Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How detect firmware infection?


  • Please log in to reply
14 replies to this topic

#1 jbradvi9

jbradvi9

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 23 June 2016 - 08:06 AM

I was unconsious what could downloading pirated games and apps possibly do to all electronic appliances in my home.My old pc was full of viruses so I just decided to reinstall windows os.Of course it didn't work.Then I tried to install a linux live cd to see if not using the hdd os will impact the pc behaviour but it happened that after a while arose unresponsiveness of my pc.After several  time I googled internet and find discussions about firmware based infections.After a time I bought a tablet and after that a laptop which all got unresponsive after connected by wifi to home router.All that I understood was that the router also was already infected due to weak password.Now I tried to reinstall os on both laptop and android tablet but no avail.So now I have 4 devices infected by firmware malware.I was to several repair shops but nobody of them has helped me.Pula is a 60.000 inhabitants town maybe this is the problem of lack of good service.Could You give me a hint how detect what hardware is actually infected if it is possible of course!



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 23 June 2016 - 09:07 AM

Hi jbradvi9 :)

The possibility of firmware infection here is relatively low, since most of these are PoC and not in the wild. Also, most of them needs to be transmitted physically (which isn't the case when you connect a device to a router through wireless).

What error are you getting when you trying to reinstall Windows? Also, what version of Windows are we talking about here?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 23 June 2016 - 06:00 PM

The thing is when I install win7home from cd source all seems well no annoyances no frezzing but when I connect internet in matter of minutes it become unresponsive and after that the unresponsiveness remains untill another reinstall of os and so forth.If the malware is on hdd only the linux live cd would work but even this get stuck after internet is on.The old pc has the possibility to read its bios file so while comparing it to the original from 'hp'-website I noticed that 4 long lines of text have been added.I flashed bios and set write protection.The correct lines are showing up now while reading the bios file.But after that had corrected I saw the linux live cd logo not showing while loading any more!?There is a lot of stuff hacked and altered on this pc....its os is still winxp.The tablet has same or similar problems I think.Factory reset hasn't helped.I tought a router can possibly transmit infection only logging in its config. page.Weird!



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 24 June 2016 - 02:07 AM

Right now, is Windows XP installed on that computer, or not?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 24 June 2016 - 07:20 AM

The old desktop runs xp while the laptop runs win7.I am communicating with You by laptop.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 24 June 2016 - 12:15 PM

So the laptop works even when connected to the Internet, right? Are you able to follow the instructions below on the Windows XP desktop?

S8ANNnz.pngGSmartControl
Follow the instructions below to test your hard drive health with GSmartControl:
  • Download GSmartControl and save it on your Desktop;
  • Extract the content of the GSmartControl .zip archive and execute gsmartcontrol.exe;
  • Identify your drive in the list, and double-click on it to bring up it's window (usually you'll find your drive by it's size or it's brand name);
  • Go in the Perform Tests tab, then select Extended Self-test in the Test type drop-down list and click on Execute (this test can take a few hours to complete);
  • Once the test is over, the results will be displayed at the bottom of the window. Please copy and paste these results in your next reply;
  • Also, go in the Attributes tab and if you have any entries highlighted in red or pink, copy and paste their name in your next reply (or take a screenshot of the GSmartControl window and attach it in your next reply);
    info_failing.png

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 25 June 2016 - 03:58 AM

I am answering You by tablet device now to tell You that all these devices that I mentioned before have the ability to me to communicate  by them but are in codition that very frequently get unresponsive,they can still be used though.I am going to use the laptop to execute the program You adviced me.



#8 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 25 June 2016 - 09:48 AM

There were no red or pink entries in'attributes'!!

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Device Model:     TOSHIBA MQ01ABF050
Serial Number:    Z5E6SY0XS
LU WWN Device Id: 5 000039 6b5883f9b
Firmware Version: AM0P1A
User Capacity:    500.107.862.016 bytes [500 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Sat Jun 25 16:26:34 2016 SE
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00)    Offline data collection activity
                    was never started.
                    Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0)    The previous self-test routine completed
                    without error or no self-test has ever
                    been run.
Total time to complete Offline
data collection:         (  120) seconds.
Offline data collection
capabilities:              (0x5b) SMART execute Offline immediate.
                    Auto Offline data collection on/off support.
                    Suspend Offline collection upon new
                    command.
                    Offline surface scan supported.
                    Self-test supported.
                    No Conveyance Self-test supported.
                    Selective Self-test supported.
SMART capabilities:            (0x0003)    Saves SMART data before entering
                    power-saving mode.
                    Supports SMART auto save timer.
Error logging capability:        (0x01)    Error logging supported.
                    General Purpose Logging supported.
Short self-test routine
recommended polling time:      (   2) minutes.
Extended self-test routine
recommended polling time:      ( 119) minutes.
SCT capabilities:            (0x003d)    SCT Status supported.
                    SCT Error Recovery Control supported.
                    SCT Feature Control supported.
                    SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   100   100   050    Pre-fail  Always       -       0
  2 Throughput_Performance  0x0005   100   100   050    Pre-fail  Offline      -       0
  3 Spin_Up_Time            0x0027   100   100   001    Pre-fail  Always       -       1323
  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       -       212
  5 Reallocated_Sector_Ct   0x0033   100   100   050    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000b   100   100   050    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   100   100   050    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0032   100   100   000    Old_age   Always       -       266
 10 Spin_Retry_Count        0x0033   104   100   030    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       210
191 G-Sense_Error_Rate      0x0032   100   100   000    Old_age   Always       -       6
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       11
193 Load_Cycle_Count        0x0032   100   100   000    Old_age   Always       -       805
194 Temperature_Celsius     0x0022   100   100   000    Old_age   Always       -       50 (Min/Max 19/52)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
220 Disk_Shift              0x0002   100   100   000    Old_age   Always       -       0
222 Loaded_Hours            0x0032   100   100   000    Old_age   Always       -       259
223 Load_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
224 Load_Friction           0x0022   100   100   000    Old_age   Always       -       0
226 Load-in_Time            0x0026   100   100   000    Old_age   Always       -       179
240 Head_Flying_Hours       0x0001   100   100   001    Pre-fail  Offline      -       0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Extended offline    Completed without error       00%       265         -
# 2  Extended offline    Aborted by host               70%       264         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 26 June 2016 - 11:46 AM

Alright so your hard drive isn't failing.

When you say that your devices gets unresponsive, is it the whole device that freezes, or simply the network (Internet) on it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 26 June 2016 - 03:00 PM

I really don't know how it actually works but I will enumerate some.I use firefox as default browser so this is what happens:loading pages is fairly slow sometimes the same page that shows up in 5sec does load for 1min,then scrolling a page is followed by numerous brakes ect...Then 'Live mail' uses to freeze then eg. clicking on speakers icon in system tray causes a symptomatic delay.I like to play online quizes but pages wait to reload so I can't get a result to be a little bit humoristic but this is really bothering.Then 'screen on' is waiting a lot, several times a minute........Then youtube videos get stuck sometimes won't load.I spend lot of time managing bookings with a site and it's realy awfull when the page won't load.And something that concerns me:I got a news several time ago from paypal that I opened an account but I'm sure I didn't do such actions and linked with that I had my email password changed 2 weeks ago!



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 26 June 2016 - 03:28 PM

Seems like most of them are Internet/connection related issues. Please go on SpeedTest.net, run a test, and post the URL to the results here.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 26 June 2016 - 11:59 PM

5433904523.png



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 27 June 2016 - 05:22 AM

Your Internet speed (download and upload) is quite low. Is that on a wireless or wired connection?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 27 June 2016 - 06:32 AM

It is wireless.It is quite low but the problem of not loading pages and firefox dialog-boxes of scripts not responding etc. isn't due to speed.Maybe I am wrong but sometimes youtube videos load up correctly and that is all I want no matter what the speed is.



#15 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 AM

Posted 01 July 2016 - 09:35 AM

Anybody there?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users