Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: All your AV software is now Obsolete !!!

31 Mar 2009   #1

W7 X-64 W8.1 X-64 Opensuse 13.1 W2003 Server
All your AV software is now Obsolete !!!

Hi everybody

The latest set of rootkit viruses can now theoretically mess up your BIOS making it virtually impossible to disinfect your computer by traditional means.

These don't work "normally" (as in "normal virus code") so current AV software is powerless to detect this stuff.

So at least apply a BIOS password or a BIOS LOCK to your machine.

New BIOS Virus Withstands HDD Wipes - Tom's Hardware

My System SpecsSystem Spec

31 Mar 2009   #2

Windows 7 Ultimate x64 SP1

Hi jimbo,

Please pick the appropriate Forum to post your threads in. Thank you.

Moved to Security Forum.
My System SpecsSystem Spec
31 Mar 2009   #3

Windows 7 7068 x86

Viruses are getting ridiculous now

Thanks for letting us know, but as I always say, the best protection is a good Scanner and a good Brain
My System SpecsSystem Spec

31 Mar 2009   #4

Windows 7 Ultimate x64.

Right that is me sh+++ing myself. How do you lock bios or whatever. I wouldn't know how to flash bios but when I have posted this I am going to learn it. How do you password protect bios?

I know these security experts lay it on a bit hard but I would still like to know.
My System SpecsSystem Spec
31 Mar 2009   #5

7068 64 bit + XP Pro

I would be more concerned about being abducted by Aliens.
My System SpecsSystem Spec
31 Mar 2009   #6


I'm suspisious of anything involving April fools day on the other hand i'm gonna be the most safety contious i've been in a long long long time. I've now gone and PW protected my BIOS
My System SpecsSystem Spec
31 Mar 2009   #7

Windows 7 Professional (64-bit)
Computer Viruses are nasty things. But the nasty just got nastier.

Week old news this thread should be locked after this In many worst case scenarios, a hard drive wipe is the final solution to ridding a system of an infection. But the absolute worst case scenario is if a virus attacks the BIOS, making detection and cleaning an incredible challenge.

Viruses that target the BIOS aren’t new, but often they are specific to a type of hardware. Researchers have now demonstrated a new type of attack that could install a rootkit on the BIOS of common systems, making it very lethal and effective.

Anibal L. Sacco and Alfredo A. Ortego of Core Security Technologies released a presentation detailing the exploit of this “persistent BIOS infection.”
 Through the use of a 100-line piece of code written in Python, a rootkit could be flashed into the BIOS and be run completely independent of the operating system.

"We tested the system on the most common types of Bios," said Ortega in a vunet story. "There is the possibility that newer types of Extensible Firmware Interface Bios may be resistant to the attack, but more testing is needed."

Flashing a system’s BIOS requires administrative control, but that could first be obtained through a more ‘innocent’ virus that could reside on the hard disk drive. Once an attacker has admin rights, the rootkit could be flashed onto the BIOS and would remain effective even if the original virus on the hard disk were removed. Even a complete format wouldn’t rid the system of the virus.

"You would need to reflash the Bios with a system that you know has not been tampered with," he said. "But if the rootkit is sophisticated enough it may be necessary to physically remove and replace the Bios chip."

There is defense against such an attack, however, as the researchers say that a password or physical lock against BIOS flashes could block the install of the rootkit.

"The best approach is preventing the virus from flashing onto the Bios," said Sacco. "You need to prevent flashing of the bios, even if it means pulling out jumper on motherboard."
My System SpecsSystem Spec
31 Mar 2009   #8

Win 7 x64 7137

Quote   Quote: Originally Posted by Morsolo View Post
Viruses are getting ridiculous now

Thanks for letting us know, but as I always say, the best protection is a good Scanner and a good Brain
or Linux
My System SpecsSystem Spec
31 Mar 2009   #9

Windows 7 Beta (and others, multiboot)

bah this is not new. Anyone remember CIH/chyrnobyl? old idea with a new twist is all. keep the box from getting infected in the first place instead of worrying about what to do when it is.
My System SpecsSystem Spec
31 Mar 2009   #10


Of course the idea is not new - neither is hacking or phreaking, neither is a virus with an April 1 time bomb deadline, neither is DDoS...

what makes this particularly nasty is that they have gotten sophisticated enough that they can actually *hide* from prying eyes of rootkit removal tools and traditional AV and AM software - and moreover, a BIOS PW is not necessarily going to protect you these days - I have performed a couple of BIOS upgrades where the settings were retained, including the PW. Setting a BIOS PW would help - if you go into your BIOS often enough and the PW gets compromised (as in removed). However, setting a System startup PW would be better - except, of course, for those that leave their machines on for months at a time, or performing only soft resets that do not activate the System PW.

The point is that malware is getting more and more sophisticated - as our hardware, software, everything else is as well. You have to be on your guard and start learning about prevention now or else you're more than likely going to end up being a victim to some sort of malware somewhere.
My System SpecsSystem Spec

 All your AV software is now Obsolete !!!

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:52 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33