General discussion

Locked

Absolutely flummoxed - BIOS virus?

By bfindlay ·
Wierdest behaviour I have ever heard of. I got infected with a trojan (virusblast) that tried to sell me software to 'clean up spypware and viruses'. (It WAS the viruse).

I flashed my BIOS to an updated version, then installed a new hard drive - formatted it, and installed WIndows. The install took far, far longer than it should - on the order of three hours or so. The computer is slow as molasses now taking 3 to 5 minutes to boot into windows, 30 seconds or so to open a window or any other tasks.

This is on a new, virgin windows install on a brand new formatted HD. Then a window pops ups saying that there are 55 errors in my registry (BRAND NEW SYSTEM!) and directs me to a third party site (registryupdate.com) to install a 'registry cleaner' that I am supposed to pay for.

This is the exact same behaviour as the machine had before I stuck the new HD in, and installed windows - except the scam is now pointing to 'registry update' instead of virus blast. Obviously the data for this did not come from corruption on a hard drive - there was no old hard drive in the system - and I deleted all partitions and re-formatted the hard drive upon installing it. The virus must live in the BIOS - but how can this be!? I am so confused, and at a loss on the correct move to bring my machine back to life.

Any help appreciated.

This conversation is currently closed to new comments.

55 total posts (Page 2 of 6)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

When you pulled the battery....

by Ibanezoo In reply to No luck...dang!

Did you also unplug the computer from the wall? And while it is unplugged, did you hit the power button to make sure the caps were drained?

Collapse -

May be somthing else entirely

by warren.sparks In reply to Reset BIOS to default

I have seen a few examples of this spamphony companys activity in the past and unless this is a realy new trojan there all based within windows and difficult to remove.
your clean install on a new HD Shold have cleared almost any chance of the trojan surviving. So thats ruled out. Which leaves Two possible Sources. 1 - The Bios -Clear Cmos trick should do this or 2.- Somthing on your network.

The usual method for trojan injection is through popups tricking the user (the weakest link) A firewall should prevent this.

You can also stop some of the popups by turning off the messenger service thus - http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx

Collapse -

I agree with warren ^^^

by alordofchaos In reply to May be somthing else enti ...

You reflashed your bios and put in a fresh drive... I'm assuming you used a factory CD to install Windows and not a backup CD you burned yourself.

When you reinstall Windows, make sure you are not connected to your network or to the Internet. After you get Windows reinstalled, make sure you are running a firewall before you reconnect to the Internet.

I'd check any other computers on your network, too.

Collapse -

or...

by Ibanezoo In reply to May be somthing else enti ...

Are there any USB/firewire external hard drives or thumb drives plugged in?

Collapse -

Battery Removal - Virus still lives?

by ifwootton In reply to Reset BIOS to default

My motherboard has a cmos_clear couple of pins.
When joined it sets the cmos back to defaults. Do you
think this would also rid the system of the virus?

Does the old FDisk from DOS days repartition the drives
without putting the virus back into the bios? I format
afterswards (3 drives) Cause my unknown boot,bios virus
keeps coming back. I think its because some *******
keeps just giving it to me. I take out battery for 25 mins
when documentation for ga-k8n-sli says about 10 mins is
enough. 1 min of shorting aparantly which I didnt try.

exact steps.

I make Dos Boot disk. get format.com and fdisk.exe from
net and put on disk (from another computer obviously) I
used net cafe. And on New disk. I put my motherboards
latet flash on the disk. I write protect the disk.

I take the battery out of motherboard for 25 mins when
manual says about 10mins is enough. I put battery back
in repower and my system hangs. I think I blew it up. but I
reopen and put battery in properly (one of terminals not
touching) reboot and computer works and I go straight
into the bios. Reset all my bios settings to what runs
optimally for my computer Save and Exit. Reenter bios
straight away enter flashing utility - flash the bios with
latest update (probably didnt need doing but I did
anyway). I reset and boot from my bootable floppy. It
comes up with a. I type fdisk /mbr to wipe Master Boot
Record. I then type fdisk.exe to runt he program. I delete
a partion, I create a partition, I move to the next drive and
repeat. I exit program and reboot, booting from floppy
drive again. it comes up with a. I format c:, then d:
then e: without changing from the a: to do it.
I reboot, boot from original vista 64 cd. insall, delete and
reformat all partitions to use NTFS format. finish
installation.

I think this should wipe any known virus on the planet if it
still leaves your bios semi intact.

have I done anything wrong, because the virus comes
back again?

Hope it helps any people with viruses out there.

regards Ivan Wootton

Collapse -

Hi Ivan

by bugdub In reply to Battery Removal - Virus s ...

Is it you originally from Abingdon?

Collapse -

bfindlay ...dang, here's some luck!

by dawgit In reply to Absolutely flummoxed - BI ...

Ok, here's some help for you, I have used a program called vcleaner from AVG (vcleaner.exe) form GriSoft ( http://www.grisoft.de/doc/112/lng/de/tpl/tpl01 ) ok, yes, that the German site, but I believe there is an English version site some-where under the GriSoft/AVG web system. The Wiki that was in the TR QA (below) will explain the what's and How's on this. You might try also the 'tool' from MicroSoft, "Tool for removeing bad stuff". (ok, not quite the correct name) I have heard from some people who claim they've had luck with that. (It is, after all from MS) And yes, That is a bad one.
(and Yes, one good reason I still use an AV)
see also from: (yup, our own TR)
( http://techrepublic.com.com/trcommunity/5208-11186-0.html?forumID=52&threadID=196708 ) and from that see: ( http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal )
>Re: on the AVG site After you get to that site, look up, top right hand corner, and just change the Land/Lang. -instructions are there also. (easy) -d

Collapse -

Another attempt

by rp.jones In reply to bfindlay ...dang, here' ...

Hi bfindley, what I did was to look at what programs system was running, when it was running nothing. There was one program whizzing away at 99%. Then I went into the registry and deleted its entry. I rebooted, and I was back to normal. My system, I suppose, still has the virus, but it's harmless now as it has no registry entry. A bit like a DOS virus, ha ha.

Good luck

Collapse -

Some ideas....

by NOW LEFT TR In reply to Absolutely flummoxed - BI ...

Did you 'Flash' before you started all the work - perhaps this caused the problem?

USB Drives or Memory Keys used over the two systems?

Printer with HD or some storable area has been infected?

BIOS - Remove the battery, terminating any TSR's??


Any 'rescued' files from the old installation been carried over?

Both drives still active withn the PC - but Windows on new one (old still there for access?)

Collapse -

Possibly boot sector virus?

by bfindlay In reply to Some ideas....

My local PC shop says it sounds like a BSV. However, how did my new drive get it? It was never exposed to the infected Boot sector on my primary drive. (It WAS exposed to my secondary drive briefly - it may have picked it up there, but if so how? There is no boot sector on that drive - it isn't bootable!)

Am running DBAN now (a 37 hour process!!), but confidence is pretty much zero at this point.

Back to Malware Forum
55 total posts (Page 2 of 6)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums