When the "Virus Warning" setting in the BIOS Features Setup menu is enabled, the BIOS
will flash a warning message whenever there is an attempt to access the boot sector or partition table. Many systems provide a BIOS Features Setup
menu, which is used to configure the BIOS. As the computer starts up there is usually a message telling you how to enter the BIOS setup
program such as "Press F2 for Setup". Some computers like HP, Dell, Gateway, etc display a company logo which hides this message so you have to press the Esc
key when it appears. After entering the BIOS menu, you can enable or disable any virus-warning features usually located in Advanced Settings or the same section where you change your boot order.
Basic Input/Output System (BIOS)Introduction to the BIOS
The CMOS setup utility lets users alter a variety of options regarding their computer, including bootable drive search sequence, system time and date, drive configuration, password security, and more. One option that is very beneficial, if available, is to enable virus warnings, which alerts the user when anyone or anything (such as a virus) attempts to alter the BIOS.
<-(scroll down to the section on Boot sector virus protection for additional explanation
)Bios virus's are very rare
but have been found in older Windows versions like 9x/NT. These types of virus's do not actually infect the BIOS. Instead they erase the BIOS of flashable BIOS's resulting in a machine that will not boot properly. On certain chip sets, the virus was reported to flash the BIOS. I am not aware of any that affect NT based machines such as Windows 2000 and above in this manner. It is possible that the CMOS battery went bad or the BIOS was corrupted. In that case a reflash of the firmware would be required. If that failed, then a motherboard replacement would probably be needed.BIOS viruses that affected 9x/NT machines included
- Win95/CIH infected program executable files and caused damage to systems with a flash BIOS ROM by attempting to reprogram the flash BIOS ROM chip. There was no remedy, other than replacing the chip or having it “reflashed” by a hardware service agent. If the flash BIOS ROM was permanently attached to the mother board, the entire motherboard had to be replaced. It was hardware-specific, affecting some PCs and not others. Some motherboards can have their flash memory write-disabled, making them immune to the virus.
- W32.Kriz infected program executable files, modified the kernel32.dll file and directly attacked the code stored in the flash ROM chip making the computer unbootable.
- Troj/Flashkill was repoprted to destroy the first megabyte of data on a hard disk and wipe out the contents of the BIOS chip.
- W32.Magistr.24876@mm erased CMOS and the Flash BIOS (Windows 9x/Me only).
- W32.Mypics.Worm monitored the system clock and when it detected the year 2000, the worm would modify the system BIOS. On the next reboot attempt, the computer would usually display a message such as "CMOS Checksum Invalid" and prevent the computer from booting.