SOLVED Virus got to my BIOS!!??

[Nibiru2012]

Well, this is the first time this has ever happened to me. Here is what happened:

Last night about 9:00 PM CDT USA

1. Downloaded Plants vs Zombies trial software game installer.

2. Installed game and tried to start it; complete system lockup - nothing, zilch, nada, zip, would work.

3. Rebooted and got a BSOD stating: Warning - possible virus has infected your system.

4. Rebooted several more times, each time got the BSOD, CRAP! :bawling:

5. G DATA AV Rescue disk wouldn't go past it's opening windows... kept freezing up.

6. CRAP again! (Note to self: I'm getting really upset now.)

7. Try to reinstall Windows 7, even after using an IBM DOS-based hard wipe utility on the primary hard drive the install would not begin or it would take over 10 minutes to get to the install screen.

Something is REALLY rotten in the state of Denmark now!

8. DOUBLE CRAP!! Really getting upset now... also trashed my 80GB SATA secondary drive I use for Paging File, Temp Files and System Backup Image. BIOS won't even recognize the drive.

9. Screw with it for about two hours before a sudden inspiration hit me! This could be an infected BIOS on my mobo. I see a possible solution! :idea:

10. Get out my trusty USB external floppy drive and my 3.5" discs. Go to roommate's computer and download the last BIOS issued for the mobo and write it to a floppy disc.

11. Reboot computer and go to the QFlash Utility on the Gigabyte mobo and start it, then FLASH the mobo's BIOS. Restart the computer and all is well again and the Windows 7 install went off without a hitch. My 80GB secondary hard drive is now in File 13. I could use it for a paper weight, but alas it's too heavy.

I am done ranting now. This darn thing slipped past my G DATA AV and did one fine job that's for sure. Thank goodness I can install Windows 7 in my sleep. :sleep:

P.S.
My cigarette consumption went up dramatically during this period of time! :smokin::smokin::smokin::smokin::smokin:

 

[clifford_cooley]

Ouch

To me that is the worst virus you can get. Lets hope no one else will ever see this one again.

Next up would be the one I got 12 years back. Memory resident boot virus that contaminates hard drives and floppies. Delete all partitions to clear the master boot record and reboot to clear memory then boot to a known good floppy. I fought this virus a month before learning all the places it was hiding.

 

[Core]

But what did you think of Plants vs Zombies?

 

[roban]

Wow that's the first case of a BIOS virus I've heard of. Your solution was brilliant and I'm glad you got it worked out. I'll certainly remember your 'fix'.

 

[Nibiru2012]

But what did you think of Plants vs Zombies?

I like the online version; I'll refrain from any further comment about the installer version because C_C might put me on time-out in the corner.

 

[Thrax]

BIOS viruses are exceptionally rare. You're more likely to win a lottery ticket twice in a row.

Do you have any information on this virus?

 

[Mychael]

Hows does a bios virus get past your av programs? Is it because it acts in a different way to bugs that attack drives and files?

 

[Nibiru2012]

Well, I don't have 100% proof exactly what happened. I can't prove it was this program. I don't have 8x10 color glossy photos with circles and arrows and descriptions on the back of each photo. My ADD keeps me from being too anal about all this. Besides life is too short to investigate the nitty gritty on this.

If this is my luck then Thrax, maybe I really should start getting a Texas Lottery ticket every week. After I win the big bucks, I could then take care of a couple of issues here and get the HELL out of this crummy state and get back to the Rocky Mountains which is the REAL God's Country!!! To heck with Longhorn fans and Dallas Cowgirl fans too!

I all I know is whatever happened, happened. Re-flashing the BIOS did the trick.

Perhaps I made what would be called a "crass assumption", still not sure what would screw up a motherboard, kill a hard drive and all the other stuff I described.

IF Thrax has a suggestion, comment or whatever I would be interested in reading it.

All I know now is that the system is working again now. Just have to wait for Monday the 31st for the Labor Day Sales for a new hard drive. May get one online as Newegg is having some great deals right now if one is subscribed to their email promos.

 

[Thrax]

My first inclination during times like this is to chalk it all up to a very (very) unfortunate coincidence. BIOS viruses haven't been prevalent in 10-15 years (actual number), because many PC BIOS are encrypted these days. There are also several BIOS vendors on the market, and every motherboard manufacturer tends to have a slightly different spin on the idea of the BIOS.

Diversity is the bane of malware. Conversely, it's why Windows is such an easy target: a flaw in one person's installation is likely to be a flaw in everyone's!

That said, your evidence is pretty compelling. Compelling enough to do some digging. I'll report back soon.

 

[Nibiru2012]

Thrax - Thanks for your kind, informative response regarding my issue. Above and beyond the call of duty, IMO! :congrats:

 

[AK762]

It could have been a virus in your bootsector, something like mebroot - you could have tried scanning with a number of rescue discs. Did you have a pristine image ready in case something like this happened?

 

[Nibiru2012]

It could have been a virus in your bootsector, something like mebroot - you could have tried scanning with a number of rescue discs. Did you have a pristine image ready in case something like this happened?

Yeah I did have an image, the problem was that the image was stored on the drive that crashed and burned!

From now on I'll put the backup image on the external 1TB Samsung eSATA hard drive.

 

[TrainableMan]

Plants vs Zombies is a popcap game - they are a reputable game distributor. Did you get it from the main site?

The original title, "Turn your computer into a planter and you into a blood-crazed zombie out for revenge", was trimmed down for easier distribution :-/

 

[TrainableMan]

They fail to tell you the backstory of what triggered this ... 6 months ago this kids parents downloaded Plants vs Zombies. Today the family computer still doesn't work and this 2 yr old is now up to 2 packs a day while he sits and watchs a blank screen ...
http://www.king5.com/news/Watch-2-year-old-smokes-2-packs-a-day-say-parents-94960269.html

Nib, I'm just tryin to make light of a crappy situation - sorry ur system got FUBAR'd.

 

[davehc]

I would say that, having sorted out your Bios with a reflash, your hard disk may be recoverable. It may have had a root kit planted on it by the Bios Virus.
It ceratinly looks that way from your OP.

Bios infections are on the rise again, but, as Thrax said, it is a highly unlikely event. To get such an attack, you would have to be open to the following:

The BIOS woud have to be written for your particular BIOS, for the version of that BIOS you have. For example, as previously stated,a rootkit written for, say, an HP BIOS would not neccesarily work on anothermanufacturers BIOS.
The BIOS chip on your motherboard must be flashable, and set to allow flashing. Unfortunately, this is automatic on most motherboards
Most important, you will have had to already loaded a rootkit virus (with kernal level rights - normal). This would then be able to flash your bios.
, and you would have to have the switch on the MB set to allow flashing of the BIOS.
But. A BIOS level rootkit is a possible. Here is some interesting reading on the topic:

http://searchsecurity.techtarget.com.au/articles/33210-BIOS-can-become-a-source-of-malware

 

[Kalario]

Glad to see you're up and running, Nibiru. Hope that doesn't happen to me, 'cause I would have thrown the whole darn thing in the trash. I wouldn't have known what to do if my life depended on it.

 

[Nibiru2012]

Glad to see you're up and running, Nibiru. Hope that doesn't happen to me, 'cause I would have thrown the whole darn thing in the trash. I wouldn't have known what to do if my life depended on it.

Well, that's one of the reasons I decided to post what happened so if it happens to someone else they'll know that there's another way around the problem.

It was certainly the "last resort" fix to be sure, I'm just glad it worked because I really wasn't prepared to purchase another motherboard.

The hard drive that crashed was a cheapo drive, a Data-Tech brand I got dirt cheap for $20. It was a SATA I and is considered a "white label" drive.

Now I'm going to put in a Samsung or Western Digital with either 160 or 240 GB capacity. Definitely a SATA II for sure, and hopefully a 16 MB cache.

I quit using Maxtor and Seagate hard drives because their quality and lifespans aren't what they used to be.

 

[Kalario]

BIOS is one thing I will never touch. I know that I have an old version on my laptop, but I am scared to update it. If it ain't broken, don't fix it is my motto.

 

[Nibiru2012]

BIOS is one thing I will never touch. I know that I have an old version on my laptop, but I am scared to update it. If it ain't broken, don't fix it is my motto.

Sometimes, and I say this with that qualifier; sometimes, a BIOS firmware update is necessary due to CPU and memory incompatibility with the existing BIOS.

Quite a few users who upgraded to Windows 7 had to update the BIOS to ensure everything worked properly.

I flashed my first BIOS back in 2000, and I was nervous as a lady of the evening in church, to say the least.

I have done BIOS flashes probably a total of about 25 times, between clients computers and my own. A few times when I have done a new build for a client or friend, the BIOS would not even recognize the CPU until I flashed with the latest update. IF I hadn't done that, installing the drivers and configuring the BIOS would have been useless. Like teats on a boar hog! LOL.

Many people are paranoid to flash the BIOS for their first time ever. Believe me, it's like the first time you ever asked a girl to dance with you at the school dance. Nervous as heck, but afterward you think; Hmmm, that wasn't so bad after all. Basically, after starting the process is to sit back, relax and let the flash program do its thing. You can watch it or whatever, just don't touch the keyboard or mouse until prompted to do so.

The MOST important thing to remember is that the power cannot be interrupted during the flash process. I use a UPS unit for my computer since I live in a area of the states with power problems during spring and summer due to tornadoes and severe storms. Flashing a laptop must be done with the power cord plugged in, it will not flash on battery power alone.

Some time in the future you may have to flash your BIOS, so just remember the above tips. Also, many times after a BIOS flash the computer runs smoother too.

 

[Kalario]

well, I have an old laptop with win xp on it, maybe I can use it as a guinea pig. Can you tell me how to 'flash the BIOS' ? I am cluless as to where to even start.