Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: BIOS virus and custom format from Windows 7.

07 Nov 2011   #21

Windows Vista 32bit - updating to Windows 7 32bit

Yeah, I realize it is not a pretty picture. I will read and wipe out. I am still wondering for the external drive however - it is 'potentially' infected, but when I run an anti-virus from a new clean computer, should it catch any of these bugs? Sound like it should.

My System SpecsSystem Spec
07 Nov 2011   #22

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade

yes, possibly some, but this is the latest and greatest rootkit (i believe the 1st to crack win7 x64's three exceptionally solid safeguards. it is the work of a true genius team, just a very very dark team!

remember you will never know your free of the bug ever ever
My System SpecsSystem Spec
09 Nov 2011   #23

Windows Vista 32bit - updating to Windows 7 32bit

I think I am on course to re-write the MBR through the Windows CD Recover portion and then do a clean install. I think I will let Windows 7 format instead of me doing zero-fill format.
Since most likely this rootkit has made it to my USB's, which I keep testing from other computers and show are not infected, is it possible for a mac with bootcamp to be infected (the windows portion)? I ran avast pre-boot on the mac and the system machine but it didn't catch anything worthwhile. Is that rooktit really hiding that well?
My System SpecsSystem Spec

09 Nov 2011   #24


You don't need to rewrite the MBR if you're going to reinstall. Just follow these steps: Clean Install Windows 7
My System SpecsSystem Spec
12 Nov 2011   #25

Windows Vista 32bit - updating to Windows 7 32bit

Well, I booted from the Win 7 CD and used the cmd to 'clean all'. Let's hope it is all gone now. Any recommendations of what to do with the external hard drive that has all of my data? I think I will extensively test it with AVG, MSE and try to run malware bytes and tdsskiller on it. Any other suggestions?
My System SpecsSystem Spec
12 Nov 2011   #26


That sounds like a good regimen to test the quarantined files on external, but I don't know if you can ever be certain they are safe again. It is a calculated risk to use them, less risk the more you disinfect.
My System SpecsSystem Spec
12 Nov 2011   #27

Windows 7 Pro-x64

It will be in the MBR if the virus uses the EFI/UEFI features. Or at least it's ID. Those types of BIOS viruses use the EFI feature,as if it were factory, to load shell extensions from a special partition. That's how most all the graphical BIOS update utilities work too. A drive that has that special partition would need to be wiped clean including the MBR. One of the secure erase programs should be used because the special partition is not visible to Windows. It can't be formated or deleted.

And, I would not use the ".exe" version of a BIOS flash--These will read portions of the BIOS first and save areas of the EPROM that could be infected. Use a USB BIOS Recovery drive (if your motherboard allows) or a CD to flash the BIOS. These should over-write the EPROM with a fresh copy. Both of which should be downloaded and created on a "clean" PC. A CMOS memory reset should be done too. This clears all hardware configurations and forces the new BIOS to re-evaluate the machine hardware.

These are NOT the typical viruses so you'll have to "Re-build" your machine from scratch. Use precautions such as checking the BIOS download file size and use the verify option when burning a CD. The BIOS flash MUST NOT be interrupted. Stay away for the mouse and keyboard. If you don't have a Uninteruptable Power Supply, buy or borrow one for the BIOS flash. Everyone with a PC should have one. A UPS is cheap now days--Cheaper than a motherboard or PSU. Consider it a necessary piece of PC hardware like any DVD or Disk drive.
My System SpecsSystem Spec
12 Nov 2011   #28


Carwiz, I had a tech in Office Depot make an offhand comment to me the other day that BIOS viruses cannot usually be reflashed. As I know nothing about them, can you comment on this? (And No, I don't consider such comments any more than trivia).

I also have not had the time to read back through the thread to see where it's confirmed he has the BIOS virus. How is this actually seen, or is it just suspected because of it's presence?
My System SpecsSystem Spec
12 Nov 2011   #29

Windows 7 Pro-x64

Unless it's damaged, the BIOS should flash. A quick check is to see if the BIOS will allow the USB boot option. Or that you can get to the BIOS at all. The jumper setting for "Config" (on most motherboards) should be used. That's why it's better to use USB or CD. These contain a loader that the BIOS runs, if recognized. It's the first op after POST.

I've only seen a couple of viruses that may have been a BIOS virus but apparently, they're becoming more prevalent and sophisticated. Most are pretty basic--You get pop-ups that you have a virus and get linked to a "removal site" via IE. From there, the site may trick you into loading "fixes" but are really just more viruses. A virus scan won't show anything because the "code" is in the BIOS extended service area and in the special partition.

The more sophisticated viruses will turn your PC into a server or just sit back and "listen" to everything you do. More often than not, these are caught by accident. But, they all require initial loading. This is why it's important to keep your AV up to date, keep IE security settings tight and don't allow Flash to run for ALL sites. Pick and choose who you let add things to your PC.

Adobe Flash Player is(was) the biggest open hole to Windows. Flash allows programmers to load over 1KB of data to your PC. This data can be anything from cookie type info to coded instructions. (Executable coded instructions). You can do a lot with 1KB. And this is on top of what you "allow" Flash sites to use. The 1KB records are not an option and are hidden. This is probably why MS is pushing HTML5 and why Apple won't support it at all.

By the way, I allow only one site in all of the Internet to use Flash Player. That's Youtube.
My System SpecsSystem Spec
12 Nov 2011   #30

Windows 7 Pro-x64

Also, that's why the MBR must be cleared. The BIOS looks there for it's OS loaders. The BIOS virus will have an ID in the MBR and will get loaded from the special partition for every start. Wipe the disk, flash the BIOS and start like you're building a new system. Because that's what has to occur.
My System SpecsSystem Spec

 BIOS virus and custom format from Windows 7.

Thread Tools

Similar help and support threads
Thread Forum
Format windows 7 bios config?.
Hi. I have a z77zud3h mother board. I have only 1 SSD stata 3 drive installed. I am wanting to install windows 7 again and just wanted to no how to set up this bios for one ssd. I am using latest bios f20 In bios features there are a couple of option. OS Type = Other Boot mode...
Installation & Setup
Bios update after format
Hi, do i need to update the BIOS everytime i format the hd and reinstall windows?
Want to zero format HD, reinstall windows 7 to ensure virus is gone
I have been trying to rid my wife's laptop of a Trojan rootkit called Trojan:DOS/Alureon.e. This thing just won't go away no matter what I have tried. It keeps popping up and getting captured by my virus software (Windows Security Essentials) but that software can't remove it. I've tried a bunch...
Backup and Restore
Windows 7 Ult 64 Custom build: bios and windows install questions
Hey everyone, I'm sorry if I post this in the wrong forum, but I have a few questions about setting up the bios and installing windows. This is the computer that I am building for video production: Asus P6T Deluxe V2 Corsair Core i7 XMS3 12GB 5 Samsung 1 TB Spinpoint 7200 RPM Antec Nine...
General Discussion
OEM Custom Bios
EDIT: I have successfully unlocked this bios. It can be found over at
Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:59.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App