Can a Virus attack the BIOS?

Discussion in 'malware problems & news' started by richrf, Oct 6, 2004.

Thread Status:
Not open for further replies.
  1. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi everyone,

    I have this problem that seems to be affecting the system at the moment it boots.

    On the very first screen where Dell displays its logo, there is also an Intel logo that is highly "distorted" and truncated. I also have this problem that the system hangs from time to time when it goes into screensaver mode. It also started three days ago when the system crashed and restarted on its own. At that time, it went into some kind of recovery mode on the disk and I had to reset the date/time after this.

    My question is: Does this sound like a bad chip or could a virus have attacked the BIOS or some other low level software? My technical knowledge is rather slim in this area.

    Thanks for any thoughts about how I may go about addressing this problem.

    Rich
     
  2. nod32_9

    nod32_9 Guest

    There are BIOS attacking bugs. Run a full system scan with one of those free online AV scanner. The distorted image may be related to a bad video card and/or video driver.

    Are you running WXP?

    Check the condition of the CMOS battery if you have to reset the clock. Also reset the BIOS to default configuration. Save and exit. Bad RAM, bad screensaver, or a software conflict could result in the lock-up.

    Go to MSCONFIG\START UP tab, and uncheck all items (you can recheck them later). Reboot the PC. Do not connect to the internet. Do you still have the lock-up issue? Also try NONE for the Desktop screensaver.

    You don't save wear and tear on the monitor by activating the screensaver. You should be able to put a modern monitor to sleep when it is not in use.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    While you are turning off the screen saver, you might try also turning off the energy star settings that turn off the monitor and hard drive after a certain time.
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Devinco,

    Thanks for the suggestion. Can you tell me where I can find these settings that you are referring to? Thanks for the help.

    Rich
     
  5. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    There are bugs that rewrite the bios via the flash chip(but usually computer wont boot) normally you need to replace it(chip) if this has happened,try updating the bios(flashing)with a later version than one installed now if the procedure gets part/most of way through and wont complete this could point to the chip having been rewritten by one of these bugs
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Right click on your Desktop
    Properties
    Screen Saver (tab)
    Power - in there

    Cheers :D
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Be careful doing a BIOS upgrade, unless you know what you are doing...

    Cheers :D
     
  8. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Sorry never thought about that!(I know what im doing regarding flashing:-but can still be a bit nerve-racking until it completes,always worry about power cuts etc!can=goosed motherboard:-you should only ever do it if it is needed!)
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Most BIOS flashing utilities have a backup option.
    A battery backup UPS would protect you should a power outage happen while flashing.
    Most all recent BIOS have an option to protect the BIOS (provided it is enabled) from alternate flashing methods. It is sometimes called CIH 4-way protection or similar. Gigabyte Motherboards also have a Dual-BIOS that you can switch between.
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi everyone,

    I have been slowly and methodically trying out things today to see if I can figure out what is going on without putting my machine out of business. This is what I have done so far to try to isolate and understand what may be the problem and whether or not a virus may be involved.

    1) I re-started my system in safe mode. The "distorted" Intel logo (it looks on the screen like the logo has been severely s-t-r-e-t-c-h-e-d vertically) still appears on the intial Dell bootup screen. There are no other distortions at any time on the video. My guess is that this "logo screen" is coming from somewhere in the hardware, which is why I suspect something has happened to the bios - but I am only making an ill-informed guess.

    2) In safe mode the screen stays on all the time - no screen save - and consequently the machine never froze.

    3) I re-started in regular mode and removed some (not all) resident programs. When the screensaver was activited, the machine could be re-awakened most of the time. But when the screensaver was on for a long period of time, the machine would consistently hang. Three times today.

    4) I turned off screen-saver and hibernation and restarted the system. The system has not hung up since then - probably about 7 hours. That looks like screensaving/hibernation is the problem.

    The only other symptom that has occurred was the loss of date/time four days ago when the system first crashed, which led me to believe either a virus may have attacked it (Process Guard did uncover a possible, but unconfirmed, problem with the way Symantec's SystemWorks' core was being initiated), or there may be some problem in the chip. I have scanned using:

    1) Kaspersky 4.5
    2) NAV
    3) McAfee online
    4) Giant Anti-Spyware
    5) Ewido
    6) TDS-3
    7) Spy Sweeper
    :cool: Ad-aware
    9) Spybot
    10) Trojan Hunter


    I also have SSM and PG 2.5 up and running. Nothing has been detected other than PG detecting that potential issue with Symantec SystemsWorks core startup. (I think PG is a super product. I would like to know more about how it is functionally different from SSM, but that I will save for another time. I think both are terrific with a capital T as are the other products I used to scan the system).

    So this is where I am right now. Something is wrong with the system but I am at least "stable". I would like to get to the heart of the problem so that I do not have to be concerned about possible outstanding issues that may get worse over time.

    Well, I guess I was a little long-winded, but I wanted to be complete since I would like to see if there is any recommended path of debugging and isolation that anyone can recommend to me at this point.

    Thanks to everyone. I really appreciate the fact that there are great guys on this forum willing to share their time and knowledge. Thanks to everyone.

    Rich
     
  11. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Depends on the age and make of your motherboard(I dont like gigabyte buts thats a personal opinion)and to be honest how many home users are likely to have a battery(UPS) power supply?
    Flashing your bios is not a common occurrence,the way things are nowadays with cost of hardware so(relatively)low most change their PCs so often it is likely to become even less common,unless the installed bios has"known issues" I can see it totally becoming a thing of the past.
    Chances are if you try to update,say with faster cpu/memory,your PC after owning for any length of time chances are anything faster isn't going to fit physically.I wonder how far into the future the manufacturers plan this obsolesence:-its a fantastic ploy from getting money out of your/my pocket and into their coffers!
     
Loading...
Thread Status:
Not open for further replies.