Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe i have a BIOS virus !


  • Please log in to reply
14 replies to this topic

#1 horia_dalca

horia_dalca

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 24 July 2017 - 07:34 AM

Hello,
This is my first post on this forum.
I'm not good english speaker,but I'll try to explain my problem. 
I believe i have a BIOS virus.I have Windows 7 32 bit.
The motherboard is old --> ASRock N68-VS3 FX.
About a month ago I connected wirelessly to a router that was out of my network.
I was asked by the router owner to change some settings.
The BIOS password was requested the next day when I turned on my computer!
At the same time, I received an email from a hacker who told me that the password was -> 4444!
The next day I received a new email saying that the new password would be -> 111 .
It turned out to be true!
Once I reset the BIOS, the computer runs normally until the date is changed.
The next day, things are repeated, with passwords limited to 4444,444,111 and 500.
 
What have I done so far:
 1. I turned off the computer from the Internet
 2. Reflash Motherboard BIOS
 3. I bought and put a new hard disk in to PC.
 4. I bought and put a new CPU.
 5. I bought and put a new RAM memory
 6. I installed a new Window 7
 7. I have put a difficult BIOS password
 8. Disable Remote assistance connections
 9. Block a port in windows7 using Inbound Rules
10. Disable Windows Media Player Network Sharing
11. I made a backup of BIOS using universal BIOS Backup Toolkit and scanned file.
12. I installed Malwarebytes and I scanned my PC
13. I installed Kaspersky antivirus software and scanned.
 
What happened after the changes?
Unfortunately, nothing has changed!Every new day the computer wants a BIOS password.
This virus not only puts BIOS passwords but also sends feedback to the hacker about 
my Internet connection.
In fact, now the hacker has no connection with my computer because it is disconnected 
from the internet.
I have no ideas anymore.The only thing left to me to do is to buy a new motherboard!
But the question is, what kind of virus is that?
Thanks!10h0dy1.jpg

Edited by horia_dalca, 24 July 2017 - 10:02 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 24 July 2017 - 09:23 AM

Hello, since tis can be difficult, Please start a new topic and repost with the FRST log from this guide. Start at step 6...

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 horia_dalca

horia_dalca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 24 July 2017 - 10:14 AM

Hello, since tis can be difficult, Please start a new topic and repost with the FRST log from this guide. Start at step 6...

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well..

Thank you very much for the quick answer and also for the link to the Preparation Gude.
Have a nice day!


#4 malwaredpc

malwaredpc

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 24 July 2017 - 12:09 PM

Your router is probably hacked.



#5 horia_dalca

horia_dalca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 24 July 2017 - 01:23 PM

Your router is probably hacked.

Now I use a router, but a month ago I only used PPPoE connection.



#6 malwaredpc

malwaredpc

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 24 July 2017 - 01:28 PM

Clear the CMOS with the proper jumpers or take the battery off. If it is infected it won't fix that and you need another BIOS.

 

The old HDD was  used along side with the new one?



#7 horia_dalca

horia_dalca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 24 July 2017 - 01:52 PM

Clear the CMOS with the proper jumpers or take the battery off. If it is infected it won't fix that and you need another BIOS.

 

The old HDD was  used along side with the new one?

The new HDD  I use  separately. I installed Kali Linux on my new hard drive, but Bios again wants a password.



#8 malwaredpc

malwaredpc

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 28 July 2017 - 03:43 PM

Change the BIOS password to nothing and see what happens



#9 horia_dalca

horia_dalca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 28 July 2017 - 05:16 PM

Change the BIOS password to nothing and see what happens

I changed the BIOS password several times, but that does not work.The computer is disconnected from the Internet.

Now I noticed that the virus changed some settings in BIOS -->  For example : changes 2017 to 2012 year.



#10 malwaredpc

malwaredpc

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 28 July 2017 - 06:58 PM

If the BIOS is infected you can't solve it. You can solder another BIOS to your motherboard or buy another motherboard.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 29 July 2017 - 09:33 AM

See post 2
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 horia_dalca

horia_dalca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 29 July 2017 - 10:37 AM

See post 2

Four days ago I created a new malware removal topic and post the FRST.txt and Addition.txt


Edited by horia_dalca, 29 July 2017 - 10:38 AM.


#13 malwaredpc

malwaredpc

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 29 July 2017 - 11:24 AM

 

See post 2

Four days ago I created a new malware removal topic and post the FRST.txt and Addition.txt

 

where?



#14 horia_dalca

horia_dalca
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 30 July 2017 - 12:24 AM

 

 

See post 2

Four days ago I created a new malware removal topic and post the FRST.txt and Addition.txt

 

where?

 

Here -->  Preparation Guide   --> Post a new malware removal request  --> 

Posting a New Topic in Virus, Trojan, Spyware, and Malware Removal Logs


Edited by horia_dalca, 30 July 2017 - 12:25 AM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 PM

Posted 30 July 2017 - 06:11 PM

There is no topic there under you name.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users