Question
-
CreatorTopic
-
November 27, 2022 at 3:06 pm #4010137
How do I detect if my Legacy System is infected with a BIOS or Boot virus?
by Ciao07 · about 2 years ago
Antiviruses cannot access when the BIOS or boot part of Legacy systems is infected with a virus, so how can I detect the viruses infected here, I am not entirely sure because the virus was infected without my knowledge, but I want to be sure. How can i be sure?
-
CreatorTopic
All Answers
-
AuthorReplies
-
-
November 27, 2022 at 3:35 pm #4010141
Re:virus
by kees_b · about 2 years ago
In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?
Since you posted in the Web Development forum, let me ask if your possibly infected webserver is running Windows (with IIS) or Linux (with Apache)?
And, although in that context not very relevant, what do you mean with a “Legacy system”?
-
November 27, 2022 at 4:14 pm #4010143
Re: kees_b
by Ciao07 · about 2 years ago
In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?
I am using windows 10 not activated
I’m talking about “Legacy”, a type of BIOS that predates UEFI
-
November 27, 2022 at 4:23 pm #4010146
So you know there’s a virus.
by rproffitt · about 2 years ago
In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?
You need to share its name and what you used to detect it.
Also, it has to be said that we see a lot of machines with say a bad HDD that the owner brings it in “because it has a virus.” I’ve lost count of bad hardware that has the owners say “it has a virus.”
-
November 27, 2022 at 4:40 pm #4010151
Not certain
by Ciao07 · about 2 years ago
In reply to So you know there’s a virus.
Not sure but I’m wondering how can I be sure there is no BIOS virus or boot virus on Legacy system
-
November 28, 2022 at 5:23 am #4010185
Given the model
by rproffitt · about 2 years ago
In reply to Not certain
It’s highly unlikely there’s a BIOS virus.
You have made some claims there is such but haven’t shared what the signs of infection are or the virus name. As such I fear you are like many that bring in a “virus infected my laptop” client. We rarely find a virus but do find failing hardware or a damaged Windows install. Sometimes those unactivated Windows were from a pirate site so we get to start over.
Let’s hear more from you.
-
-
-
November 27, 2022 at 5:09 pm #4010153
Reply To: How do I detect if my Legacy System is infected with a BIOS or Boot virus?
by birdmantd · about 2 years ago
In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?
It’s hard to offer advice since you haven’t provided the community with enough information. We need more information about your system and what has been done already to troubleshoot. Windows or Mac computer? What version of OS? Homebuilt or off the shelf? Make/model? How old?
-
November 27, 2022 at 5:23 pm #4010154
Re: birdmantd
by Ciao07 · about 2 years ago
In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?
Windows 10, license not activated
I am using Acer Nitro 5 AN515-43
The laptop is ready
I scanned with ESET but I know ESET cannot access UEFI
-
November 27, 2022 at 7:14 pm #4010160
Reply To: How do I detect if my Legacy System is infected with a BIOS or Boot virus?
by Wizard57M-TR · about 2 years ago
In reply to Re: birdmantd
not sure why?, but be that as it may. It is highly doubtful that any type of BIOS virus would be on the machine, you could have picked up a rootkit though. So, search online using whatever search engine you prefer (Bing, DuckDuckGo, Google, etc.) for rootkit revealer/remover. You could also head to the Acer website and download any updates for your UEFI or BIOS, depending on which your laptop is using, as it seems it is a relatively newer laptop it probably is UEFI. NOTE…why are you using an unactivated license for Windows? If it is a “pirated copy”, ALL BETS ARE OFF! You have reaped the just rewards in my not so humble opinion!
- This reply was modified 2 years ago by Wizard57M-TR.
- This reply was modified 2 years ago by Wizard57M-TR.
-
-
November 27, 2022 at 8:13 pm #4010167
Re: Wizard57M-TR
by Ciao07 · about 2 years ago
In reply to How do I detect if my Legacy System is infected with a BIOS or Boot virus?
No, I am not using an illegal activation method.
Ok but I know it can go back to LEGACY from the fog
I know that there is a possibility that it will not be deleted with a BIOS update.
-
November 27, 2022 at 8:36 pm #4010172
If a BIOS or UEFI update cannot rid a “virus”
by Wizard57M-TR · about 2 years ago
In reply to Re: Wizard57M-TR
then you are out of luck! Keep in mind, a BIOS or UEFI (UEFI is a newer replacement for BIOS) is “burned” to ROM, Read Only Memory. When this is “flashed” in the case of a BIOS or UEFI update, the updated firmware replaces ALL the currently stored instructions. Only things a user has changed in the settings are preserved, any executable code is replaced, then user preferences are re-instated, if applicable.
-
November 27, 2022 at 9:11 pm #4010174
Re: Wizard57M-TR
by Ciao07 · about 2 years ago
In reply to If a BIOS or UEFI update cannot rid a “virus”
I’ve heard that complex viruses can “boot” during the update and survive the update.
So I can’t be absolutely sure that my Legacy system is clean except for a BIOS update?
-
November 27, 2022 at 9:23 pm #4010176
Maybe not 100 percent,
by Wizard57M-TR · about 2 years ago
In reply to Re: Wizard57M-TR
but since the reports of BIOS or UEFI rootkits seem to indicate they are extremely rare, and from most reports I’ve read a reflash will eliminate any infection…to get this type of infection would require someone to have actual physical control of the computer, along with modified flashing code. Unless you as the user installed an untrusted BIOS or UEFI update from a malicious site, going to the OEMs website and downloading the latest update yourself is the safest and most sure way to proceed.
-
November 28, 2022 at 9:14 am #4010202
Re: Wizard57M-TR
by Ciao07 · about 2 years ago
In reply to Maybe not 100 percent,
Ok, let’s say the BIOS virus is deleted. How do I delete the boot virus?
-
November 28, 2022 at 9:47 am #4010207
Run a rootkit detector
by Wizard57M-TR · about 2 years ago
In reply to Re: Wizard57M-TR
Doing a search for a rootkit detector, as mentioned above, will guide you to tools to eliminate them. These tools are capable of detecting and removing boot sector virus/malware. Some may require you to create a bootable USB thumb drive or CD drive, which when you boot your PC with will scan your computer. The other, probably last option, is to completely reinstall the operating system using install media you create.
-
November 28, 2022 at 1:15 pm #4010233
Re: Wizard57M-TR
by Ciao07 · about 2 years ago
In reply to Run a rootkit detector
If kaspersky, malwarebytes, and ESET detect rootkits, you scanned with ESET, not with flash, but with normal system booted.
-
November 29, 2022 at 12:58 am #4010423
You are making this a LOT more difficult than it is
by Wizard57M-TR · about 2 years ago
In reply to Re: Wizard57M-TR
You started the thread asking about a legacy system being infected with BIOS or boot virus. I have already given an example of what to do. I’ll repeat…it is VERY VERY unlikely that you have any type of BIOS or UEFI “virus” unless you PURPOSELY downloaded a hacked or cracked update from some nefarious site. As a matter of fact…forget all about a BIOS or UEFI virus, they are so rare that they are almost non-existent!
OK, got that out of the way…now, to find a rootkit you need a rootkit scanner. There once was a free one named “Rootkit Revealer”, I do not know if it has been updated for Windows 10, as the one I remember was for Windows XP. Anyhow, just do a search using whatever you want, Bing, Google, DuckDuckGo, for rootkit revelaer, download it and let it scan. It may take a long while because it goes WAY DEEP into the lowest layers of what is running in memory, so it is slow. You run these type of scans from Windows. Otherwise, download some utility from any of the antivirus companies to create a bootable CD or USB thumb drive, follow the instructions provided by the manufacturer to boot from this media and scan your computer.
If you don’t trust these, then the last option is to reinstall Windows with the installation media…reformat your storage drive (HDD or SSD) and let Windows remove any thing in the boot sector. You WILL lose any data, so backup first, copy to OneDrive, etc. -
November 29, 2022 at 9:29 am #4010480
Why am I making it difficult?
by Ciao07 · about 2 years ago
In reply to You are making this a LOT more difficult than it is
Something like that might have already happened. Because there was a time when the computer was not under my control, that is, there was a time when I was not even at the computer, so if it was infected, then it was already infected.
As far as I know it can access mbr and gpt in ESET but I’m not sure. Can it access?
-
-
-
-
AuthorReplies