Investigating Possible Motherboard BIOS Malware

  • Thread starter gnome
  • Start date
In summary, a computer may not be able to boot because of a corrupted BIOS. After re-flashing the BIOS, the computer was able to boot normally.
  • #1
gnome
1,041
1
Is there such a thing? Some kind of malware that attacks the motherboard bios?

This afternoon I rebooted one of my computers (an Asus A7N8XE mb) -- some program, I don't remember exactly which, was "acting up" -- and it took way too long to boot. It seemed to be hanging even before Grub loaded (while the nvidia splash screen that shows up during post was still displayed). Tried a few times with the same effect; it was taking almost a minute before I would get my grub boot menu.

I was thinking that maybe my boot sector was corrupted, or one of my memory sticks went bad, but I didn't have time to play with it & just left it running while I went to school.

Tonight, before screwing around with the memory, just for the hell of it I flashed the bios and, voila, it seems to be working fine again.

Could anything from the internet have caused that, or is it just indigestion?
 
Computer science news on Phys.org
  • #2
I suppose a BOIS could get trashed somehow, but I believe on most motherboards it's stored in Flash.

And yes, there are BIOS viruses. The purpose of the viruses is to make your computer unable even to boot, so it's impossible to fix without taking out the BIOS chip and reprogramming it.

- Warren
 
  • #3
It is stored in a flash rom. But it seems as if something corrupted it. It didn't prevent the computer from booting, but it definitely slowed down something in the booting process dramatically.

After I re-flashed it, it seems to be back to normal.
 
  • #4
How can there be a BIOS V!rus? I though that one of the main purposes of the BIOS is to make it where H@X0Rz cannot access it. Hmn, but if you think about it, there must be a way to access the bios data becase when you set a new Windows password, it stores it there. hmn...Does anybody know how to access the BIOS then?
 
  • #5
eNathan said:
How can there be a BIOS V!rus? I though that one of the main purposes of the BIOS is to make it where H@X0Rz cannot access it. Hmn, but if you think about it, there must be a way to access the bios data becase when you set a new Windows password, it stores it there. hmn...Does anybody know how to access the BIOS then?
The BIOS is the lowest level of software in your computer. It has no purposes of being "hack-proof," and it's hackable like any other piece of software. All motherboards can be updated interactively. You can download a new BIOS image off a motherboard manufacturere's website, and reprogram the BIOS. A virus can modify the BIOS in the same way, but for a malicious purpose.

- Warren
 
  • #6
I think the data of the viruses are saved in CMOS-Memory.

And gnome acknowledged it...

When you reset that by using the CMOS-Jumper or by taking away the battery, the virus must be away, or not?

I think that'll be not that big problem, if i undertands you right...

Greets
Soeren
 
  • #7
soeren said:
I think the data of the viruses are saved in CMOS-Memory.

And gnome acknowledged it...

When you reset that by using the CMOS-Jumper or by taking away the battery, the virus must be away, or not?

I think that'll be not that big problem, if i undertands you right...

Greets
Soeren

No, a BIOS virus would overwrite the BIOS itself, not just the memory the BIOS uses to store data.
 
  • #8
I would argue that a "virus" that prevented a PC from Booting by trashing the BIOS is not a virus...

A Virus per definition uses its Host to "reproduce" its self... If the virus kills its host it can't reporduce and thus kills itself...
 
  • #9
Anttech said:
I would argue that a "virus" that prevented a PC from Booting by trashing the BIOS is not a virus...

A Virus per definition uses its Host to "reproduce" its self... If the virus kills its host it can't reporduce and thus kills itself...

Of course, it's entirely possible that it really is a virus which replicates itself for a while and then trashes the BIOS.
 
  • #10
Anttech said:
I would argue that a "virus" that prevented a PC from Booting by trashing the BIOS is not a virus...

A Virus per definition uses its Host to "reproduce" its self... If the virus kills its host it can't reporduce and thus kills itself...

I think you are talking about a 'worm' :grumpy:
 
  • #11
Actually I am not. A virus (thus its name) has to reproduce and spead...

virus

Worm

A worm is the same but doesn't need to attach to an executable code and is self contained, for example the Slammer worm
 
  • #12
master_coda said:
Of course, it's entirely possible that it really is a virus which replicates itself for a while and then trashes the BIOS.

Well errm yeh good point ;-)
 
  • #13
BIOS Code is flashed at production. It is written in low level C machine code. If a worm can replicate this low level C code and flash itself into BIOS memory at boot time before POST, then yes, you can corrupt a system to a point of unbootable state. These kind of worms are however very rare nowadays with the advent of Dual BIOS, dynamic flashing on the EPROM and so forth.

There is also little point to this, as your BIOS only really stores system information related to the motherboard and IC itself. All other devices are loaded during the POST process, and then the bootstrap loader.
 
  • #14
Nemesis said:
BIOS Code is flashed at production. It is written in low level C machine code. If a worm can replicate this low level C code and flash itself into BIOS memory at boot time before POST, then yes, you can corrupt a system to a point of unbootable state. These kind of worms are however very rare nowadays with the advent of Dual BIOS, dynamic flashing on the EPROM and so forth.

There is also little point to this, as your BIOS only really stores system information related to the motherboard and IC itself. All other devices are loaded during the POST process, and then the bootstrap loader.

Dual BIOS is probably the only thing that can protect you from this sort of problem, and it isn't is universal use yet.

The fact that you can flash your ROM is actually the cause of the problem, not a solution. If your BIOS couldn't be rewritten then it couldn't be overwritten with garbage. Unfortunatly, once your BIOS is overwritten by a virus, it's unlikely you'll be able to restore it. I've never seen a system that provided a way for you to flash to BIOS without booting the system first, and if your BIOS is trashed then you'll be unable to boot.
 
  • #15
Maybe it was just an allergy. :biggrin: :biggrin: :biggrin:


As it turns out, that's exactly what it was -- a dust allergy. I rebooted it a little while ago (as you can see I don't often turn this thing off) & found that the POST was again way too slow. So I went into setup & turned off the logo so I could watch the POST messages; the long delay in booting was actually occurring even before the memory test started. So I opened up the case & found that my oversized ThermalTake Silent Boost heatsink was choked - REALLY choked - with dust. Blew it out, let it cool for a few minutes, & now it boots like a champ.

Apparently the slow startup was caused by the motherboard's thermal protection waiting for the choked heatsink to cool the cpu down to an acceptable temperature. With a standard heatsink & fan it probably wouldn't have been able to run at all.

Oh well ...
 

1. What is motherboard BIOS malware?

Motherboard BIOS malware is a type of malicious software that targets the basic input/output system (BIOS) of a computer's motherboard. It can potentially infect the BIOS, which is responsible for initializing hardware components and starting the operating system, making it a critical and hard-to-detect type of malware.

2. How does motherboard BIOS malware infect a computer?

Motherboard BIOS malware can infect a computer through various means, such as phishing emails, infected USB drives, or by exploiting vulnerabilities in the BIOS firmware. It can also be installed by other malware already present on the system.

3. What are the signs of a possible motherboard BIOS malware infection?

The signs of a possible motherboard BIOS malware infection may include strange behavior of the computer, such as sudden crashes or freezes, changes in BIOS settings, or unusual network activity. However, these signs can also be caused by other issues, so it is important to run a thorough scan with reputable antivirus software to confirm the presence of malware.

4. How can one investigate and remove motherboard BIOS malware?

Investigating and removing motherboard BIOS malware can be a complex and challenging task. It often requires specialized knowledge and tools, such as a BIOS flashing utility, to remove the malware from the BIOS. It is recommended to seek assistance from a professional or reputable antivirus software company to ensure the proper removal of the malware.

5. How can one prevent motherboard BIOS malware infections?

To prevent motherboard BIOS malware infections, it is important to practice safe browsing habits, regularly update the BIOS firmware, and use reputable antivirus software. It is also recommended to regularly back up important data and enable secure boot in the BIOS to prevent unauthorized changes to the firmware.

Similar threads

  • Computing and Technology
4
Replies
123
Views
15K
  • Computing and Technology
Replies
30
Views
2K
  • Computing and Technology
Replies
12
Views
6K
Replies
2
Views
5K
Replies
1
Views
5K
  • Computing and Technology
Replies
7
Views
3K
  • Computing and Technology
Replies
21
Views
5K
  • Computing and Technology
Replies
3
Views
5K
  • Computing and Technology
Replies
2
Views
3K
  • DIY Projects
Replies
23
Views
4K
Back
Top