Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BIOS virus and custom format from Windows 7.

07 Nov 2011   #21
stefsj

Windows Vista 32bit - updating to Windows 7 32bit
 
 

Yeah, I realize it is not a pretty picture. I will read and wipe out. I am still wondering for the external drive however - it is 'potentially' infected, but when I run an anti-virus from a new clean computer, should it catch any of these bugs? Sound like it should.


My System SpecsSystem Spec
.
07 Nov 2011   #22
rubyrubyroo

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade
 
 

yes, possibly some, but this is the latest and greatest rootkit (i believe the 1st to crack win7 x64's three exceptionally solid safeguards. it is the work of a true genius team, just a very very dark team!

remember you will never know your free of the bug ever ever
My System SpecsSystem Spec
09 Nov 2011   #23
stefsj

Windows Vista 32bit - updating to Windows 7 32bit
 
 

Well,
I think I am on course to re-write the MBR through the Windows CD Recover portion and then do a clean install. I think I will let Windows 7 format instead of me doing zero-fill format.
Since most likely this rootkit has made it to my USB's, which I keep testing from other computers and show are not infected, is it possible for a mac with bootcamp to be infected (the windows portion)? I ran avast pre-boot on the mac and the system machine but it didn't catch anything worthwhile. Is that rooktit really hiding that well?
My System SpecsSystem Spec
.

09 Nov 2011   #24
gregrocker

 

You don't need to rewrite the MBR if you're going to reinstall. Just follow these steps: Clean Install Windows 7
My System SpecsSystem Spec
12 Nov 2011   #25
stefsj

Windows Vista 32bit - updating to Windows 7 32bit
 
 

Well, I booted from the Win 7 CD and used the cmd to 'clean all'. Let's hope it is all gone now. Any recommendations of what to do with the external hard drive that has all of my data? I think I will extensively test it with AVG, MSE and try to run malware bytes and tdsskiller on it. Any other suggestions?
My System SpecsSystem Spec
12 Nov 2011   #26
gregrocker

 

That sounds like a good regimen to test the quarantined files on external, but I don't know if you can ever be certain they are safe again. It is a calculated risk to use them, less risk the more you disinfect.
My System SpecsSystem Spec
12 Nov 2011   #27
carwiz

Windows 7 Pro-x64
 
 

It will be in the MBR if the virus uses the EFI/UEFI features. Or at least it's ID. Those types of BIOS viruses use the EFI feature,as if it were factory, to load shell extensions from a special partition. That's how most all the graphical BIOS update utilities work too. A drive that has that special partition would need to be wiped clean including the MBR. One of the secure erase programs should be used because the special partition is not visible to Windows. It can't be formated or deleted.

And, I would not use the ".exe" version of a BIOS flash--These will read portions of the BIOS first and save areas of the EPROM that could be infected. Use a USB BIOS Recovery drive (if your motherboard allows) or a CD to flash the BIOS. These should over-write the EPROM with a fresh copy. Both of which should be downloaded and created on a "clean" PC. A CMOS memory reset should be done too. This clears all hardware configurations and forces the new BIOS to re-evaluate the machine hardware.

These are NOT the typical viruses so you'll have to "Re-build" your machine from scratch. Use precautions such as checking the BIOS download file size and use the verify option when burning a CD. The BIOS flash MUST NOT be interrupted. Stay away for the mouse and keyboard. If you don't have a Uninteruptable Power Supply, buy or borrow one for the BIOS flash. Everyone with a PC should have one. A UPS is cheap now days--Cheaper than a motherboard or PSU. Consider it a necessary piece of PC hardware like any DVD or Disk drive.
My System SpecsSystem Spec
12 Nov 2011   #28
gregrocker

 

Carwiz, I had a tech in Office Depot make an offhand comment to me the other day that BIOS viruses cannot usually be reflashed. As I know nothing about them, can you comment on this? (And No, I don't consider such comments any more than trivia).

I also have not had the time to read back through the thread to see where it's confirmed he has the BIOS virus. How is this actually seen, or is it just suspected because of it's presence?
My System SpecsSystem Spec
12 Nov 2011   #29
carwiz

Windows 7 Pro-x64
 
 

Unless it's damaged, the BIOS should flash. A quick check is to see if the BIOS will allow the USB boot option. Or that you can get to the BIOS at all. The jumper setting for "Config" (on most motherboards) should be used. That's why it's better to use USB or CD. These contain a loader that the BIOS runs, if recognized. It's the first op after POST.

I've only seen a couple of viruses that may have been a BIOS virus but apparently, they're becoming more prevalent and sophisticated. Most are pretty basic--You get pop-ups that you have a virus and get linked to a "removal site" via IE. From there, the site may trick you into loading "fixes" but are really just more viruses. A virus scan won't show anything because the "code" is in the BIOS extended service area and in the special partition.

The more sophisticated viruses will turn your PC into a server or just sit back and "listen" to everything you do. More often than not, these are caught by accident. But, they all require initial loading. This is why it's important to keep your AV up to date, keep IE security settings tight and don't allow Flash to run for ALL sites. Pick and choose who you let add things to your PC.

Adobe Flash Player is(was) the biggest open hole to Windows. Flash allows programmers to load over 1KB of data to your PC. This data can be anything from cookie type info to coded instructions. (Executable coded instructions). You can do a lot with 1KB. And this is on top of what you "allow" Flash sites to use. The 1KB records are not an option and are hidden. This is probably why MS is pushing HTML5 and why Apple won't support it at all.

By the way, I allow only one site in all of the Internet to use Flash Player. That's Youtube.
My System SpecsSystem Spec
12 Nov 2011   #30
carwiz

Windows 7 Pro-x64
 
 

Also, that's why the MBR must be cleared. The BIOS looks there for it's OS loaders. The BIOS virus will have an ID in the MBR and will get loaded from the special partition for every start. Wipe the disk, flash the BIOS and start like you're building a new system. Because that's what has to occur.
My System SpecsSystem Spec
Reply

 BIOS virus and custom format from Windows 7.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Changing the BIOS format
I have an Asus board with EUFI and cannot boot a Linux OS form a stick for trying out the VMware with Mint MATE. Now it has been suggested that maybe the EUFI boot set up is not allowing the machine to boot from the stick the ISO is on and to change the BIOS to legacy. Now I have seen a few...
General Discussion
Bios update after format
Hi, do i need to update the BIOS everytime i format the hd and reinstall windows?
Drivers
Want to zero format HD, reinstall windows 7 to ensure virus is gone
I have been trying to rid my wife's laptop of a Trojan rootkit called Trojan:DOS/Alureon.e. This thing just won't go away no matter what I have tried. It keeps popping up and getting captured by my virus software (Windows Security Essentials) but that software can't remove it. I've tried a bunch...
Backup and Restore
Windows 7 Ult 64 Custom build: bios and windows install questions
Hey everyone, I'm sorry if I post this in the wrong forum, but I have a few questions about setting up the bios and installing windows. This is the computer that I am building for video production: Asus P6T Deluxe V2 Corsair Core i7 XMS3 12GB 5 Samsung 1 TB Spinpoint 7200 RPM Antec Nine...
General Discussion
Custom Bios Splash Screens!
Hey everyone I want to know who is using custom Splash screens and if you can post some.. I have an intel board and getting very sick of the oem screen. Please post screens people!!!!! Thank you, ot post links to other threads with splash screens.......Thanks!!!!
Customization
OEM Custom Bios
EDIT: I have successfully unlocked this bios. It can be found over at Biosmods.com
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:51.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App