Malware·2,748 discussions

Absolutely flummoxed – BIOS virus?

Locked

Wierdest behaviour I have ever heard of. I got infected with a trojan (virusblast) that tried to sell me software to ‘clean up spypware and viruses’. (It WAS the viruse).

I flashed my BIOS to an updated version, then installed a new hard drive – formatted it, and installed WIndows. The install took far, far longer than it should – on the order of three hours or so. The computer is slow as molasses now taking 3 to 5 minutes to boot into windows, 30 seconds or so to open a window or any other tasks.

This is on a new, virgin windows install on a brand new formatted HD. Then a window pops ups saying that there are 55 errors in my registry (BRAND NEW SYSTEM!) and directs me to a third party site (registryupdate.com) to install a ‘registry cleaner’ that I am supposed to pay for.

This is the exact same behaviour as the machine had before I stuck the new HD in, and installed windows – except the scam is now pointing to ‘registry update’ instead of virus blast. Obviously the data for this did not come from corruption on a hard drive – there was no old hard drive in the system – and I deleted all partitions and re-formatted the hard drive upon installing it. The virus must live in the BIOS – but how can this be!? I am so confused, and at a loss on the correct move to bring my machine back to life.

Any help appreciated.

Topic

yup, bios virus

In reply to Absolutely flummoxed – BIOS virus?

reset the bios back to factory original off the backup chip.
[ pin change on board, check manual to see steps and pin location ]

remove the partition(s) on the hard drive.
replace partitions
use dban
[ http://dban.sourceforge.net ]

then install new system

total time [ cause of dban ] up to one week, dban is as tight as you want it to be.

agree

In reply to yup, bios virus

Short the mobo battery either by pins or simply removing the battery (to be sure I use a cable to short circuit the connections)

You MUST then restart the computer from a CLEAN floppy/CD (or equivalent) and not merely reformat the HD, preferably FDISK (take the time while doing so to consider partitioning) before formatting the drive.

Ideally – for security – you should WIPE the drive first, but there is anoher consideration.
Make sure that you are reinstalling from an original read only medium (ie no chance it has been compromised)
Keep off any network/internet too

With the basics:
an electical short of CMOS,
a HD “wipe” and reformat
a clean source for reinstall,
no connection to another computer or online

Your computer should be sterile.

Most likely..

In reply to agree

if your machine does this AFTER your network connection is all set up, it’s nothing more than an ad using Windows Messenger. You likely do not have any BIOS virii.
Now if it does it, even while disconnected from the net, that’s a whole ‘nother story. But I personally have never seen one.

This is not a solution for a BIOS virus

In reply to agree

Generally good advice; however this is simply a reset of CMOS (Memory that holds information for BIOS) If the virus is in BIOS you will need to “flash” the BIOS somehow to get rid of it. I have never personally seen a BIOS virus, I have seen stuff get in at the MBR/MBT level and do odd things.

Do understand that a format or even an fdisk does not rid your drive of all “stuff” use a wipe program like dban or the likes. Someone creative enough can still hide things by marking up a bunch of bad sectors on the HD and storing information in the “reported” bad sectors.

Yup, they’re out there…

In reply to Absolutely flummoxed – BIOS virus?

I’ve run into them too. (though not on my machines, thankfully) There are some programs out there to fix (as in kill) that bad bug(s). The Anti-virus companies will give it to you (free) but you’ll have to determine which one it is (must do a virus scan) Try AVG from GriSoft (no plug here, I just use it) When you idenify the right bug you’ll need to down load a specific program to a flopy, re-boot with the flopy, it will than scan the BIOS and RAM, it’s the only way I’ve found to kill that one. One other way might be to re-set the BIOS altogether.

Reset BIOS to default

In reply to Absolutely flummoxed – BIOS virus?

Resetting the BIOS to default should clear this up. Remove the battery for the CMOS and if possible, short the terminals (plus and minus) to be sure the capacitors get fully discharged. Replace the battery with a new one and start all over with a new partition and reformat the drive. This is a particular nasty trojan that has “flashed” the BIOS to install itself. I’ve seen a few and cleaning the hard drive won’t get rid of it. The culprit is the company that sells the cleaner software and they should be prosecuted for their intrusions into the machine. I’d like to infect their machines just to demonstrate the havoc they cause. Good luck

No luck…dang!

In reply to Reset BIOS to default

OK, removed/replaced CMOS battery. (Let stand 1 hour – shorted out the contacts)

Flashed the BIOS again. Note – this was done from a floppy that was made WHILE the machine was infected. Don’t know if that is a factor.

Deleted all partitions on drive, reformatted.

Re-installed windows – same damn virus (regfixit.com) Windows takes 4:36 to load. Over one minute to open the control panel window. Totally unusable. (Note – no drivers or anything installed yet – this is a virgin copy just a few minutes old.

Seriously – short of throwing this computer away what are my alternatives? Would getting a new motherboard help? How much money should I through at this?? I am totally stumped as to how to get around this, or where the virus is ‘living’. This is one real nasty bug!

IS there anywhere we can turn to initiate class action against the company (regfixit) that is doing this! This is extortion ware pure and simple!

I have lost over a week on this now – no computer, and the data on my other hard drives may or may not be contaminated beyond recovery. I hope not, but I am becoming seriously nervous about that. Fortunately, this is mainly a games/fun machine (although it is NOT fun right now!). I cannot imagine the stress this would be if this was a serious productivity machine for me!

Thank god I have this mac to use on the net in the meantime!

I’d Try This

In reply to No luck…dang!

First I’d wipe the HD clean. A step above reformatting. A FREE solution is to go to http://www.download.com and search for and download Killdisk. The free version is on the slow side but it erases the hard drive completely. It took three hours to rewrite my old 40G HD. Then you’d simply have to format the HD during the Windows install.

I did a quick Google search on “virusblast”. There is a lot there on this virus/trojan. I didn’t do any research beyond the initial search but suggest you take a look. This is a good place generally to get info on how to remove these pesky pieces of malware.

Good luck.

original “floppy”

In reply to No luck…dang!

Hey bfindlay, on the 26th you stated that you used a floppy that was made WHILE THE MACHINE WAS INFECTED to reflash your BIOS this could be your problem(where the virus is) try getting on a clean machine that is firewalled and virus protected, download a new BIOS update to a clean floppy then with your machine off of the network then flash the BIOS and low level format the new hard drive on a clean machine and install XP on your machine with the cleaned drive

Yes. . .

In reply to original “floppy”

You’re probably re-infecting yourself off of that floppy every time you reflash the BIOS. Get rid of it. Don’t ever try to clean up an infected system with anything besides clean media.

Possible sources for an infection that “survives” a format/reinstall:

BIOS virus – never encountered one myself.

MBR – boot code in the Master Boot Record can be infected, and is not rewritten during a disk format. fdisk /mbr from a DOS/Win98 floppy, or (preferably) “fixmbr” from the XP Recovery console will rewrite that code.

Memory resident virus – can happen, but not in this case, since you’ve actually powered off the system. Sometimes people don’t, but just “warm” restart, and get reinfected that way.

“Outside” reintroduction – As above, this is a likely source, if you’re using a suspect floppy. Could also come from an infected CD, if a) it’s not original media, and b) it was burned on an infected machine. Or can come from a network connection, USB connection, etc.

When you pulled the battery….

In reply to No luck…dang!

Did you also unplug the computer from the wall? And while it is unplugged, did you hit the power button to make sure the caps were drained?

May be somthing else entirely

In reply to Reset BIOS to default

I have seen a few examples of this spamphony companys activity in the past and unless this is a realy new trojan there all based within windows and difficult to remove.
your clean install on a new HD Shold have cleared almost any chance of the trojan surviving. So thats ruled out. Which leaves Two possible Sources. 1 – The Bios -Clear Cmos trick should do this or 2.- Somthing on your network.

The usual method for trojan injection is through popups tricking the user (the weakest link) A firewall should prevent this.

You can also stop some of the popups by turning off the messenger service thus – http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

I agree with warren ^^^

In reply to May be somthing else entirely

You reflashed your bios and put in a fresh drive… I’m assuming you used a factory CD to install Windows and not a backup CD you burned yourself.

When you reinstall Windows, make sure you are not connected to your network or to the Internet. After you get Windows reinstalled, make sure you are running a firewall before you reconnect to the Internet.

I’d check any other computers on your network, too.

or…

In reply to May be somthing else entirely

Are there any USB/firewire external hard drives or thumb drives plugged in?

Battery Removal – Virus still lives?

In reply to Reset BIOS to default

My motherboard has a cmos_clear couple of pins.
When joined it sets the cmos back to defaults. Do you
think this would also rid the system of the virus?

Does the old FDisk from DOS days repartition the drives
without putting the virus back into the bios? I format
afterswards (3 drives) Cause my unknown boot,bios virus
keeps coming back. I think its because some bastard
keeps just giving it to me. I take out battery for 25 mins
when documentation for ga-k8n-sli says about 10 mins is
enough. 1 min of shorting aparantly which I didnt try.

exact steps.

I make Dos Boot disk. get format.com and fdisk.exe from
net and put on disk (from another computer obviously) I
used net cafe. And on New disk. I put my motherboards
latet flash on the disk. I write protect the disk.

I take the battery out of motherboard for 25 mins when
manual says about 10mins is enough. I put battery back
in repower and my system hangs. I think I blew it up. but I
reopen and put battery in properly (one of terminals not
touching) reboot and computer works and I go straight
into the bios. Reset all my bios settings to what runs
optimally for my computer Save and Exit. Reenter bios
straight away enter flashing utility – flash the bios with
latest update (probably didnt need doing but I did
anyway). I reset and boot from my bootable floppy. It
comes up with a:\. I type fdisk /mbr to wipe Master Boot
Record. I then type fdisk.exe to runt he program. I delete
a partion, I create a partition, I move to the next drive and
repeat. I exit program and reboot, booting from floppy
drive again. it comes up with a:\. I format c:, then d:
then e: without changing from the a: to do it.
I reboot, boot from original vista 64 cd. insall, delete and
reformat all partitions to use NTFS format. finish
installation.

I think this should wipe any known virus on the planet if it
still leaves your bios semi intact.

have I done anything wrong, because the virus comes
back again?

Hope it helps any people with viruses out there.

regards Ivan Wootton

Hi Ivan

In reply to Battery Removal – Virus still lives?

Is it you originally from Abingdon?

bfindlay …dang, here’s some luck!

In reply to Absolutely flummoxed – BIOS virus?

Ok, here’s some help for you, I have used a program called vcleaner from AVG (vcleaner.exe) form GriSoft ( http://www.grisoft.de/doc/112/lng/de/tpl/tpl01 ) ok, yes, that the German site, but I believe there is an English version site some-where under the GriSoft/AVG web system. The Wiki that was in the TR QA (below) will explain the what’s and How’s on this. You might try also the ‘tool’ from MicroSoft, “Tool for removeing bad stuff”. (ok, not quite the correct name) I have heard from some people who claim they’ve had luck with that. (It is, after all from MS) And yes, That is a bad one.
(and Yes, one good reason I still use an AV)
see also from: (yup, our own TR)
( http://techrepublic.com.com/trcommunity/5208-11186-0.html?forumID=52&threadID=196708 ) and from that see: ( http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal )
>Re: on the AVG site After you get to that site, look up, top right hand corner, and just change the Land/Lang. -instructions are there also. (easy) -d

Another attempt

In reply to bfindlay …dang, here’s some luck!

Hi bfindley, what I did was to look at what programs system was running, when it was running nothing. There was one program whizzing away at 99%. Then I went into the registry and deleted its entry. I rebooted, and I was back to normal. My system, I suppose, still has the virus, but it’s harmless now as it has no registry entry. A bit like a DOS virus, ha ha.

Good luck

Some ideas….

In reply to Absolutely flummoxed – BIOS virus?

Did you ‘Flash’ before you started all the work – perhaps this caused the problem?

USB Drives or Memory Keys used over the two systems?

Printer with HD or some storable area has been infected?

BIOS – Remove the battery, terminating any TSR’s??

Any ‘rescued’ files from the old installation been carried over?

Both drives still active withn the PC – but Windows on new one (old still there for access?)

Possibly boot sector virus?

In reply to Some ideas….

My local PC shop says it sounds like a BSV. However, how did my new drive get it? It was never exposed to the infected Boot sector on my primary drive. (It WAS exposed to my secondary drive briefly – it may have picked it up there, but if so how? There is no boot sector on that drive – it isn’t bootable!)

Am running DBAN now (a 37 hour process!!), but confidence is pretty much zero at this point.

Try Symantec response

In reply to Possibly boot sector virus?

If its VirusBlast – then symantec has removal instructions – go to link below
I had a friend who formatted his hard drive then installed XP from scratch (but without shutting down the computer and removing power lead) so the virus he had (Virus name was Klez) remained in memory and infected new install
http://www.symantec.com/enterprise/security_response/threatexplorer/risks/index.jsp

Found it then…

In reply to Possibly boot sector virus?

“WAS exposed to my secondary drive briefly”
Who knows what the virus is doing – this will be the cause I guess!

YES!

In reply to Found it then…

That was the vector we were after… it obviously came over from outside the new BIOS/HD, so we were talking about network/internet connections, USB/external HDs, etc.

#1 rule for virus (computer or medical): QUARANTINE!

There’s always a boot sector

In reply to Possibly boot sector virus?

even if the partition isn’t bootable. It’s also possible that this little nasty has infiltrated itself into unused bytes in the MBR or partition table on the secondary drive.

ITS IN THE CHIP

In reply to Possibly boot sector virus?

YOU HAVE VERY NASTY VIRUS THAT IS INITIALY TAKING LOW LEVEL CONTROL OF YOUR SYSTEM AND WILL GRADUALLY TAKE MORE AND MORE CONTROL.IT IS A DESIGN FLAW IN THE CHIP WHICH MAKES THIS POSSIBLE.SYMANTEC RELEASED A STATEMENT ABOUT THIS A WEEK AGO THAT WAS MOSTLY BULLSHIT.THEY CANT KILL IT.ITS ALSO IN YOUR BIOS AND HAS INFECTED THE BOOTSECTOR.IT CANNOT BE REMOVED FROM YOUR MACHINE.SORRY.WHATS MORE,IT HAS ALSO INFECTED EVERY CHIP IN EVERY DEVICE IN YOUR HOME.IF YOU BUY A NEW COMPUTER IT WILL GET IT ALSO.IT SENDS CODE THROUGH YOUR WIRING USING XP GLOBAL POWER POLICY AND YOUR POWER SUPPLY,[LOOK FOR SIGNS OF OVERHEATING AT TRANSFORMER].FIRST,COMPRESS C:\,THEN DEFRAGMENT.NEXT,RESTART USING XP CD.GO TO RECOVERY CONSOLE.USE COMMAND BOOTCFG /REBUILD.THEN”MICROSOFT WINDOWS XP”ENTER,THEN /fastdetect /noguiboot /NODEBUG /C:\=”PREVIOUS OPERATING SYSTEM ON C:\”ENTER IT WILL HELP.

bull

In reply to ITS IN THE CHIP

um sorry dave, I don’t know where you heard this from but a computer virus is just that a >computer< virus it cannot jump through a power line, it cannot jump through a transformer, and it sure as heck cannot infect the dishwasher. Your advice is faulty as well, why would you want to compress C:? that causes more troubles than it solves, defrag simply rearranges your files, that will not help remove a virus. the rest of your post makes no sense either, I'm not going to even go there but say its senseless. Furthermore an all caps message are for losers, and only show how much fluid is inside your brainpan compared to actual brain mass. Anyone who honestly knows what they are talking about doesn't use caps and makes sure that their spelling and grammar is right, or apologizes if English is not native to them. Now,, please go crawl back in the hole you came out of and learn how to offer quality help before sneaking back out of it, okay? whoops, didnt notice this was over 2 years old, my bad

Probably the Master Boot Record

In reply to Absolutely flummoxed – BIOS virus?

The virus more likely has infected the Master Boot Record on the HD. (Yes, viruses can and do infect the MBR) Simple formatting doesn’t include formatting the MBR. (All HDs have a Boot Sector or Record regardless if they were used to boot the system or not) That must be done separately and from a DOS prompt. You’ll need an old Win9x boot floppy that includes the Format program. From there it simply requires the command ‘format/MBR’. I’d suggest Googling for some more thorough instructions about how to do this. I’d be really surprised if this did not take care of the problem.

Try these

In reply to Probably the Master Boot Record

Nasty one there.
Ensure the system is off the network and internet.
First, get your trusty win98 boot disk and ensure that your system is able to boot from the floppy. next, once you get a prompt, use the FDisk command to remove all the partitions. when this is done, restart the system, with the disk again and then at the prompt, give the command fdisk /mbr to blow away the master boot record. You can then use the Gdisk command and then shut down the system for 1 full minute. This shouldn’t be too hard to do since the next step is to remove the CMOS Battery and leave it out for 30 minutes. once you replace the battery, and boot the system up, remember to go back into the bios and reset the time/date on the system as it will be back in the 70’s. Reboot and then reformat the system with either a clean boot disk or a live cd version of linux (make sure that the system can boot to the cd.
you can use these to check the system to see if there is any residual problem left on the hard drive. Reboot the system and install your O\S. If these don’t work, post back here and let me know

Good luck.

One extra warning

In reply to Try these

When you put in your win98 or other floppy make sure its write protected beforehand. Especially with a BSV they like to infect any bootable media that appears on the system.

Agreed!!

In reply to Probably the Master Boot Record

Absolutely agree!!
I went through the exact same scenario just a few months ago. Everything except the popups. It took 3 hours to format the drive and it ran damn doggy slow during boot up and opening programs.
I played with it for 3 weeks and finaly switched drives. Now it hauls butt!! I know you said you put a new drive in but try another. It worked for me!

Old old remedy

In reply to Absolutely flummoxed – BIOS virus?

The bios can only remember things because of the battery power. Remove the battery and allow the bios to “die” (run out of power). This will cause any “non-embedded” program instructions to simply disappear.

Try booting the computer a few times to speed up the using up of the remaining bios power after the battery has been removedd.

The floppy

In reply to Old old remedy

It’s on the floppy.

Have you tried replacing th eBIOS chip altogether?

In reply to Absolutely flummoxed – BIOS virus?

From what seems to be going on the only thing that may work would be to replace the chip.
Is this an option?

Refusal to label and address Malware, Adware as Viruses by Manufacuturers

In reply to Absolutely flummoxed – BIOS virus?

I had a similar trial by fire over this virusburst slamware. I dscovered this a few weeks back. It beat my firewall and AV and only the onchip AV stopped it from going further. After contacting my AV co. and several other highly respected AV firms ie. Symantec, McAffee, Sophos et. al.. They informed me it was just malware and not a Virus.
I then did a web search and found that this is an offshore programmmer probably laundering their slamware from Geneva, Switzerland. On this search a gentleman programmer had written a rootkit removal program that removes and kills this G@#….$&*T from the HDD and RAM for FREE. Thankfully I don’t believe this is a BIOS virus. However once fully installed there are chunks of it that may infect the embedded RAM on the H.D.D. itself.
When are the Programmmers and Software Co.s and Manufacturers going to realize most of us users just want this crap stopped dead we don’t care what it affects only that it wastes our time and resources.

BIOS virus

In reply to Absolutely flummoxed – BIOS virus?

I have read that you have a trojan and it can live on a CD or DVD even the XP CD and I went round every thing till I did a scan on the CD and there it was ,hope this helps. where did I buy the CD (ebay)

Re Virusburst

In reply to Absolutely flummoxed – BIOS virus?

I had this beast but try Roguescan fix. It worked for me.

Just a Thought

In reply to Absolutely flummoxed – BIOS virus?

While your slowdown COULD be virus-related, eliminate other possibilities first. I agree with JAFA that even a new HDD can be defective. I’ve heard that some manufacturers don’t even test their drives, but leave that up to the buyer! An easy way to see where the slowdown is occurring would be to install FreshDiagnose (free), and use the benchmark utilities therein to see if your CPU or HDD is the culprit. If the drive seems to be the cause, try replacing the cables first, then try your second IDE or SATA port before trying another drive. Most drive manufacturers supply a diagnostic program that will run from a boot floppy. This would get around any virus, assuming you first go into setup and select the floppy as the first boot device. If all else fails, try another power supply, as low voltage or noise on the +12V could affect data transfers. If the CPU benchmark is bad, go into setup when you boot and make sure the CPU cache is enabled, and that CPU and memory settings are what they should be. Finally, go into Windows Device Manager and make sure DMA is enabled in your HDD settings.

fdisk /mbr without losing data?

In reply to Just a Thought

can I do this on my existing, data filled drives, without destroying
them ? (The data on them that is).

Ie, if I run fdisk /mbr does this automatically delete partitions, or
reformat, or otherwise render the drive inaccessible until formated?

YES

In reply to fdisk /mbr without losing data?

YES no data loss

I dont think

In reply to Absolutely flummoxed – BIOS virus?

It is a BIOS virus, most new mainboards come with some type of bios protection. Ether by jumper or by bios protection, a warning will come up saying something is trying to write to the system or cmos. This is a system message not a software message, mine has a jumper on it and has to be moved if I need to flash the bios.

I think it was a boot sector – killed it. puter still won’t work

In reply to I dont think

Got rid of the BSV by fdisk /mbr (PS – can this be done to a drive
without destroying the data on it?)

Now the computer is slow slow slow as molasses. I cannot
understand it. I have re-installed windows 5 times in the past
few days, and it still takes 5 minutes to boot, 1 minute to open a
window, or browser, and 3 full minutes to shut down!

Renders the machine non – functional for me. (It is my gaming
rig)

I am giving up on doing it myself – taking it in to the shop
tomorrow. Wish me luck.

Trojan removal

In reply to Absolutely flummoxed – BIOS virus?

In some cases the trojan can hide in the memory
of the motherboard and on reboot it reinstalls itself in windows.To insure total removal
1,unplug the computer from the power and let it
sit for a couple of hours or remove your memory
chip from the motherboard and wait at least 20
minutes before reinstalling.
2,clear the cmos,refer to your motherboard manual
to find out how to do this.
3,plug the power back in.
4,use a boot disk or harddrive manufacturers
disk to reformat your hardrive.reformat three
times because information from your previous format is still retained in the boot sector of
your harddrive.
5,reload windows,do not go online until you have
installed an antivirus program
I personally install two antivirus programs for
my clients,AVG and Antivir work well together,
I also install only the Zonealarm Firewall(not
the whole security suite as it will slow your
computer)
I also install Spybot S&D spyware protection
program and then Spyblaster which works well
with Spybot
6,immediately on going online do not open your
browser!!,go to windows update and install all
windows updates.the hole that the trojan uses
to get into windows can be fixed by installing
the windows updates.once this is done your
computer will reboot.
7,go online and update your antivirus programs
and spyware programs and then zonealarm firewall.
8,after rebooting DEFRAGMENT your computer and
reboot.Defragment regularly.
9,Open the Control Program/Internet Options
and go to Advanced,scroll down and tick the
Empty Temporary Internet Folder when browser
is closed box.Most trojans hide in the temporary
internet folder and activate when windows is
rebooted,by checking this box it clears the folder
and helps keep your computer secure(at least more
secure than if you don`t check the box)
Cheers and have fun with Windows.

Some Have Touched on It

In reply to Absolutely flummoxed – BIOS virus?

The one common thing I keep coming back to here is: MEDIA. You keep flashing the BIOS, Installing Windows. Are you sure that you are using a “real” windows CD? or is it a “copy” possibly with a virus burned on it? Are you using floppies? I bought a whole box of them brand new and they were all infected (stick to MAJOR brands).

Here is what I’d do. Find a friend. A very GOOD friend. One who has the latest a/v and spy-stop software loaded and current. Ask if he can check your media. Bring floppies. The OS install CD. Jump drive? Anything you used or might use. Scan..scan…scan….

If everything is OK, or you go out and buy the right stuff, wipe the bios following everyone’s suggestions. How are you downloading the bios flash to your media? Are you sure that the PC you are doing that on is not infected with something? Maybe get that friend to download it for you and remember to write-protect it after!

Flash the bios. Have your friend load fdisk on a clean floppy. Maybe a disk scrubber too.

Clean that hard disk!

Now, making sure you are not using infected install media, go ahead and install your OS. Immediately, install a good Virus Scanner software. Do that using clean media as well. Do NOT connect to your home network unless you do this OR shut down all other computers on the network.

Basically, anything that can be written on or that could have been written on is suspect. Check ALL media!

Hope this helps.

Ridding Hard drive of viruses once and for all !

In reply to Absolutely flummoxed – BIOS virus?

Unfortunately you need to do a low-level format.
You normally can download the utility from hard drive manufacturer’s website. You think a format takes a long time … if your hard drive is large, a low level format could take up to 24 hours !
Otherwise watch the weekend sales or price compare on the internet only after reading user ratings etc.

Good luck !

Did I mention saving files off your hard drive beforehand and making a list of programs to re-install !!

HDD Interleaving

In reply to Absolutely flummoxed – BIOS virus?

bfindlay,
You’ve received a lot of good suggestions from your cyberspace friends. Here’s another possibility for your slow running PC.

Normally, today’s hard drives are low level formatted with an interleave factor of 1:1, meaning that each physical sector follows the previous one. In past times when slow computers could not keep up with the HDD, better performance resulted by interleaving the drive at a 1:2 or 1:4 ratio so that the data was stored every other physical sector. Thus, the slight delay in HDD transfer rate allowed the computer electronics to keep up and overall drive transfer rate performance increased.

Is it possible that somehow, unknowingly, you may have formatted the HDD with a non-optimal interleave factor?

Just a thought. Good luck.

bios virus create

In reply to Absolutely flummoxed – BIOS virus?

hi
i want create a bios virus
can i help you?
i do not start, beacuse i have not knowelage in bios commponent

tank you for help

What in the fly’n flippers?????

In reply to bios virus create

No, No, & No.
What happened to TR?
HELP.!.
This can’t be happening…. some-one Please tell me that I’m seeing this in my sleep. -d

Same Problem

In reply to Absolutely flummoxed – BIOS virus?

Just so you know, you’re not alone, and it’s not all in your head.

I’m having the exact same problem. The problem first appeared around October 1st. I just did a fresh install, and now I’m infected again. Here’s what I tried:

Clear CMOS with jumper, wait 1/2 hour.
Boot from Windows 98 startup disk (original disk, write protected).
Run fdisk, delete HD partitions.
Reboot to Windows 98 startup disk.
Run fdisk /mbr to delete master boot record.
Turn off computer.
Clear CMOS with jumper, wait 1/2 hour.
Boot up with Windows 98 startup disk, Format HD, install Windows 98 with original factory CD.
Reboot with Windows XP CD (original factory CD) and install.
Install Norton Antivirus (original factory CD).
Run system virus check. (no viruses detected)
Setup internet connection, turn on firewall.
Connect to internet and update Norton Antivirus.
Run system virus check. (no viruses detected)
Update Windows.

The computer seems to be running normally up till now. But while updating Windows, the computer reboots for no reason. Consequently it reboots with increasing frequency. Various bad things happen during reboot, such as disk errors or freezing. Sometimes, the computer doesn’t reboot, but just stops working correctly, i.e. the monitor goes blank or the mouse stops working. Sometimes it takes 2 or 3 cold reboots to get it to boot up again. I’ve finally gotten all the Windows updates installed and the computer is running, but extremely slow. Norton Antivirus doesn’t detect anything wrong, but I’m sure my computer is infected. Internet Explorer is especially slow.

I haven’t tried flashing the BIOS yet, but I’ll try that next.

There are only two possible explanations I can think of.

1.) A virus residing in the BIOS.

2.) A virus that gains access via the internet while updating Windows, bypassing the firewall. I’m wondering if the virus utilizes one of the security holes that Microsoft just recently released updates for.

I’m betting it’s the second case. Tonight, I’m going to try another fresh install, following the same process outlined above, with the following additions:

1.) After fdisk /MBR, flash the BIOS using a floppy made at work and write protected.

2.) Before ever connecting to the internet, install Windows updates (security updates and SP2) from CD’s. I’m going to download the updates from Microsoft’s website at work and burn them to CD’s.

I’ll let you know how it turns out.

miiser

hi

In reply to Same Problem

brandon, you are not the only one.

NAV might be the problem

In reply to Same Problem

First, try disconnecting your internet connection, then uninstalling Norton Antivirus (NAV). See if your PC begins working normally again.
Alternatively, I’d try the steps you outlined, but omit installing Norton Antivirus. Try one of the free ones (Grisoft AVG, etc.) first.
If your PC is fine for a while, then uninstall the free antivirus and reinstall NAV. If your PC begins exhibiting the same symptoms, uninstall NAV and reinstall the other antivirus.
My father-in-law’s PC became so slow, the cursor wouldn’t move (or trying to move it caused a crash). Uninstalling NAV cured it.

BIOS Problem or just dying hardware

In reply to Same Problem

Did you catch something or is something just dying (bad HD, bad memory, bad controller card)

mbr?

In reply to Absolutely flummoxed – BIOS virus?

did u replace the hd, if not it could reside in the mastr boot record, i know spyaxe, and it usaully doesnt do that, but it is a tricky spyware app

Bios Virus removal…is it possible to recover from h-e-double-hockysticks?

In reply to Absolutely flummoxed – BIOS virus?

Well, I can identify with your problem 100%. I however don’t have any good information to share other than the following experience.

I got a virus from reading a text file. No, I didn’t senselessly just double-click on a file, I selected it and told it to open it with wordpad (oh, oh how I wished I had stuck with my gut feeling to delete it.) Well before I knew it a quick black square flashed up on screen and and my whole screen did a stomach double-take as if it had been assaulted in some way and I knew instantly something bad had happened.

I shut it down instantly, planning to reboot and use norton fast-back or whatever its called to return my computer to pre-virus bliss. Well, upon reboot I noticed that characters in the boot post where funky. Not the usual text, but like something out of spams-R-us, and it hit me…CRAP a bios virus. The problem with a BIOS virus is its at ground zero–the system level. There is no crap before it (at least not in the general sense, perhaps there is something or things you can try before it depending on your manufacturer of motherboard).

So after trying things that didn’t work, including re-flashing the bios, which only got re-infected while I was flashing it from the self-same bios that was infected, I realized something. Flashing from an infected bios is much like installing from an infected system. I found a procedure to boot another computer that also happend to be an ASUS like mine (not a P3V4X but close enough) and After booting, launching the “aflash” utility with the format booting block option enabled, and preparing to write the downloaded bin file–I hot-switched the bios eeprom and wrote the bios. Then I shut-off this computer, removed the chip and installed it in my previosly infected computer. This did have the benefit of making my computer a little less infected, but it was still infected (by less infected, I mean that the distortions on-screen where not as prolific as before, but still present especially when I went into setup.)

So,apparently there is something that is not being erased when the bios is flashed or I didn’t properly clear cmos before flashing and it re-infected my bios upon reboot. Admittedly, I didn’t wait the requisite “15 minute” to “8-hour” stretch to discharge the cmos because I was impatient to KNOW if I was sucessful. The only other possibility (beyond the virus residing elsewhere on the chip that is not erased on flash) I can think of is that hot-switching is flawed in that perhaps the bios uses write calls from the bios before it flashes it and those flash calls are virus infected. My last attempt (assuming the virus is on the bios as my hard-drives and all removable media is disconnected or in the case of the floppy–read-only) will be to …
1. Clear the cmos
2. Hot-flash the chip by…
a. Booting with a clean eeprom
b. Launching “aflash” util with erase boot blocking enabled.
c. Hot-switching with infected eeprom
d. Writing downloaded bios update file.
e. Re-installing eeprom to previously infected CPU.
3. Then I will clear the cmos for a whole minute and leave computer off with no power/ no battery for 8 hours.

After that, if it all STILL FAILS, I am calling Asus, hoping the problem does indeed reside on the chip/eeprom. Asus, on the condition that the chip is removeable, has agreed to send me a replacement, and I hope this will not be infected because of something I forgot to try.

I do caution all of you out there that this is extremely risky stuff, and there is a lot I am doing that can go wrong, but I am both a tech and studying to be an EE major so I have some experience on the wilder side of life, plus a stake in learning about eeproms.

Please, does anyone have any input besides just suggesting more and more virus scanning software that can’t touch the bios? I would be very interested to hear from you, especially if you have experience using an eeprom writer, have successfully re-flashed a computer eeprom (Asus preferably since they are a bit off the beaten path) or have experience with bios virus removal. Now I leave to publish my book on how to bore the heck out of the fake techs that feed you 2 cent answers like they are quoting the sacred text of who-minnuh-humminah!

Another tale of BIOS woe

In reply to Bios Virus removal…is it possible to recover from h-e-double-hockysticks?

I don’t feel quite so alone now. I am dealing with the same type of virus. After several attempts at wiping and reformatting my hard drive, I went out and bought a brand new HDD, installed Windows from an original licensed Windows CD, and the virus is still there. Even when I remove the CMOS battery overnight (unplugging everything) reset the CMOS and turn on my computer WITH NO HARD DRIVE CONNECTED, the virus revs right up as soon as I turn the power on. No anti-virus software I’ve found can detect it (Kaspersky, PCTOOLS, STOPZilla, AVG). But there’s no doubt it’s a virus. It completely hijacks my computer (I’m running XP) and sets up a phony “network” to keep me from gaining full access to my own computer. It creates phony user accounts and logs on to immediately undo any effort on my part to eliminate the threat. The best I have managed is to shut down all but the very essential Windows services, and the virus is unable to do much, but so am I. I can’t access the Web, for instance. I guess it’s hopeless. I’ll have to buy a new motherboard. I am wondering about a few things, however:

1) Is there a chance the virus also resides in my graphics card? I have a GeForce 7950GT. Does it have its own EEPROM chip? I don’t want to plug it in to a new motherboard and get infected all over again.

2) What about DVD-ROM drives? Could they also have the firmware virus?

3) If I buy a new motherboard and connect it to my infected hard drive for purposes of wiping and reformatting it, is there a chance the hard drive will infect the new motherboard? How can I prevent this from happening?

Any advice is much appreciated.

HOW ABOUT SOME MORE SPECIFICS

In reply to Another tale of BIOS woe

The whole clearing CMOS thing (Which should be a jumper to accomplish) is overstated. CMOS clear is an electrical issue and can be done with the jumper or the battery pull (and power cord disconnect).

What accounts does it create?

The default XP load causes a user
account to be created and auto logged
into after the subsequent boot.

What network does it set up (IP ADRESSES PLEASE)?

By default WinXP will try to acquire
an IP ADX, if no DHCP server is found
it assigns an ip of 169.xxx.xxx.xxx
(the xxx varies).

If you do not connect to the internet it will be slow and weird as it is trying to phone home and get updates.

As for your questions:

1. I guess its possible but NOT PROBABLE.
2. See #1
3. I would get a Linux boot cd and use the fdisk and format utilities in that to wipe out the HDD. dban as mentioned before would be a good wipe option as well.

[Author]

Replies