Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My whole network has been infected 5+ computers affected


  • Please log in to reply
2 replies to this topic

#1 morphemic

morphemic

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 26 September 2011 - 10:18 AM

Hello, one of the computers on my network got infected with some malware a while back apparently. This in turn infected all of the computers and laptops that have been on my network. It also infected 2 linksys wrt54gls with malicious code and looks to have been using them as part of a botnet. Removed them from the picture after several failed attempts at reflashing the firmware and replaced them with Cisco VPN routers. That issue has been resolved. However my main computer has an Award Bios and I am 99% sure it has been infected with the new BWM virus. I have secure erased my SSD 3 times now and every time it is infected again the moment I boot up. As soon as I log in for the first time after windows boots after a clean install I sit there and watch the security logs as permissions are changed and various unknown users are made and my admin/creator account loses all privileges. I have tried flashing my bios (its a Gigabyte EP45-UD3p 1.6) and it has failed multiple times now. The bios is showing to be write protected and wont take a flash. It appears to but something remains that reactivates it immediately. If I try and set a password in the bios, either admin or user, after i type the first pw and hit enter it says password disabled. I'm running linux off a thumb drive atm, seeing as Linux doesn't seem to be effected by this but it wreaks hell on windows like nothing I have ever seen. The motherboard has a backup bios chip so I intentionly pulled the plug during a flash as to give it a corrupt flash. It booted and said the bios was bad and restored the recovery bios back to the original. Reinstalled windows with the earlier revision of the bios thinking it might be clean finally. Nope, reflashed again with award flash with all the flags force, clear cmos and nvram etc. Nothing works and its getting progressively worse. Is there anything that can be done or I am stuck either chunking what has so far been a fabulous board or ordering a new bios chip? Any thoughts would be greatly appreciated.

Edited by hamluis, 26 September 2011 - 11:34 AM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:48 PM

Posted 26 September 2011 - 10:43 AM

Two thoughts:

Did you secure erase in a different uninfected machine? How are you secure erasing?
If you think it is in the BIOS then I'd replace the BIOS after secure erasing the SSD using the Manufacturers recommended process in a different computer. The BMW virus protects the MBR from being erased

For example, Intel has their own utility, OCZ recommends a different way and so on.

I wouldn't hook any drives up to the computer until I had a clean BIOS set to write protect in the BIOS settings. I'd secure erase the drive in a different machine being very careful not to let it try and boot from the SSD.

The other thing is that from my reading the BMW virus seems to be targeting Chinese computers.

Edited by rotor123, 26 September 2011 - 10:44 AM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:48 PM

Posted 26 September 2011 - 10:56 AM

Read this discussion and the links http://www.wilderssecurity.com/showthread.php?t=307177

A Chinese Antivirus Firm 360 discovered a new Trojan BMW Virus that infects BIOS(motherboard chip program) and MBR(Master Boot drive) Formatting full hard disk or installing New OS won't help you in anyway because BIOS is firmware that resides inside motherboard chip, it will work without the Hard disk.

:rip:

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users