Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BIOS Malicious Threats - Recover Options


  • Please log in to reply
6 replies to this topic

#1 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:01:14 AM

Posted 15 December 2013 - 09:57 AM

I've been reading about this topic and was curious if anyone has been affected by BIOS infections or has had experience in recovering from the effects of a BIOS intrusion.

 

From what I've read, it seems this threat is rare among home PC users but I have read a few posts elsewhere where some have been hit by one of these BIOS infections.

 

One poster said that he had recovered from it by doing the following:

 

- Unplug the PC.  Leave it unplugged for a period of time to insure that the RAM is completely cleared from all previous memory content.

 

- Remove the CMOS Battery/Cell on the MoBo to clear the BIOS / EEPROM.

 

- Power up the PC, then use the MoBo bootable media or a Flash Stick to re-flash the BIOS.

 

 

If this procedure would work in most cases, that would be good to know.

 

I have a backup .ROM file for my BIOS that's stored externally,  That's all I can think of to prepare for such an intrusion.

 

My MoBo doesn't have a BIOS "write-protect" jumper on it.  From what I've been reading about this recently, MoBo's used to have this jumper present on many boards but have gotten away from including that with recent manufacturers.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:14 PM

Posted 15 December 2013 - 03:37 PM

Hi -

In one word - Yes - There are / have been noted BIOS infections.

From Wikipedia, Scroll down to BIOS chip vulnerabilities and Virus attacks
One of many articles From Kaspersky

 

However none of these articles offer secure repairs, only system reinstalls.

 

The links may help you search further for your "cures".

 

Thank You -



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:14 AM

Posted 15 December 2013 - 03:49 PM

Bios virus's are very rare. However, researchers have demonstrated in a test environment proof-of-concept viruses that could modify the flash BIOS or install a rootkit on the BIOS of common systems so that it could survive a reformat and reinfected a clean disk. This type of malware exists in-the-wild and is not generic...meaning it cannot modify all types of BIOS.

Fortunately, as these articles note, it's highly unlikely you will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale. Malware writers would much rather target a large audience through social networking where they can use sophisticated but less technical means than a BIOS virus.Most known Bios virus's have been found primarily in older Windows operating system versions like Windows 9x/NT. These types of virus's erased the BIOS of flashable BIOS's resulting in a machine that would not boot properly and on certain chip sets, the virus was reported to flash the BIOS.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Scoop8

Scoop8
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:01:14 AM

Posted 16 December 2013 - 08:32 AM

quietman7

 

Thanks for the info :)  I'd read most of the links recently and as noknojon mentioned, there doesn't seem to be much info available with recommendations or tested recovery methods in the event of these intrusions into one's PC.

 

The only one that I've been able to find was the one that I included in my earlier post.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:14 AM

Posted 16 December 2013 - 11:30 AM

In all the years I have been working at BC and elsewhere, I have never encountered a confirmed report of a user asking for assistance with removal.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Scoop8

Scoop8
  • Topic Starter

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:01:14 AM

Posted 16 December 2013 - 04:39 PM

Thanks for the input.  I was curious about this topic since I've read a few posts about the subject where someone was affected by one of the BIOS infections.  They had asked for ideas about how to recover from the infection.

 



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:14 AM

Posted 16 December 2013 - 05:03 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users