My computer started to overheat (and shutdown) after a suspicious file download and subsequent sudden Windows Update two months ago. I haven't got restore points and I was stupid enough to delete the suspicious file, so I don't know how to identify or track down the virus. Windows Update shows NO installed updates at all, even though it used to. I have the impression that the BIOS might be infected, since Linux live-cds also access the overclocked step (1.6 ghz for each 800mhz core) until they're told to use the lowest step.
After randomly running some tools like Rkill I still had the problems. So I thought I might just reformat the drive and move on to another OS. But if the BIOS is also infected, I'm paranoid about what it can access from the new install..?
I've tried to flash the BIOS from within Windows and from a live-cd using a seemingly unaffected MiniXP/WinPE. The flash does complete, but the log shows that the first dozen blocks were skipped and also some of the last. It says that devices weren't found. Example (it seems that 17 out of 31 blocks were skipped):
Skipping Block 31 since specified device is not found.
By now I don't have much faith in rescuing the Windows installation. If you think you can help me though, I'm willing to give it a try.
The most pressing question is if a BIOS infection can spy on my data/traffic from a Linux install, and how likely this is? Would you feel safe in my situation, if I was to reformat the HDD and install Linux?
- Malwarebytes found nothing from within a Windows boot-to-command-prompt..
- GMER noticed of altered registry things, but then the computer suddenly overheated and shut down
- ClamTK found some older encrypted directories and small things I examined, but no newer obvious threats
Windows Vista 32-bit without service packs (since they couldn't install),
HP machine with Phoenix bios and HP's Windows-only flashing programs (.exe)
Thanks in advance. I'm destroyed.
Do know that I appreciate your activities here.
Edited by hplaptopvistaguy, 17 July 2013 - 12:28 PM.