Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


bios virus? [Moved]

  • Please log in to reply
5 replies to this topic

#1 MrMotorcity


  • Members
  • 5 posts
  • Local time:08:36 AM

Posted 31 May 2009 - 03:16 AM

can viruses hide in bios and reinstall on reboot or after full format of hard drive?

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:36 AM

Posted 31 May 2009 - 02:59 PM

moved from HJT forum
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:36 AM

Posted 01 June 2009 - 08:00 PM

It's not impossible, but unlikely. did you back up before reformatting the drive?
It's more likely that the backup media or remote drive is infected
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 MrMotorcity

  • Topic Starter

  • Members
  • 5 posts
  • Local time:08:36 AM

Posted 27 June 2009 - 05:48 AM

sorry about not replying but i have been having nothing but problems with this laptop. No i didnt back up anything before hand. You mentioned back up media and remote drive how would i be able to check them? And also thank you for taking the time to help :thumbsup:

Edited by MrMotorcity, 27 June 2009 - 05:49 AM.

#5 Zllio


  • Members
  • 1,107 posts
  • Local time:08:36 AM

Posted 30 June 2009 - 08:42 AM

Hi Mr.Motorcity,

What Garmanma meant was that if you did back up your data and then reload it onto your computer after the reformat from a cd or flashdrive, you may have carried the infection from before the reformat onto the clean install. What antivirus program do you have? It's possible to scan a flashdrive by inserting into the drive and doing a scan of the flash drive. If you don't already have an antivirus program, I recommend that Avast would be useful in this case. Also, a good online scan for this would be BitDefender which is a scan that has to be run using Internet Explorer with Active X enabled. I'll give you the instructions for each of these:

Step 3: Next I would like for you to run an online scan calledBitDefender

Note: You can only run this scan with Internet Explorer with Active X enabled.

Please run a BitDefender Online Scan

  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Click-on the Detected Problems tab. Then select Click here to export the scan report
  • When the window comes up to save the report, change the Save as type box to Text (Tab Delimited) (*.txt)
  • Then in the File name box enter bdscan then click save.
  • Please upload this file with your next post as an attachment, or post the contents of the file into a code box. To do this, simply paste the contents of the file into your Add Reply box (do not use quick reply) and then highlight just those contents and click on the button five over from the smiley face beneath the fonts which is called Wrap in code tags. You can only see this if you allow your mouse to hover over that button.

Here's a link for Avast. Avast is a resident antivirus program, so do not install it if you already have a differernt antivirus, as the two will damage each other's files causing both to be ineffective.


Let me know how this goes and if there's any virus found, I would like to see the results.
Also, please give more information about what kinds of problems this laptop is giving you, as that's not clear.

#6 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,766 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:36 AM

Posted 30 June 2009 - 10:36 AM

Continue with the instructions provided by Zllio. This is just FYI on Bios virus for your learning experience while here at BC.

Bios virus's are very rare but have been found in older Windows versions like 9x/NT. These types of virus's do not actually infect the BIOS. Instead they erase the BIOS of flashable BIOS's resulting in a machine that will not boot properly. On certain chip sets, the virus was reported to flash the BIOS. I am not aware of any that affect NT based machines such as Windows 2000 and above in this manner.

BIOS-level rootkit attack scary, but hard to pull off

BIOS viruses that affected 9x/NT machines included:
  • Win95/CIH infected program executable files and caused damage to systems with a flash BIOS ROM by attempting to reprogram the flash BIOS ROM chip. There was no remedy, other than replacing the chip or having it “reflashed” by a hardware service agent. If the flash BIOS ROM was permanently attached to the mother board, the entire motherboard had to be replaced. It was hardware-specific, affecting some PCs and not others. Some motherboards can have their flash memory write-disabled, making them immune to the virus.
  • W32.Kriz infected program executable files, modified the kernel32.dll file and directly attacked the code stored in the flash ROM chip making the computer unbootable.
  • Troj/Flashkill was repoprted to destroy the first megabyte of data on a hard disk and wipe out the contents of the BIOS chip.
  • W32.Magistr.24876@mm erased CMOS and the Flash BIOS (Windows 9x/Me only).
  • W32.Mypics.Worm monitored the system clock and when it detected the year 2000, the worm would modify the system BIOS. On the next reboot attempt, the computer would usually display a message such as "CMOS Checksum Invalid" and prevent the computer from booting.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users