Help: BIOS virus

Discussion in 'malware problems & news' started by frank4, Oct 28, 2011.

Thread Status:
Not open for further replies.
  1. frank4

    frank4 Registered Member

    Joined:
    Oct 28, 2011
    Posts:
    7
    I was doing a copy and paste from an USB key with folders of pictures when my VIPER antivirus warned me a malware was blocked from opening: my computer froze instantly, and i had to force shutdown after 4 minutes of waiting; problem is, it never rebooted.

    I unplugged every USB stick, hard drive and DVD drive and still the BIOS wouldn't appear.

    Then i got the idea of unplugging the memory modules for one hour, and put them back in . The computer booted this time and the BIOS appeared, but with a warning in red: "Warning: the previous performance of overclocking is failed, and the system is restored to the default setting. Press any key to enter setup."

    Now everything is back to normal, i have cleared the malware with VIPER , but i can't flash the BIOS with the MSI utility ( i have a MS-7536 motherboard) because it says it can't write to the floppy ( but it's a brand new one i've just bought; i've tried 3 with the same result) even though it can format it slowly with no problem: the error message is "impossible to create the emergency BIOS backup because the file can't be copied to the disk" ( before writting the new bios, i'm obliged to create a backup of the infected bios, otherwise the utility won't run).

    Can anyone give me an advice on how to flash my BIOS ?

    Will pulling the CMOS battery out for the night clear the virus ?

    And to avoid all this trouble in the future, can anyone tell me which motherboard i can buy that gives the option to physically prevent (by pulling a jumper i guess) BIOS infections ?
     
  2. x942

    x942 Guest

    Do you know if the BIOS is infected for sure? If it is infected the virus would would reinfect the drive.

    Pull the battery for 90 seconds and you will be fine. One thing to note most of the time BIOS infections can't infect every BIOS. Some BIOS's will fail, become damaged/corrupted, etc.

    I would pull the battery. Post back if you still have issues.
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Before removing the battery be sure to turn off the power to the motherboard either by unplugging the PC's power cord or flipping the power supply switch (if the power supply has one) to OFF. The motherboard battery supplies power to keep the CMOS settings during periods when the motherboard does not have power.

    Most motherboards have a "jumper" that you can use to accomplish the same thing. However, it may be easier to just take the battery out for a while.
     
  4. frank4

    frank4 Registered Member

    Joined:
    Oct 28, 2011
    Posts:
    7
    Alright, i will pull the battery.

    But how can i lock my BIOS in the future ? Is that even possible ? Antivirus don't provide 100 % protection, so the next best thing would be to prevent BIOS corruption with a physical lock; but i don't know if such feature exists or how it would be called.
    Or maybe replaceable bios slots ?

    I'm ready to spend whatever it takes, because the hassle is just not worth it. I've been fully busy with this thing for the past 2 days.
     
    Last edited: Oct 29, 2011
  5. frank4

    frank4 Registered Member

    Joined:
    Oct 28, 2011
    Posts:
    7
    That's my whole problem right there.
    Infected drives, i can deal with ( Darik's boot and nuke), but i'm not sure pulling the CMOS battery or moving the jumper will kill the virus; the best thing is to flash the BIOS, by using a CD or USB stick i guess since the floppy option won't work.
     
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    From MSI's BIOS file download:

    http://us.msi.com/product/mb/945GCM478.html#/?div=BIOS
     
  7. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  8. frank4

    frank4 Registered Member

    Joined:
    Oct 28, 2011
    Posts:
    7
    Well, i've pulled the battery for the night, and reset the jumpers today.
    It still refuses to write to floppy disk for the BIOS update, so i'm just gonna leave it at that.

    I've heard many experienced techs telling stories of bricked motherboards due to flashing their BIOS, and even avoiding to do it for their home computers.

    Right now the computer boots and i will install EMSISOFT anti-malware, i should be protected well enough...
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Must have been stories from many years ago as in the last 10 years if not more flashing Bios is as safe as it can be
     
  10. wat0114

    wat0114 Guest

    @frank,

    it seems the problem was triggered when you plugged an infected USB drive in. You should look to completely disable autorun in Windows.
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    these days flashing motherboard bios is quite safe. my asus motherboard has the option to restore an old bios from the cd if the flashing goes wrong. ive upgraded the bios by putting the bios on a fat32 memory stick and then choosing the flash option in the bios. this is the safest way to flash the bios.
     
  12. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have successfully flashed BIOS's several times using the bootable floppy (many years ago), Motherboard Manufacturer's Windows Flash Utility and once using a bootable CD (Intel Motherboard BIOS bootable ISO Image).

    Only in the case of the Intel Motherboard BIOS Flash was I concerned about a possible BIOS infection. The person who gave me the Intel motherboard had a bad Rootkit infection that kept coming back. He decided to do an hardware upgrade and gave me the Intel Motherboard. I upgraded one of my PC's with this Intel Motherboard.

    I had one failure on an ASUS Motherboard using the ASUS Windows BIOS update software. Luckily, I made a backup of the existing BIOS prior to attempting the BIOS Flash. I do not know what went wrong with the BIOS Flash. This BIOS did not really need to be Flashed so I never attempted Flashing this BIOS again.
     
  13. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    I don't recall the circumstances that prompted this, but a few years ago I bought a new bios from BiosMan, they had great service, very fast, and their website is full of good info:

    -http://www.biosman.com/-

    edit: their forum section seems to have had a massive hack attack
     
    Last edited by a moderator: Nov 5, 2011
  14. frank4

    frank4 Registered Member

    Joined:
    Oct 28, 2011
    Posts:
    7
    Hey, that's a great, GREAT tip there my friend. :argh:

    You would think * , with all their security updates and what not would have warned people of this backdoor installed on their software...

    You wouldn't know too how to find a MB with an easily replacable BIOS chip ? Or a locking security feature able to prevent BIOS viruses from bricking the MB ?

    Cheers
     
    Last edited by a moderator: Nov 2, 2011
  15. wat0114

    wat0114 Guest

    Sorry frank, I have no idea about those options. Your BIOS is bricked, you can't re-set it to default? Otherwise, the main thing I would focus on is to prevent the malware from autorunning from a plugged in external drive. In Win7 Pro/Ultimate Group Policy settings, it can be done as seen in the ss.
     

    Attached Files:

  16. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    BiosMan has lots of info about recovering the BIOS, e.g.
    hxxp://www.biosman.com/biosrecovery.html

    edit: I don't know what kind of bios your MSI board has, dunno if this information will be applicable.

    edit: removed active link in case of malware
     
    Last edited: Nov 5, 2011
  17. rrrh1

    rrrh1 Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    202
    That site set the "malware" sirens a blaring !!

    The connection was closed...

    rrrh1 (arch1)
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    It seems from your screen that you haven't disabled Autorun, you have Turn off AutoPlay enabled(which is not AutoRun) and default behavior for AutoRUN to enabled. AutoPlay is detection of file types on the removable device and then prompting if you want to open in explorer, see the pictures, play movies in default player etc. AutoRun is the one that automatically executes Autorun files on the device.
     
  20. wat0114

    wat0114 Guest

    No, it's definitely disabled. If you note the text under that setting in the screenshot of that post: "Do not execute any autorun commands"

    Another ss to show the setting's Option...
     

    Attached Files:

  21. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Ah, I see, thanks :)
     
  22. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    how are you trying to flash your bios? can you link me to the msi bios download link so i can see if there is another way for you to flash it..

    edit got the bios. do you have any kind of flash drive (usb stick) any small one will work.

    download this: http://www.softpedia.com/get/System/Hard-Disk-Utils/HP-USB-Disk-Storage-Format-Tool.shtml

    install it. then use it to format the usb stick and select the make bootable option.

    now download this i put together for you (its been modified it to do a full erase then full flash to erase any areas the normal bios would not like the bootblock etc)

    http://www.mediafire.com/?r004eyffo11k3dh

    unzip to the usb stick.

    boot to the usb stick (not sure if you know how if not let me know)

    at the c: prompt type cd/msi

    then you should see c:/msi prompt now type AFUD4310 A7536IMS.120 at that prompt and hit enter. it should start to flash the bios. once done turn off power and reboot.

    if you have any issues let me know. btw you have ami bios. the one i uploaded i have modified as i said to do a full flash as well (i edit and modify bios' often to add procc support etc) also if at all possible ALWAYS flash from dos!!!
     
    Last edited: Nov 9, 2011
Loading...
Thread Status:
Not open for further replies.