Printable View
sorry, i2c, I forgot the original link, here it is:http://www.softheap.com/internet/cmos-viruses_23.html. I will look up some more information about that.
like I said, I've not seen a practical CMOS virus, and I thought you should get rid of memory by using clear CMOS jumper if exist. :) for jumperless, you can look for the parameter.
meery christmas to you western guys and gals. is Santa's postcode HOHOHO? just know, maybe you guys can introduce some interesing over your place..
Yeh, If a modern day cmos virus came, wouldn't all you need to do to defeat the virus is jump the cmos with the jumper?? Mikema kind of beat me to it... :mad: :p
If it was a CMOS virus, then yea, you can just erase it via jumpers or taking out the battery for a while. But if it's a virus, and it is flashed with garbage, then the board could become permanently damaged.
A_T
We are dealing with two types of memory here:
1. The CMOS or NVRAM. This stores data such as the system date and time, passwords, boot order, and hard drive specifications. The NVRAM is dependent upon an external power source to remain intact, usually a button battery. No executable code is located here. Even if it were, it would require a helper application to load it and execute it, without which it would be useless. The size of this memory area is usually 32 KB.
2. The FLASH ROM, or the BIOS. This is the actual code which interfaces with your system's hardware, and this is what is chanegd when you flash the BIOS. This is *not* where the time and date are stored. The size of the BIOS is usually about 4 MB.
As mikema reiterated, a virus cannot be executed from CMOS memory. This memory is used only for storing items such as the time, hard drive specifications, and passwords. Nothing is ever executed from this memory. If a virus were to store its code somewhere in the CMOS, it would be no more effective than assembly instructions written out in a text file. It would need some other application to load and execute it, which would show up with conventional virus scanners. Contrary to mikema's post, the NVRAM, or CMOS, is addressable and writable by the operating system. I have done this with the nvram.o linux kernel module.
I do not believe a virus which stays in the NVRAM will ever be written. This is mainly because this memory is not ever executed, unless a third party application does so. A far more effective technique to writing viruses is storing them directly in executable program code.
It may be possible for a virus to overwrite some areas of the CMOS with out-of-bounds data, causing buggy BIOSes to crash upon reading this. However, since such an infected system would likely never boot after the infection, such a virus would never spread. This is the only way I can think of that a virus could use the CMOS data to its advantage.
To sum it up, it unlikely such a virus exists, because of the logistical difficulties in executing code within the NVRAM. A virus may exist in the BIOS FLASH ROM, however clearing the NVRAM, or CMOS, will not eliminate such a virus. These are two distinct areas of memory.