Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BIOS Virus???


  • This topic is locked This topic is locked
33 replies to this topic

#1 GoingMad

GoingMad

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 07 November 2012 - 03:20 AM

Hi, I'm having problems detecting a suspected rootkit. Programs open randomly (outlook,media player,calc)Start menu opens with a random char (e,a,#)or words ie goingmad,#420 in text field, infact most text boxes. I tried disabling the calc but it keeps coming back. Screen goes into fullscreen and some minor hangs and power off happen.
I have tried various scanners Avast,Malwarebytes,SuperAntispyware,amisoft and ms security essentials to name a few and nothing can detect anything. I have done a few clean installs,deleting partitions and this 'thing' even happens in safe mode.
Getting very frustrated with it now so if anyone is up for the challenge i would be most gratefull.

Edited by GoingMad, 07 November 2012 - 03:42 AM.


BC AdBot (Login to Remove)

 


#2 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 07 November 2012 - 03:24 AM

I forgot to add this is a Win 7 machine.

#3 iceremover

iceremover

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:13 AM

Posted 07 November 2012 - 06:11 AM

if you are thinking about a rootkit you could scan with TDSSkiller en/or aswmbr.

#4 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 07 November 2012 - 10:32 AM

Iv'e tried both of these scanners and nothing detected. I'm worried now for other computers on my network, so iv'e disabled network sharing. Thanks for the input though. All help is welcome.

#5 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 08 November 2012 - 12:05 AM

Bump

#6 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 10 November 2012 - 09:12 AM

Update : Things have took a turn for the worse. Now i can't boot. Hangs at verifying DMI...

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 10 November 2012 - 08:58 PM

Hello,what is your operating system? You will need either a USB or a CD Drive available.
You may have
Corrupt boot files on the computer.
Settings for hard drive are not correct.
or others
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 10 November 2012 - 10:42 PM

Thanks for the reply. Windows 7. Have usb flash stick and access to a clean laptop. Can access bios thats all. when i try to boot it hangs at verifying...

#9 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 10 November 2012 - 11:00 PM

See below

Edited by GoingMad, 10 November 2012 - 11:13 PM.


#10 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 10 November 2012 - 11:01 PM

It's crossed to another pc in the house, same symptoms..impossible? to find. The only way this is possible is via my external hdd.
Hope you can help me buddy..outa my depth here.

Edited by GoingMad, 10 November 2012 - 11:12 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 11 November 2012 - 04:04 PM

I have asked someone that handles these non booters to look here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:13 PM

Posted 11 November 2012 - 09:06 PM

Hello GoingMad :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

Posted Image Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Post the contents of FRST.txt into your next message and let me know of any problems you encountered along the way (if any).


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:13 PM

Posted 11 November 2012 - 09:50 PM

Hello, Just letting you know I moved this to the Virus, Trojan, Spyware, and Malware Removal Logs forum,where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 12 November 2012 - 10:29 AM

I am unable to boot from cd. Hangs at verifying dmi pool data. I checked if hdd is being recognised in bios and its there ok. I have reset bios defaults apart from boot order obviously, still no go.

#15 GoingMad

GoingMad
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 12 November 2012 - 11:52 AM

Ok here goes..The file was to long so i added as an attachment but doesn't appear to be showing up on my post

Edited by GoingMad, 12 November 2012 - 11:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users