Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mega paranoid


  • Please log in to reply
4 replies to this topic

#1 paranoiduk

paranoiduk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 13 March 2011 - 10:48 AM

Hello all :)

Nice to be here.

I am very paranoid when it comes to my desktop, partly because I don't exactly have the cash lying around to get a new one if something happens with this and partly because I do online shopping etc so don't want anyone getting hold of bank details.

The reason I am here is to ask such knowledgeable people a few questions in the hope that I can slightly allay my fears.

Yesterday Avast discovered a few viruses in its boot scan, one of which was a Trojan which can download other nasties as and when it pleases - a downloader, I'm guessing?

Anyway this whacked me into full paranoia mode and so today I have using the Acer recovery console to transform back to factory settings (the OS being vista when I first got this comp) and then installing 7 via the windows discs. My computer seems very happy right now, certainly a bit more speed and less loading when not doing much at all.

Trouble is, am I completely fine now after these admittedly quite drastic but still pretty simple steps? Is there any step in the process where the nasties could have flown through to the 'other side' and still be able to get me? I've heard of bios, boot viruses - are these a myth? Also can viruses be sent simple 'down the line' via your ip address and modem? Can they get onto the recovery drive itself, rendering a factory restore useless in any case?

I also now have two operating systems, one being this, 7, which is on my Acer DATA (F:) drive and Vista, which is on ACER (C:). Does this have any impact whatsoever on my overall computer health? I won't be using Vista at all and did try to format the F drive but to no avail (another worry for me).

Thank you so very much for your time and sorry for such a likely pointless post! :)

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 PM

Posted 13 March 2011 - 05:36 PM

I've heard of bios, boot viruses - are these a myth?


Boot viruses, i.e. malware that persists and infects via the Master Boor Record (MBR) exists, it's not a myth. Some variants are quite prevalent in the wild.

Bios viruses, i.e. malware that persists via the BIOS or other firmware is more of a myth.
There was malware in the wild that corrupted or erased the BIOS settings/memory on Windows 95/98.
There exist research papers of proof-of-concept malware on modern Windows that installs itself in the BIOS. But I've only seen anecdotal cases of real, in the wild malware that infects the BIOS. I've not found research papers about real BIOS malware found in the wild, neither do the virus libraries of different AV vendors describe malware that installs itself in the BIOS.

Edited by Didier Stevens, 13 March 2011 - 05:37 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 paranoiduk

paranoiduk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 13 March 2011 - 07:05 PM

Thank you Didier :) What can I do for complete and utter reasurance then? But a new computer? :(

#4 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:09:29 AM

Posted 13 March 2011 - 07:25 PM

Boot viruses, i.e. malware that persists and infects via the Master Boor Record (MBR) exists, it's not a myth. Some variants are quite prevalent in the wild.

Bios viruses, i.e. malware that persists via the BIOS or other firmware is more of a myth.

Huh?
Are you saying the MBR infections are not a myth, but a persistent infection of BIOS is? That's how I read what you wrote.
Just learning, I'm not challenging a word you said, believe me :)

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 PM

Posted 15 March 2011 - 07:59 AM

Yes, that's what I mean.

It is possible to persist malware via the BIOS, but I have no hard evidence of viruses in the wild doing this.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users