Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dumb question: Bios can contain virus/spyware/keylogger???


  • Please log in to reply
7 replies to this topic

#1 cmedia

cmedia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 18 January 2015 - 08:35 PM

Mod Edit: Moved to general Security..~~ boopme

Hi, recently i had to format and reinstall windows7 64bit in a computer who have been infected with "all in one keylogger" and other spyware, from an idiotic ex husband.
 
The computer is a recent one, and good one, i7 + ssd...
 
So, to be sure i get rid of any malware/virus/spyware i boot from usb, where i have a win7 64bit sp1 ready to install, i run the setup, in the setup i delete ALL partition and i create 1 from scratch, and i install windows 7 there.
 
before connect to internet, i installed also avg free edition (offline install file).
 
As soon i connected to internet, i made windows update install all critical and non critical patches (thanks god i have a 500mbit optic cable, and the computer had a ssd, so was not too much time... lol).
 
i install and configured all program and all run fine without suspicius activities, at least for what i can see.
 
I give back the computer to the woman.
 
after around a week, the woman contact me saying the ex husband tell her still can control her activityes online, to prove to her this, him gave her a password, she write on desktop and appear the windows of "all in one keylogger"... she immediate uninstalled the keylogger (you can unistal it after you write the password and see the keylogger windows)...
 
she assured me she never open files from ex husband emails, or accepted and run files from messenger or stuff like this, like i told here before give back her computer.
 
also told me the ex husband say he infected the bios, so each time she will reinstall window, his spyware will be reinstalled and she cannot escape his control.
 
Now, im not an expert, i help friend to reinstall stuff and fix the system, for free, lol...
 
so i ask, it is possible to infect a bios and have in case of windows reinstall and partition recreation, have certain software automatically reinstalled on boot???
 
if yes, reset or maybe upgrade the bios flashing it, will solve the issue?
 
another question, is true a keylogger cannot connect to internet if i install a firewall? they dont automatically manage to bypass the firewall?
 
thanks for help and sorry for my bad english level.

Edited by boopme, 19 January 2015 - 01:17 PM.


BC AdBot (Login to Remove)

 


#2 TechnicianOnline

TechnicianOnline

  • Members
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Online
  • Local time:07:31 AM

Posted 21 January 2015 - 12:30 AM

I came back to this threat about four times and read it closely each visit.

 

I can see why no one really wants to reply to your question, it's very obvious what's going on and it's not embedded malware on the BIOS.

 

 

Let me just point out, the moment that Computer leaves your hands clean with a fresh install, you can't prove or disprove anything.

 

The only thing you can assure yourself if that someone is installing malware on the machine, AFTER you have wiped it clean.

 

She needs to do an audit of everything, starting from this Network, to the location of the laptop and where it's placed during the day and night. WHO stays with the laptop and has she continually change her passwords?

 

Just because someone shows a password to her, does not mean it was by the means of infecting her Computer.

 

Hope it helps and I hope you know this isn't as complex as you think. It's very simple, someone is installing malware on the machine after you clean it. Figure out where's the source.


A Network isn't something you 'own' or 'have'; you may only wield it like the sword of Excalibur.


#3 cmedia

cmedia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 21 January 2015 - 01:03 AM

today i upgraded the mainboard bios using a usb formatted with rufus with bootable ms dos, reset the mbr of the hard disk using a boot cd with "super fdisk", prooceeded to a new win7 64bit install, applied all possible critical and not critical windows updates, installed a lot of antyspyware like super, hitmanpro etc...

 

i do also scan from rescue usb disk of avg and avira, to be 100% sure the computer was clean...

 

then i give it back to the woman very sure about her computer being clean

 

in less of 12 hours, AGAIN the ex husband is spying on her, him is able to tell her with who she is writing on skype and about what (she changed the skype/messenger/etc passwords after i give her the computer, today).

 

She live alone, ex husband is in another city, so no one physical access the computer.

(but him had physical access to computer when they was still married and living together)

 

Network in the ips network, anyway i set up all connection to be "public" and she log in online trought ppoe with user and pass.

 

i dont know what can be...

 

the ex husband claim him modified the mainboard and the ssd...

 

i told her 1000 time to dont open files, email, anything from the ex, she swear she dont open anything before and also today...

 

i really dont know what can it be, if the ex husband is telling the truth and really him pay someone with the technical knowledges to infect the bios/kernel of mainboard...

or simple is a lie to scare the ex wife and is infecting the computer trough internee in a way i dint think of...


Edited by cmedia, 21 January 2015 - 01:12 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 AM

Posted 21 January 2015 - 05:43 AM

Bios virus's are very rare. However, researchers have demonstrated in a test environment proof-of-concept viruses that could modify the flash BIOS or install a rootkit on the BIOS of some systems so that it could survive a reformat and reinfected a clean disk. This type of malware exists in-the-wild and is not generic...meaning it's vendor specific and cannot modify all types of BIOS. Further, it would take a very tech savy person to create such malware...not something just anyone could do.

If the ex-husband is spying, more than likely he placed some sort of surveillance bug (or bugs) in the residence itself which they previously shared.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 tairoylance112

tairoylance112

  • Banned
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 21 January 2015 - 05:44 AM

she assured me she never open files from ex husband emails, or accepted and run files from messenger or stuff like this, like i told here before give back her computer.



#6 cmedia

cmedia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 21 January 2015 - 08:43 AM

she actually live in a rented apartment where the ex husband never was and is in another city, 3 hours distance with car, she change city to try to dont have contact with the idiotic ex husband.

 

so the actual location of computer is safe.

 

the new infection can only be done trought internet, or using a infected bios as him claim or anyway using another way of infection trought internet/messenger/skype/email/i dont know...

 

tomorrow i will go to check if all in one keylogger is again really installed, to understand if ex husband maybe know stuff because of the access had till 24 hours ago to all her pass and history, or for real is a new infection.

 

i will run again avira and avg rescue disk from usb and i try to understand if really is again infected as before or not.


Edited by cmedia, 21 January 2015 - 08:46 AM.


#7 cmedia

cmedia
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 21 January 2015 - 08:57 AM

for the record, they broke up already in paste, on december, she left him and then back to him after 3 weeks...

 

then again in juanuary, this time the day before she left, him disappeared 3/4 hours with computer and other stuff in the car...

 

maybe knowing she will left again soon, drive the computer to a technician able to infect it for money...



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:31 AM

Posted 21 January 2015 - 09:45 AM

This topic may help...I have been hacked...What should I do?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users