Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bios Damaging Virus?


  • Please log in to reply
1 reply to this topic

#1 Computer Wizard

Computer Wizard

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Indianapolis
  • Local time:04:20 PM

Posted 22 May 2006 - 10:16 PM

Hi!

I want to know if anyone has information about any recent virus that is capable of corrupting the content of the BIOS chip on the motherboard.

Recently I ran into two cases where the computer would not boot up but shut itself down before getting to stage of loading the OS. The first one I didn't have a chance to see with my own eyes, just got asked about in an e-mail.

However in the second case I examined the machine myself and it didn't show any sign of physical damage and the owner of it told me that the computer stopped booting after he downloaded something from a questionable site and ran it. There was no thunderstorm at the time of this happening (which sometimes damages the MB). I did all the troubleshooting that I could and found that the motherboard was the cause of the malfunctioning.

I did a research on the internet and found that there used to be virus called CIH, or Chernobyl, that was capable of corrupting the flash BIOS, rendering the machine unusable until the BIOS was restored. However this virus ran only on DOS/Win 95/98 and not on Win 2000 or above.

Both computers with this strange behaviour were recent models with Win XP on them. So I'm wondering if someone revived this old virus and rewrote it to work on the more recent OSes.

If anyone has run into something like this, or knows any info that would confirm my observation please let me know.

Thank you.

Laszlo Szenes
Laszlo

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:20 PM

Posted 23 May 2006 - 07:06 AM

CIH infected program executable files and caused damage to systems with a flash BIOS ROM by attempting to reprogram the flash BIOS ROM chip. There was no remedy, other than replacing the chip or having it “reflashed” by a hardware service agent. If the flash BIOS ROM wass permanently attached to the mother board, the entire motherboard had to be replaced.

Other BIOS viruses that affected 9x/NT based machines included:

W32.Kriz infected program executable files, modified the kernel32.dll file and threatened to damage the BIOS, preventing the machine form booting up properly.

Troj/Flashkill was repoprted to destroy the first megabyte of data on a hard disk and wipe out the contents of the BIOS chip.

W32.Magistr.24876@mm erased CMOS and the Flash BIOS.

W32.Mypics.Worm monitored the system clock and when it detected the year 2000, the worm would modify the system BIOS. On the next reboot attempt, the computer would usually display a message such as "CMOS Checksum Invalid" and prevent the computer from booting.

These types of virus's are rare and they do not actually infect the BIOS. Instead they erase the BIOS of flashable BIOS's resulting in a machine that will not boot properly. I am not aware of any that affect NT based machines such as Windows 2000 and above in this manner. It is possible that the CMOS battery went bad or the BIOS was corrupted. In that case a reflash of the firmware would be required. If that failed, then a motherboard replacement would probably be needed.

Could just be coincidence that you had two machines with similar problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users