Can a virus change the BIOS?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Can a virus change the BIOS?

  1. #1

    Can a virus change the BIOS?

    Is it possible for a virus to change the BIOS? a while ago i revcieved a virus and in the end had to re format my hard drive, when i installed the O/S etc again i found that the virus was still there. i have been given several reasons for why the virus may still have been there but i am unsure to which one is right!

    1)You didnt actually reformat the pc properly and installed the O/S over the top (doubt it!)

    2)Hard drives dont fully get cleaned with one format, it needs to be done several times

    3)There maybe a bot with my IP taged so that evertime i connect to the internet a bot starts a chain of attacks on my computer

    4)My BIOS has been altered!
    The more you know, the less you understand!

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130

    Re: Can a virus change the BIOS?

    Originally posted here by Konshuss
    Is it possible for a virus to change the BIOS?

    yes, it can. but i dont know a virus that put a usefull code on bios. most just destroy it.

    1)You didnt actually reformat the pc properly and installed the O/S over the top (doubt it!)
    prolly
    2)Hard drives dont fully get cleaned with one format, it needs to be done several times
    B.S.
    3)There maybe a bot with my IP taged so that evertime i connect to the internet a bot starts a chain of attacks on my computer
    most prolly. a naked windows xp on internet will be infected in minutes. you cant even have enough time to d/l patches without be infected. ive recently did that test and my new xp got several infections while i was trying to d/l sp2. funny how a regular user can do that (I have all patches on a CD too)
    4)My BIOS has been altered!
    it can be, but i dont know a virus that install itself on bios. anyone knows?
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  3. #3
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Only bios altering virus I ever heard of was CHI (I think thats how it was spelt =\ ) which did nothing more than overwrite the bios, in general, the bioses of today have counter measures to prevent this kind of thing, most likely you were infected when you connected to the net, having installed windows ontop of your old one would still have stopped the virus from executing on startup... oh well, best of luck to you.

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Dĺ landet her kvilte i heilag fred og alle hadde kjćrleik ĺ elske med.

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Only bios altering virus I ever heard of was CHI
    CIH AKA Chernobyl

    I ahve had systems with fuxored BIOS .. but also systems with some code in the CMOS portion that will give merry curry with future installations.. as yet I havent encountered any that will call or install a BOT.. there isn't all that much room to play.. seeing what has happened in the past.. probable...
    I agree with Noia.. a repartition and format before the installation of the OS is normally all that is needed, if a suspicion of a CMOS corruption or infection.. Reset the the cmos.. normaly a jumper, a powere up kboard key combination, or just remove the Battery for a period of time.. read your MOBO Manual (D/L from the MObo manufacturer web site)..
    or if you have managed to rule out a bad prog in your install or your salvaged Documents.. you could look to Flashing the BIOS.. (you can download from the manufacturer site..you will need to know EXACTLY what your motherboard is..We can't help you)
    Warning.. any problems or errors doing this. could lead to a very interesting curiosity you can show your friends (a dead Mobo).. in other words .. eliminate ALL else before attempting this..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    What virus was it? If it was an MBR virus a reformat will NOT remove it. It'll still be there.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    Originally posted here by SirDice
    What virus was it? If it was an MBR virus a reformat will NOT remove it. It'll still be there.
    good point.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  7. #7
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by SirDice
    What virus was it? If it was an MBR virus a reformat will NOT remove it. It'll still be there.
    good point sirdice. When told us about "reformat disk" ive implied that he destroyed mbr also. But it doesnt imply. (i use to re-recreate mbr when re install)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  8. #8
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    You can clean out an MBR virus with the following:

    Fdisk /mbr

    Hasn't failed me yet

  9. #9
    Banned
    Join Date
    Apr 2004
    Posts
    843
    There maybe a bot with my IP taged so that evertime i connect to the internet a bot starts a chain of attacks on my computer
    Ahhh haha! Actually you'd be surprised how many XP users end up re-installing everything that came in the earlier days of service pack one then end up infected with sasser or something.

  10. #10
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    run fdisk and remove the active partition, and then reboot then run fdisk again and reinstall your partitions, reboot and then format your drives. this should take care of any MBR viruses.

    What do you think?
    S25vd2xlZGdlIGlzIHBvd2VyIQ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides