Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BIOS virus alerts


  • Please log in to reply
3 replies to this topic

#1 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,101 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:17 PM

Posted 10 March 2009 - 09:28 AM

Hello again,
Can anyone explain to me what the option Virus warnings/alerts (will look it up) means. What happens when I enable it??????

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 PM

Posted 10 March 2009 - 10:29 AM

When the "Virus Warning" setting in the BIOS Features Setup menu is enabled, the BIOS will flash a warning message whenever there is an attempt to access the boot sector or partition table. Many systems provide a BIOS Features Setup menu, which is used to configure the BIOS. As the computer starts up there is usually a message telling you how to enter the BIOS setup program such as "Press F2 for Setup". Some computers like HP, Dell, Gateway, etc display a company logo which hides this message so you have to press the Esc or Tab key when it appears. After entering the BIOS menu, you can enable or disable any virus-warning features usually located in Advanced Settings or the same section where you change your boot order.

The CMOS setup utility lets users alter a variety of options regarding their computer, including bootable drive search sequence, system time and date, drive configuration, password security, and more. One option that is very beneficial, if available, is to enable virus warnings, which alerts the user when anyone or anything (such as a virus) attempts to alter the BIOS.

Basic Input/Output System (BIOS)

Introduction to the BIOS <-(scroll down to the section on Boot sector virus protection for additional explanation)

Bios virus's are very rare but have been found in older Windows versions like 9x/NT. These types of virus's do not actually infect the BIOS. Instead they erase the BIOS of flashable BIOS's resulting in a machine that will not boot properly. On certain chip sets, the virus was reported to flash the BIOS. I am not aware of any that affect NT based machines such as Windows 2000 and above in this manner. It is possible that the CMOS battery went bad or the BIOS was corrupted. In that case a reflash of the firmware would be required. If that failed, then a motherboard replacement would probably be needed.

BIOS viruses that affected 9x/NT machines included:
  • Win95/CIH infected program executable files and caused damage to systems with a flash BIOS ROM by attempting to reprogram the flash BIOS ROM chip. There was no remedy, other than replacing the chip or having it “reflashed” by a hardware service agent. If the flash BIOS ROM was permanently attached to the mother board, the entire motherboard had to be replaced. It was hardware-specific, affecting some PCs and not others. Some motherboards can have their flash memory write-disabled, making them immune to the virus.
  • W32.Kriz infected program executable files, modified the kernel32.dll file and directly attacked the code stored in the flash ROM chip making the computer unbootable.
  • Troj/Flashkill was repoprted to destroy the first megabyte of data on a hard disk and wipe out the contents of the BIOS chip.
  • W32.Magistr.24876@mm erased CMOS and the Flash BIOS (Windows 9x/Me only).
  • W32.Mypics.Worm monitored the system clock and when it detected the year 2000, the worm would modify the system BIOS. On the next reboot attempt, the computer would usually display a message such as "CMOS Checksum Invalid" and prevent the computer from booting.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Elise

Elise

    Bleepin' Blonde

  • Topic Starter

  • Malware Study Hall Admin
  • 61,101 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:17 PM

Posted 10 March 2009 - 11:36 AM

Thanks for your explanation quietman7. I found this option in my own BIOS and on a few others I repaired. I was just wondering if it should be turned on, but after reading your explanation I don't think it would be necessary.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 PM

Posted 10 March 2009 - 12:06 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users