Virus hidden in the BIOS? - Tony Krijnen

Virus hidden in the BIOS?

I got an e-mail from Iris stating that she had a virus she couldn't get rid of. Even wiping the harddisk clean and reinstalling Windows XP again won't get it of the machine!

I've heard from the various techniques that virusses are using today to hide itself (In memory, or in the Master Boot Record of the harddisk) so that it would survive a clean install. But then she told me that wiping the disk and flashing the bios got rid of it. I know that a virus could write to the flash part of the bios (Many virusses try this to actually destroy the BIOS) and that perhaps it could even hide there. But how would it ever get executed again than?

So I dropped a quick e-mail to Mark Russinovich and he replied that by using the interaction with the ACPI part of the BIOS a virus would become active even at setup! It was discussed at the latest Black Hat conference:
https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Heasman.pdf (Showing how both Windows as Linux would be infected)

My colleague Bruce Cowper (CA) pointed me to this website that has code which can be used.

So it all seems a matter of time that we also need to flash the BIOS before we can get rid of a virus... Yuk.

Thanks,

Published Sunday, May 20, 2007 11:19 AM door Tony Krijnen

Commentaar:

# re: Virus hidden in the BIOS?

Thursday, May 15, 2008 1:51 PM door leyton

hi

any advice on how to get rid of a bios virus without losing all my data?

thanks

# re: Virus hidden in the BIOS?

Thursday, June 12, 2008 7:03 PM door Arjun

Is there any utility to remove virus from write-able portion of BIOS?

# re: Virus hidden in the BIOS?

Thursday, July 10, 2008 1:42 AM door Konokoha Vans

No, I do not believe there are any viruses that infect the BIOS (How would that work? Viruses would have to spread, and they could not spread from the BIOS)

There are viruses that trash the BIOS, rendering the computer non-bootable.

# re: Virus hidden in the BIOS?

Wednesday, July 16, 2008 11:23 PM door Tony Krijnen

@Konokoha: I'm not a programmer but if Mark Russinovich says it's possible you'd better believe it. Appearently the BIOS is queried in a way that a virus can load itself into the OS. Just a small payload is what it takes today to wait for an internet connection and load the rest of the code (Rootkit, SMTP server) from there on it's sending out e-mails in your name.

Thanks, Tony.

# re: Virus hidden in the BIOS?

Thursday, October 09, 2008 6:08 AM door minnkhai

how can i clean that virus, motherboard virus program didn't help either, romoving the battry didn't help either, but i didn't shock the bios power jumper yet, now i'm in big problem setting up new window... pleaz somone help pleaz!!!

# re: Virus hidden in the BIOS?

Wednesday, October 15, 2008 10:18 AM door Jesse

No doubt, there is a virus in my BIOS

guaranteed.

It puts up phony windows operating systems.

A computer engineer friend of mine says it's possible...

There must be someone out there who knows how to fix this problem.

Also, this program is a remote desktop NT server that doesn't do anything really malicious.  That's why people don't really care if it's on their system.

It just steals information and passwords, but doesn't do other things.  It just waits for commands and spreads through LANs.

It is wicked tough, and it controls everything that happens on the computer.  No programs really install and work.  It's a bunch of highjacked DLLs and system files. plus I think it writes itself into the restore partitions.

ARgGG!

This computer is mine!

not really....it belongs to some NT AUTHORITY.

# re: Virus hidden in the BIOS?

Tuesday, October 21, 2008 10:48 AM door Tony Krijnen

@Jesse: Seems like you need some other help than with computers LoL :-)

# re: Virus hidden in the BIOS?

Friday, February 06, 2009 6:51 PM door Tim

My pc boots in a normal way, but once I come into the windows desktop my keyboard and mouse freeze.  The only thing I can do is ctrl-alt-del and shut down explorer.  Thats it.  Is this a virus on my harddisk or in my bios?

I have formatted my pc three times in a row and reinstalled windows also.  Nothing helps.  mostly he operates normally for about one hour and then it's the same problem.  

I'm going crazy.  It's fridayevening, and I got a serious deadline for monday.

Tim  

# re: Virus hidden in the BIOS?

Tuesday, June 29, 2010 11:15 PM door MItch

Yes, of course bios infections are possible, its simply code (usually Python). If you want to make a repair first remove the bios chip get another on (preferably flashed by motherboard manufacturer) remove and destroy your HDD install the new BIOS chip and HDD, install your operating system and you are done.  Anything else is just going to frustrate you. Konokoha Vans is completely inexperienced and naive. The term virus with regard to computer systems today simply means malicious code, malware whatever.

# Does a computer virus affect the BIOS? | City Creativ Real Estate Group

PingBack vanaf  Does a computer virus affect the BIOS? | City Creativ Real Estate Group

Wat denkt u?

(Verplicht) 
(Verplicht) 
(Optioneel)
(Verplicht) 
CaptchaCube Vraag:


Antwoord: