Question

  • Creator
    Topic
  • #4010137

    How do I detect if my Legacy System is infected with a BIOS or Boot virus?

    by Ciao07 ·

    Antiviruses cannot access when the BIOS or boot part of Legacy systems is infected with a virus, so how can I detect the viruses infected here, I am not entirely sure because the virus was infected without my knowledge, but I want to be sure. How can i be sure?

You are posting a reply to: How do I detect if my Legacy System is infected with a BIOS or Boot virus?

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #4010141
      Avatar photo

      Re:virus

      by kees_b ·

      In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?

      Since you posted in the Web Development forum, let me ask if your possibly infected webserver is running Windows (with IIS) or Linux (with Apache)?

      And, although in that context not very relevant, what do you mean with a “Legacy system”?

    • #4010143

      Re: kees_b

      by Ciao07 ·

      In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?

      I am using windows 10 not activated

      I’m talking about “Legacy”, a type of BIOS that predates UEFI

    • #4010146
      Avatar photo

      So you know there’s a virus.

      by rproffitt ·

      In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?

      You need to share its name and what you used to detect it.

      Also, it has to be said that we see a lot of machines with say a bad HDD that the owner brings it in “because it has a virus.” I’ve lost count of bad hardware that has the owners say “it has a virus.”

      • #4010151

        Not certain

        by Ciao07 ·

        In reply to So you know there’s a virus.

        Not sure but I’m wondering how can I be sure there is no BIOS virus or boot virus on Legacy system

        • #4010185
          Avatar photo

          Given the model

          by rproffitt ·

          In reply to Not certain

          It’s highly unlikely there’s a BIOS virus.

          You have made some claims there is such but haven’t shared what the signs of infection are or the virus name. As such I fear you are like many that bring in a “virus infected my laptop” client. We rarely find a virus but do find failing hardware or a damaged Windows install. Sometimes those unactivated Windows were from a pirate site so we get to start over.

          Let’s hear more from you.

    • #4010153
      Avatar photo

      Reply To: How do I detect if my Legacy System is infected with a BIOS or Boot virus?

      by birdmantd ·

      In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?

      It’s hard to offer advice since you haven’t provided the community with enough information. We need more information about your system and what has been done already to troubleshoot. Windows or Mac computer? What version of OS? Homebuilt or off the shelf? Make/model? How old?

    • #4010154

      Re: birdmantd

      by Ciao07 ·

      In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?

      Windows 10, license not activated

      I am using Acer Nitro 5 AN515-43

      The laptop is ready

      I scanned with ESET but I know ESET cannot access UEFI

      • #4010160
        Avatar photo

        Reply To: How do I detect if my Legacy System is infected with a BIOS or Boot virus?

        by Wizard57M-TR ·

        In reply to Re: birdmantd

        not sure why?, but be that as it may. It is highly doubtful that any type of BIOS virus would be on the machine, you could have picked up a rootkit though. So, search online using whatever search engine you prefer (Bing, DuckDuckGo, Google, etc.) for rootkit revealer/remover. You could also head to the Acer website and download any updates for your UEFI or BIOS, depending on which your laptop is using, as it seems it is a relatively newer laptop it probably is UEFI. NOTE…why are you using an unactivated license for Windows? If it is a “pirated copy”, ALL BETS ARE OFF! You have reaped the just rewards in my not so humble opinion!

    • #4010167

      Re: Wizard57M-TR

      by Ciao07 ·

      In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?

      No, I am not using an illegal activation method.

      Ok but I know it can go back to LEGACY from the fog

      I know that there is a possibility that it will not be deleted with a BIOS update.

      • #4010172
        Avatar photo

        If a BIOS or UEFI update cannot rid a “virus”

        by Wizard57M-TR ·

        In reply to Re: Wizard57M-TR

        then you are out of luck! Keep in mind, a BIOS or UEFI (UEFI is a newer replacement for BIOS) is “burned” to ROM, Read Only Memory. When this is “flashed” in the case of a BIOS or UEFI update, the updated firmware replaces ALL the currently stored instructions. Only things a user has changed in the settings are preserved, any executable code is replaced, then user preferences are re-instated, if applicable.

        • #4010174

          Re: Wizard57M-TR

          by Ciao07 ·

          In reply to If a BIOS or UEFI update cannot rid a “virus”

          I’ve heard that complex viruses can “boot” during the update and survive the update.

          So I can’t be absolutely sure that my Legacy system is clean except for a BIOS update?

        • #4010176
          Avatar photo

          Maybe not 100 percent,

          by Wizard57M-TR ·

          In reply to Re: Wizard57M-TR

          but since the reports of BIOS or UEFI rootkits seem to indicate they are extremely rare, and from most reports I’ve read a reflash will eliminate any infection…to get this type of infection would require someone to have actual physical control of the computer, along with modified flashing code. Unless you as the user installed an untrusted BIOS or UEFI update from a malicious site, going to the OEMs website and downloading the latest update yourself is the safest and most sure way to proceed.

        • #4010202

          Re: Wizard57M-TR

          by Ciao07 ·

          In reply to Maybe not 100 percent,

          Ok, let’s say the BIOS virus is deleted. How do I delete the boot virus?

        • #4010207
          Avatar photo

          Run a rootkit detector

          by Wizard57M-TR ·

          In reply to Re: Wizard57M-TR

          Doing a search for a rootkit detector, as mentioned above, will guide you to tools to eliminate them. These tools are capable of detecting and removing boot sector virus/malware. Some may require you to create a bootable USB thumb drive or CD drive, which when you boot your PC with will scan your computer. The other, probably last option, is to completely reinstall the operating system using install media you create.

        • #4010233

          Re: Wizard57M-TR

          by Ciao07 ·

          In reply to Run a rootkit detector

          If kaspersky, malwarebytes, and ESET detect rootkits, you scanned with ESET, not with flash, but with normal system booted.

        • #4010423
          Avatar photo

          You are making this a LOT more difficult than it is

          by Wizard57M-TR ·

          In reply to Re: Wizard57M-TR

          You started the thread asking about a legacy system being infected with BIOS or boot virus. I have already given an example of what to do. I’ll repeat…it is VERY VERY unlikely that you have any type of BIOS or UEFI “virus” unless you PURPOSELY downloaded a hacked or cracked update from some nefarious site. As a matter of fact…forget all about a BIOS or UEFI virus, they are so rare that they are almost non-existent!
          OK, got that out of the way…now, to find a rootkit you need a rootkit scanner. There once was a free one named “Rootkit Revealer”, I do not know if it has been updated for Windows 10, as the one I remember was for Windows XP. Anyhow, just do a search using whatever you want, Bing, Google, DuckDuckGo, for rootkit revelaer, download it and let it scan. It may take a long while because it goes WAY DEEP into the lowest layers of what is running in memory, so it is slow. You run these type of scans from Windows. Otherwise, download some utility from any of the antivirus companies to create a bootable CD or USB thumb drive, follow the instructions provided by the manufacturer to boot from this media and scan your computer.
          If you don’t trust these, then the last option is to reinstall Windows with the installation media…reformat your storage drive (HDD or SSD) and let Windows remove any thing in the boot sector. You WILL lose any data, so backup first, copy to OneDrive, etc.

        • #4010480

          Why am I making it difficult?

          by Ciao07 ·

          In reply to You are making this a LOT more difficult than it is

          Something like that might have already happened. Because there was a time when the computer was not under my control, that is, there was a time when I was not even at the computer, so if it was infected, then it was already infected.

          As far as I know it can access mbr and gpt in ESET but I’m not sure. Can it access?

Viewing 5 reply threads