Can a Virus Infect the BIOS?

  • Thread starter Thread starter Nancy
  • Start date Start date
N

Nancy

I'm not even sure if my PC has a virus now.
It started out with sudden rebooting.
My PC is unable to boot up at all into Windows now.
I have Avast anti virus installed and auto updates enabled and
installed.
Also did a full anti-virus scan.

There was a big yellow question mark in the Device Mngr list
pertaining to the USB bus so I disabled it.
I also disabled it in the BIOS.

Since then, when booting up, I get to the safe mode menu and select
safe mode. The screen just hangs and nothing happens.

I am going to put a new hard drive in but was wondering.....
If the PC was infected with a virus, could my new hard drive get
infected from the BIOS?

Thank you.

Nancy
 
Nancy said:
I'm not even sure if my PC has a virus now.
It started out with sudden rebooting.
My PC is unable to boot up at all into Windows now.
I have Avast anti virus installed and auto updates enabled and
installed.
Also did a full anti-virus scan.

There was a big yellow question mark in the Device Mngr list
pertaining to the USB bus so I disabled it.
I also disabled it in the BIOS.

Since then, when booting up, I get to the safe mode menu and select
safe mode. The screen just hangs and nothing happens.

I am going to put a new hard drive in but was wondering.....
If the PC was infected with a virus, could my new hard drive get
infected from the BIOS?

Thank you.

Nancy
Click to expand...
It is possible, but i understand that boot viri are very rare these daze.
 
Back in the mid-late 90s, there was a virus written by some guy in
Taiwan that can effectively wipe out all the information stored in your
BIOS, it caused a lot of serious damage worldwide, but those kind of
viruses require very high privilege which I think only DOS and DOS
based Windows 98 can provide, ever since the introduction of Windows
2000, that kind of viruses become very rare, in fact, I don't think
there are many new hardware-damaging viruses being written, and the
spread of high-speed Internet also makes worms much more appealing to
virus writer because of the speed of spreading, and those old viruses
are all ineffective if your OS are win2000 or above, of course, I'm no
expert on virus, so there maybe something I don't know, but if your
machine has hardware problems, it's more likely to be the problem of
hardware instead of virus.
 
I am going to put a new hard drive in but was wondering.....
If the PC was infected with a virus, could my new hard drive get
infected from the BIOS?
Click to expand...

Extremely unlikely that your BIOS was reflashed by malicious code.
In known cases of malicious BIOS reflashing, it has been a trashing
of the BIOS to the extent that the machine is completely unusable.

Art
http://home.epix.net/~artnpeg
 
Nancy said:
I'm not even sure if my PC has a virus now.
It started out with sudden rebooting.
My PC is unable to boot up at all into Windows now.
I have Avast anti virus installed and auto updates enabled and
installed.
Also did a full anti-virus scan.

There was a big yellow question mark in the Device Mngr list
pertaining to the USB bus so I disabled it.
I also disabled it in the BIOS.

Since then, when booting up, I get to the safe mode menu and select
safe mode. The screen just hangs and nothing happens.

I am going to put a new hard drive in but was wondering.....
If the PC was infected with a virus, could my new hard drive get
infected from the BIOS?
Click to expand...

no, your new hard drive will not get infected from the bios...

as yet there are no viruses that live in the bios... there are a few
pieces of malware that overwrite the bios with garbage but that's as
close as it gets right now... and since you can at least get to the
screen that shows the option to boot in safe mode it would appear that
your bios is more or less ok (you wouldn't be able to get that far if it
had been overwritten by the previously mentioned malware)...
 
no, your new hard drive will not get infected from the bios...
Click to expand...

There was a thread here a month or two ago (or was it acv?) where the
OP reckoned his hard disk mbr was getting infected by the bios during
the power on self test phase of the boot sequence and if he moved the
hard disk to another machine it was okay. He didn't post any
meaningful evidence though so maybe he was just another usenet crank.


Jim.
 
I'm not even sure if my PC has a virus now.
It started out with sudden rebooting.
Click to expand...

Many possible causes, not just viruses.
My PC is unable to boot up at all into Windows now.
I have Avast anti virus installed and auto updates enabled and
installed.
Also did a full anti-virus scan.
Click to expand...

What version of java do you have installed. You should have
jre-1_5_0_07, and no prior versions.
There was a big yellow question mark in the Device Mngr list
pertaining to the USB bus so I disabled it.
I also disabled it in the BIOS.
Click to expand...

Ok this indicates at least one hardware/driver problem. First ensure
the fans on the power supply, and cpu are operating properly, and
the case openings are not clogged by dust.

Unplug, and then reconnect every connector, to ensure clean contact,
on every cable in the case. Same with each memory card, pci card,
etc.
Since then, when booting up, I get to the safe mode menu and select
safe mode. The screen just hangs and nothing happens.
Click to expand...

It's possible that a hardware problem has now caused filesystem
corruption.
I am going to put a new hard drive in but was wondering.....
If the PC was infected with a virus, could my new hard drive get
infected from the BIOS?
Click to expand...

Although in theory, it's possible for a virus to flash the bios,
there are no known viruses that will do so without corrupting
the bios to the point you wouldn't even be able to boot into
the bios setup.

As to infecting the new hd, that could only happen if you boot
from the current hd (and it's infected), with the new hd connected.
If you boot from an installation cd, you should be ok. Once you
boot from the installaton cd, try the repair option, to run chkdsk,
(or scandisk if this is an pre XP version of windows).

Note that you should virus scan the new hd, before booting from it,
just to ensure it doesn't come with a pre-installed virus. That's
how I was hit with the ripper boot virus, a decade or so ago.

Regards, Dave Hodgins
 
Art said:
You're confused. Boot viruses affect sectors on hard drives, not the
BIOS.

Art
http://home.epix.net/~artnpeg
Click to expand...
No; a "good" BIOS virus will write one on the HD, so that if the BIOS
was somehow "fixed", then the boot virus will rewrite the BIOS copy.
Just like some virii hide a copy in the registry garbage pile.
Three components: the running program, the HD file(s), and the
registry entry/entries.
Delete any part and it will shortly pop back.
Almost as bad as the chicken and egg "problem".
 
From: "Robert Baer" <[email protected]>

| No; a "good" BIOS virus will write one on the HD, so that if the BIOS
| was somehow "fixed", then the boot virus will rewrite the BIOS copy.
| Just like some virii hide a copy in the registry garbage pile.
| Three components: the running program, the HD file(s), and the
| registry entry/entries.
| Delete any part and it will shortly pop back.
| Almost as bad as the chicken and egg "problem".

Completely -- WRONG !

There are viruses such as the CIH (aka; Chernobyl) and Keriz that can corrupt or erase a
Flashable BIOS that has not been write-protected but there are NO viruses that "infect" a
BIOS.
 
From: "James Egan" <[email protected]>

| On Thu, 15 Jun 2006 07:32:10 -0400, kurt wismer <[email protected]>
| wrote:
|| There was a thread here a month or two ago (or was it acv?) where the
| OP reckoned his hard disk mbr was getting infected by the bios during
| the power on self test phase of the boot sequence and if he moved the
| hard disk to another machine it was okay. He didn't post any
| meaningful evidence though so maybe he was just another usenet crank.
|
| Jim.

Yes James... a crank yanker.
 
No; a "good" BIOS virus will write one on the HD, so that if the BIOS
was somehow "fixed", then the boot virus will rewrite the BIOS copy.
Just like some virii hide a copy in the registry garbage pile.
Three components: the running program, the HD file(s), and the
registry entry/entries.
Delete any part and it will shortly pop back.
Almost as bad as the chicken and egg "problem".
Click to expand...

Worthless gibberish.

Art
http://home.epix.net/~artnpeg
 
From: "David H. Lipman" <[email protected]>


|
| Completely -- WRONG !
|
| There are viruses such as the CIH (aka; Chernobyl) and Keriz that can corrupt or erase a
| Flashable BIOS that has not been write-protected but there are NO viruses that "infect" a
| BIOS.
|

Oooops. That should have been Kriz notKeriz.
 
Robert said:
No; a "good" BIOS virus will write one on the HD, so that if the BIOS
was somehow "fixed", then the boot virus will rewrite the BIOS copy.
Click to expand...

No room.

Eventually, computers will have more memory for the BIOS or to record
drivers or part of the OS. Maybe then. Not now.
 
Robert Baer wrote:
[snip]
No; a "good" BIOS virus will write one on the HD, so that if the BIOS
was somehow "fixed", then the boot virus will rewrite the BIOS copy.
Click to expand...

i'll be blunt... there is no such virus that does what you describe...
 
Offbreed said:
No room.

Eventually, computers will have more memory for the BIOS or to record
drivers or part of the OS. Maybe then. Not now.
Click to expand...
"No room"???
What about the space that is used for the "background" logo as the
computer comes on?
That factory logo can be altered via *flashing* and with a program
usually available from the mobo maker, and there are similar programs
available on the net at no cost.
And it is possible to write a program such that starting the program
sequence with a different byte offset gives *another* program!
I have written programs that resided in the FAT, in the directory,
and in areas never used...on a floppy!
There is *lots* more space in the BIOS and a whole hotel of space on
the HD!
Remember, in the CP/M daze, there was only 64K total RAM, and 48K to
56K was the Total Programming Area (TPA).
A word processor ran in that space, and could manipulate / edit files
that were megabytes long - easily and fast.
"No room"???
Guess again!
 
What version of java do you have installed. You should have
jre-1_5_0_07, and no prior versions.
Click to expand...


David Lipman mentioned this recently too, yet when I run the java
updater manually it tells me I have the latest version for the
platform (xp home)

Version 1.5.0 (build 1.5.0_06-b05)


Jim.
 
From: "James Egan" <[email protected]>

| On Thu, 15 Jun 2006 11:55:45 -0400, "David W. Hodgins"
|
| David Lipman mentioned this recently too, yet when I run the java
| updater manually it tells me I have the latest version for the
| platform (xp home)
|
| Version 1.5.0 (build 1.5.0_06-b05)
|
| Jim.

"Java Runtime Environment Version 5.0 Update 7"
http://www.java.com/en/download/manual.jsp

I don't suggest enabling Sun Java to auto-download new versions. For one the new version is
installed but the old version has been left intact. The problem with the is that some
Trojans such as the Vundo have the ability to searct the folder; C:\Program Files\Java
for vulnerable versions by traversing the sub-folders.

I can't tell you how many Dell computers I have come across that have been infected with the
Vundo Trojan/Virtumonde Adware. Dell is shipping new PCs with a vulnerable version of Java.
When the owner connects the PC to the Internet, it updates to the latest version but....
surf the wrong web page an a exploit will soon have the person infected.
 
Back
Top