General discussion

Locked

Absolutely flummoxed - BIOS virus?

By bfindlay ·
Wierdest behaviour I have ever heard of. I got infected with a trojan (virusblast) that tried to sell me software to 'clean up spypware and viruses'. (It WAS the viruse).

I flashed my BIOS to an updated version, then installed a new hard drive - formatted it, and installed WIndows. The install took far, far longer than it should - on the order of three hours or so. The computer is slow as molasses now taking 3 to 5 minutes to boot into windows, 30 seconds or so to open a window or any other tasks.

This is on a new, virgin windows install on a brand new formatted HD. Then a window pops ups saying that there are 55 errors in my registry (BRAND NEW SYSTEM!) and directs me to a third party site (registryupdate.com) to install a 'registry cleaner' that I am supposed to pay for.

This is the exact same behaviour as the machine had before I stuck the new HD in, and installed windows - except the scam is now pointing to 'registry update' instead of virus blast. Obviously the data for this did not come from corruption on a hard drive - there was no old hard drive in the system - and I deleted all partitions and re-formatted the hard drive upon installing it. The virus must live in the BIOS - but how can this be!? I am so confused, and at a loss on the correct move to bring my machine back to life.

Any help appreciated.

This conversation is currently closed to new comments.

55 total posts (Page 5 of 6)   Prev   03 | 04 | 05 | 06   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

I think it was a boot sector - killed it. puter still won't work

by bfindlay In reply to I dont think

Got rid of the BSV by fdisk /mbr (PS - can this be done to a drive
without destroying the data on it?)

Now the computer is slow slow slow as molasses. I cannot
understand it. I have re-installed windows 5 times in the past
few days, and it still takes 5 minutes to boot, 1 minute to open a
window, or browser, and 3 full minutes to shut down!

Renders the machine non - functional for me. (It is my gaming
rig)

I am giving up on doing it myself - taking it in to the shop
tomorrow. Wish me luck.

Collapse -

Trojan removal

by pp1 In reply to Absolutely flummoxed - BI ...

In some cases the trojan can hide in the memory
of the motherboard and on reboot it reinstalls itself in windows.To insure total removal
1,unplug the computer from the power and let it
sit for a couple of hours or remove your memory
chip from the motherboard and wait at least 20
minutes before reinstalling.
2,clear the cmos,refer to your motherboard manual
to find out how to do this.
3,plug the power back in.
4,use a boot disk or harddrive manufacturers
disk to reformat your hardrive.reformat three
times because information from your previous format is still retained in the boot sector of
your harddrive.
5,reload windows,do not go online until you have
installed an antivirus program
I personally install two antivirus programs for
my clients,AVG and Antivir work well together,
I also install only the Zonealarm Firewall(not
the whole security suite as it will slow your
computer)
I also install Spybot S&amp spyware protection
program and then Spyblaster which works well
with Spybot
6,immediately on going online do not open your
browser!!,go to windows update and install all
windows updates.the hole that the trojan uses
to get into windows can be fixed by installing
the windows updates.once this is done your
computer will reboot.
7,go online and update your antivirus programs
and spyware programs and then zonealarm firewall.
8,after rebooting DEFRAGMENT your computer and
reboot.Defragment regularly.
9,Open the Control Program/Internet Options
and go to Advanced,scroll down and tick the
Empty Temporary Internet Folder when browser
is closed box.Most trojans hide in the temporary
internet folder and activate when windows is
rebooted,by checking this box it clears the folder
and helps keep your computer secure(at least more
secure than if you don`t check the box)
Cheers and have fun with Windows.

Collapse -

Some Have Touched on It

by hforman9 In reply to Absolutely flummoxed - BI ...

The one common thing I keep coming back to here is: MEDIA. You keep flashing the BIOS, Installing Windows. Are you sure that you are using a "real" windows CD? or is it a "copy" possibly with a virus burned on it? Are you using floppies? I bought a whole box of them brand new and they were all infected (stick to MAJOR brands).

Here is what I'd do. Find a friend. A very GOOD friend. One who has the latest a/v and spy-stop software loaded and current. Ask if he can check your media. Bring floppies. The OS install CD. Jump drive? Anything you used or might use. Scan..scan...scan....

If everything is OK, or you go out and buy the right stuff, wipe the bios following everyone's suggestions. How are you downloading the bios flash to your media? Are you sure that the PC you are doing that on is not infected with something? Maybe get that friend to download it for you and remember to write-protect it after!

Flash the bios. Have your friend load fdisk on a clean floppy. Maybe a disk scrubber too.

Clean that hard disk!

Now, making sure you are not using infected install media, go ahead and install your OS. Immediately, install a good Virus Scanner software. Do that using clean media as well. Do NOT connect to your home network unless you do this OR shut down all other computers on the network.

Basically, anything that can be written on or that could have been written on is suspect. Check ALL media!

Hope this helps.

Collapse -

Ridding Hard drive of viruses once and for all !

by mrinternet In reply to Absolutely flummoxed - BI ...

Unfortunately you need to do a low-level format.
You normally can download the utility from hard drive manufacturer's website. You think a format takes a long time ... if your hard drive is large, a low level format could take up to 24 hours !
Otherwise watch the weekend sales or price compare on the internet only after reading user ratings etc.

Good luck !

Did I mention saving files off your hard drive beforehand and making a list of programs to re-install !!

Collapse -

HDD Interleaving

by HardwareEng In reply to Absolutely flummoxed - BI ...

bfindlay,
You've received a lot of good suggestions from your cyberspace friends. Here's another possibility for your slow running PC.

Normally, today's hard drives are low level formatted with an interleave factor of 1:1, meaning that each physical sector follows the previous one. In past times when slow computers could not keep up with the HDD, better performance resulted by interleaving the drive at a 1:2 or 1:4 ratio so that the data was stored every other physical sector. Thus, the slight delay in HDD transfer rate allowed the computer electronics to keep up and overall drive transfer rate performance increased.

Is it possible that somehow, unknowingly, you may have formatted the HDD with a non-optimal interleave factor?

Just a thought. Good luck.

Collapse -

bios virus create

by safaei_mh In reply to Absolutely flummoxed - BI ...

hi
i want create a bios virus
can i help you?
i do not start, beacuse i have not knowelage in bios commponent

tank you for help

Collapse -

What in the fly'n flippers?????

by dawgit In reply to bios virus create

No, No, & No.
What happened to TR?
HELP.!.
This can't be happening.... some-one Please tell me that I'm seeing this in my sleep. -d

Collapse -

Same Problem

by brandoncurley In reply to Absolutely flummoxed - BI ...

Just so you know, you're not alone, and it's not all in your head.

I'm having the exact same problem. The problem first appeared around October 1st. I just did a fresh install, and now I'm infected again. Here's what I tried:

Clear CMOS with jumper, wait 1/2 hour.
Boot from Windows 98 startup disk (original disk, write protected).
Run fdisk, delete HD partitions.
Reboot to Windows 98 startup disk.
Run fdisk /mbr to delete master boot record.
Turn off computer.
Clear CMOS with jumper, wait 1/2 hour.
Boot up with Windows 98 startup disk, Format HD, install Windows 98 with original factory CD.
Reboot with Windows XP CD (original factory CD) and install.
Install Norton Antivirus (original factory CD).
Run system virus check. (no viruses detected)
Setup internet connection, turn on firewall.
Connect to internet and update Norton Antivirus.
Run system virus check. (no viruses detected)
Update Windows.

The computer seems to be running normally up till now. But while updating Windows, the computer reboots for no reason. Consequently it reboots with increasing frequency. Various bad things happen during reboot, such as disk errors or freezing. Sometimes, the computer doesn't reboot, but just stops working correctly, i.e. the monitor goes blank or the mouse stops working. Sometimes it takes 2 or 3 cold reboots to get it to boot up again. I've finally gotten all the Windows updates installed and the computer is running, but extremely slow. Norton Antivirus doesn't detect anything wrong, but I'm sure my computer is infected. Internet Explorer is especially slow.

I haven't tried flashing the BIOS yet, but I'll try that next.

There are only two possible explanations I can think of.

1.) A virus residing in the BIOS.

2.) A virus that gains access via the internet while updating Windows, bypassing the firewall. I'm wondering if the virus utilizes one of the security holes that Microsoft just recently released updates for.

I'm betting it's the second case. Tonight, I'm going to try another fresh install, following the same process outlined above, with the following additions:

1.) After fdisk /MBR, flash the BIOS using a floppy made at work and write protected.

2.) Before ever connecting to the internet, install Windows updates (security updates and SP2) from CD's. I'm going to download the updates from Microsoft's website at work and burn them to CD's.

I'll let you know how it turns out.


miiser

Collapse -

hi

by mchlor In reply to Same Problem

brandon, you are not the only one.

Collapse -

NAV might be the problem

by alordofchaos In reply to Same Problem

First, try disconnecting your internet connection, then uninstalling Norton Antivirus (NAV). See if your PC begins working normally again.
Alternatively, I'd try the steps you outlined, but omit installing Norton Antivirus. Try one of the free ones (Grisoft AVG, etc.) first.
If your PC is fine for a while, then uninstall the free antivirus and reinstall NAV. If your PC begins exhibiting the same symptoms, uninstall NAV and reinstall the other antivirus.
My father-in-law's PC became so slow, the cursor wouldn't move (or trying to move it caused a crash). Uninstalling NAV cured it.

Back to Malware Forum
55 total posts (Page 5 of 6)   Prev   03 | 04 | 05 | 06   Next

Related Discussions

Related Forums