flashing the BIOS yet, but I’ll try that next.

      There are only two possible explanations I can think of.

      1.) A virus residing in the BIOS.

      2.) A virus that gains access via the internet while updating Windows, bypassing the firewall. I’m wondering if the virus utilizes one of the security holes that Microsoft just recently released updates for.

      I’m betting it’s the second case. Tonight, I’m going to try another fresh install, following the same process outlined above, with the following additions:

      1.) After fdisk /MBR, flash the BIOS using a floppy made at work and write protected.

      2.) Before ever connecting to the internet, install Windows updates (security updates and SP2) from CD’s. I’m going to download the updates from Microsoft’s website at work and burn them to CD’s.

      I’ll let you know how it turns out.

      miiser

      • #3275239

        hi

        by mchlor ·

        In reply to Same Problem

        brandon, you are not the only one.

      • #3275071

        NAV might be the problem

        by alordofchaos ·

        In reply to Same Problem

        First, try disconnecting your internet connection, then uninstalling Norton Antivirus (NAV). See if your PC begins working normally again.
        Alternatively, I’d try the steps you outlined, but omit installing Norton Antivirus. Try one of the free ones (Grisoft AVG, etc.) first.
        If your PC is fine for a while, then uninstall the free antivirus and reinstall NAV. If your PC begins exhibiting the same symptoms, uninstall NAV and reinstall the other antivirus.
        My father-in-law’s PC became so slow, the cursor wouldn’t move (or trying to move it caused a crash). Uninstalling NAV cured it.

      • #2986563

        BIOS Problem or just dying hardware

        by butkus ·

        In reply to Same Problem

        Did you catch something or is something just dying (bad HD, bad memory, bad controller card)

    • #2594564

      mbr?

      by dcl525 ·

      In reply to Absolutely flummoxed – BIOS virus?

      did u replace the hd, if not it could reside in the mastr boot record, i know spyaxe, and it usaully doesnt do that, but it is a tricky spyware app

    • #2611050

      Bios Virus removal…is it possible to recover from h-e-double-hockysticks?

      by stre0539 ·

      In reply to Absolutely flummoxed – BIOS virus?

      Well, I can identify with your problem 100%. I however don’t have any good information to share other than the following experience.

      I got a virus from reading a text file. No, I didn’t senselessly just double-click on a file, I selected it and told it to open it with wordpad (oh, oh how I wished I had stuck with my gut feeling to delete it.) Well before I knew it a quick black square flashed up on screen and and my whole screen did a stomach double-take as if it had been assaulted in some way and I knew instantly something bad had happened.

      I shut it down instantly, planning to reboot and use norton fast-back or whatever its called to return my computer to pre-virus bliss. Well, upon reboot I noticed that characters in the boot post where funky. Not the usual text, but like something out of spams-R-us, and it hit me…CRAP a bios virus. The problem with a BIOS virus is its at ground zero–the system level. There is no crap before it (at least not in the general sense, perhaps there is something or things you can try before it depending on your manufacturer of motherboard).

      So after trying things that didn’t work, including re-flashing the bios, which only got re-infected while I was flashing it from the self-same bios that was infected, I realized something. Flashing from an infected bios is much like installing from an infected system. I found a procedure to boot another computer that also happend to be an ASUS like mine (not a P3V4X but close enough) and After booting, launching the “aflash” utility with the format booting block option enabled, and preparing to write the downloaded bin file–I hot-switched the bios eeprom and wrote the bios. Then I shut-off this computer, removed the chip and installed it in my previosly infected computer. This did have the benefit of making my computer a little less infected, but it was still infected (by less infected, I mean that the distortions on-screen where not as prolific as before, but still present especially when I went into setup.)

      So,apparently there is something that is not being erased when the bios is flashed or I didn’t properly clear cmos before flashing and it re-infected my bios upon reboot. Admittedly, I didn’t wait the requisite “15 minute” to “8-hour” stretch to discharge the cmos because I was impatient to KNOW if I was sucessful. The only other possibility (beyond the virus residing elsewhere on the chip that is not erased on flash) I can think of is that hot-switching is flawed in that perhaps the bios uses write calls from the bios before it flashes it and those flash calls are virus infected. My last attempt (assuming the virus is on the bios as my hard-drives and all removable media is disconnected or in the case of the floppy–read-only) will be to …
      1. Clear the cmos
      2. Hot-flash the chip by…
      a. Booting with a clean eeprom
      b. Launching “aflash” util with erase boot blocking enabled.
      c. Hot-switching with infected eeprom
      d. Writing downloaded bios update file.
      e. Re-installing eeprom to previously infected CPU.
      3. Then I will clear the cmos for a whole minute and leave computer off with no power/ no battery for 8 hours.

      After that, if it all STILL FAILS, I am calling Asus, hoping the problem does indeed reside on the chip/eeprom. Asus, on the condition that the chip is removeable, has agreed to send me a replacement, and I hope this will not be infected because of something I forgot to try.

      I do caution all of you out there that this is extremely risky stuff, and there is a lot I am doing that can go wrong, but I am both a tech and studying to be an EE major so I have some experience on the wilder side of life, plus a stake in learning about eeproms.

      Please, does anyone have any input besides just suggesting more and more virus scanning software that can’t touch the bios? I would be very interested to hear from you, especially if you have experience using an eeprom writer, have successfully re-flashed a computer eeprom (Asus preferably since they are a bit off the beaten path) or have experience with bios virus removal. Now I leave to publish my book on how to bore the heck out of the fake techs that feed you 2 cent answers like they are quoting the sacred text of who-minnuh-humminah!

      • #2764117

        Another tale of BIOS woe

        by jca1234 ·

        In reply to Bios Virus removal…is it possible to recover from h-e-double-hockysticks?

        I don’t feel quite so alone now. I am dealing with the same type of virus. After several attempts at wiping and reformatting my hard drive, I went out and bought a brand new HDD, installed Windows from an original licensed Windows CD, and the virus is still there. Even when I remove the CMOS battery overnight (unplugging everything) reset the CMOS and turn on my computer WITH NO HARD DRIVE CONNECTED, the virus revs right up as soon as I turn the power on. No anti-virus software I’ve found can detect it (Kaspersky, PCTOOLS, STOPZilla, AVG). But there’s no doubt it’s a virus. It completely hijacks my computer (I’m running XP) and sets up a phony “network” to keep me from gaining full access to my own computer. It creates phony user accounts and logs on to immediately undo any effort on my part to eliminate the threat. The best I have managed is to shut down all but the very essential Windows services, and the virus is unable to do much, but so am I. I can’t access the Web, for instance. I guess it’s hopeless. I’ll have to buy a new motherboard. I am wondering about a few things, however:

        1) Is there a chance the virus also resides in my graphics card? I have a GeForce 7950GT. Does it have its own EEPROM chip? I don’t want to plug it in to a new motherboard and get infected all over again.

        2) What about DVD-ROM drives? Could they also have the firmware virus?

        3) If I buy a new motherboard and connect it to my infected hard drive for purposes of wiping and reformatting it, is there a chance the hard drive will infect the new motherboard? How can I prevent this from happening?

        Any advice is much appreciated.

        • #2772701

          HOW ABOUT SOME MORE SPECIFICS

          by chim chim 1959 ·

          In reply to Another tale of BIOS woe

          The whole clearing CMOS thing (Which should be a jumper to accomplish) is overstated. CMOS clear is an electrical issue and can be done with the jumper or the battery pull (and power cord disconnect).

          What accounts does it create?

          The default XP load causes a user
          account to be created and auto logged
          into after the subsequent boot.

          What network does it set up (IP ADRESSES PLEASE)?

          By default WinXP will try to acquire
          an IP ADX, if no DHCP server is found
          it assigns an ip of 169.xxx.xxx.xxx
          (the xxx varies).

          If you do not connect to the internet it will be slow and weird as it is trying to phone home and get updates.

          As for your questions:

          1. I guess its possible but NOT PROBABLE.
          2. See #1
          3. I would get a Linux boot cd and use the fdisk and format utilities in that to wipe out the HDD. dban as mentioned before would be a good wipe option as well.

Viewing 20 reply threads