Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can a BIOS virus steal data from a new Linux install?


  • Please log in to reply
No replies to this topic

#1 hplaptopvistaguy

hplaptopvistaguy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 17 July 2013 - 12:00 PM

Hi.

 

My computer started to overheat (and shutdown) after a suspicious file download and subsequent sudden Windows Update two months ago. I haven't got restore points and I was stupid enough to delete the suspicious file, so I don't know how to identify or track down the virus. Windows Update shows NO installed updates at all, even though it used to.  I have the impression that the BIOS might be infected, since Linux live-cds also access the overclocked step (1.6 ghz for each 800mhz core) until they're told to use the lowest step. 

 

After randomly running some tools like Rkill I still had the problems. So I thought I might just reformat the drive and move on to another OS. But if the BIOS is also infected, I'm paranoid about what it can access from the new install..?

 

I've tried to flash the BIOS from within Windows and from a live-cd using a seemingly unaffected MiniXP/WinPE. The flash does complete, but the log shows that the first dozen blocks were skipped and also some of the last. It says that devices weren't found. Example (it seems that 17 out of 31 blocks were skipped):

 

Skipping Block 31 since specified device is not found.

        Block size         : 16384(  4000)
        Block address      : FFFFC000
        Block attributes   : 0022
        Block image offset : 000FC000
        Calling driver to END flash

 

By now I don't have much faith in rescuing the Windows installation. If you think you can help me though, I'm willing to give it a try.

 

The most pressing question is if a BIOS infection can spy on my data/traffic from a Linux install, and how likely this is? Would you feel safe in my situation, if I was to reformat the HDD and install Linux?

 

- Malwarebytes found nothing from within a Windows boot-to-command-prompt..

- GMER noticed of altered registry things, but then the computer suddenly overheated and shut down

- ClamTK found some older encrypted directories and small things I examined, but no newer obvious threats

 

Windows Vista 32-bit without service packs (since they couldn't install),

HP machine with Phoenix bios and HP's Windows-only flashing programs (.exe)

 

Thanks in advance. I'm destroyed.

 

Do know that I appreciate your activities here.


Edited by hplaptopvistaguy, 17 July 2013 - 12:28 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users