Investigating Possible Motherboard BIOS Malware

  • Thread starter Thread starter gnome
  • Start date Start date
AI Thread Summary
Discussions on the potential for malware targeting motherboard BIOS revealed that while BIOS viruses do exist, they are rare and typically overwrite the BIOS itself, making the system unbootable. The BIOS is stored in flash memory, which can be updated, but this also makes it susceptible to corruption. A virus that damages the BIOS would not be able to replicate effectively, as it would prevent the system from booting. The conversation highlighted the distinction between viruses and worms, noting that worms can operate independently of executable code. Dual BIOS technology offers some protection against BIOS corruption, but the ability to flash the BIOS can also pose risks. Ultimately, the initial issue was resolved by cleaning dust from the CPU heatsink, which had caused thermal protection to slow down the boot process, rather than any malware-related problem.
gnome
Messages
1,031
Reaction score
1
Is there such a thing? Some kind of malware that attacks the motherboard bios?

This afternoon I rebooted one of my computers (an Asus A7N8XE mb) -- some program, I don't remember exactly which, was "acting up" -- and it took way too long to boot. It seemed to be hanging even before Grub loaded (while the nvidia splash screen that shows up during post was still displayed). Tried a few times with the same effect; it was taking almost a minute before I would get my grub boot menu.

I was thinking that maybe my boot sector was corrupted, or one of my memory sticks went bad, but I didn't have time to play with it & just left it running while I went to school.

Tonight, before screwing around with the memory, just for the hell of it I flashed the bios and, voila, it seems to be working fine again.

Could anything from the internet have caused that, or is it just indigestion?
 
Computer science news on Phys.org
I suppose a BOIS could get trashed somehow, but I believe on most motherboards it's stored in Flash.

And yes, there are BIOS viruses. The purpose of the viruses is to make your computer unable even to boot, so it's impossible to fix without taking out the BIOS chip and reprogramming it.

- Warren
 
It is stored in a flash rom. But it seems as if something corrupted it. It didn't prevent the computer from booting, but it definitely slowed down something in the booting process dramatically.

After I re-flashed it, it seems to be back to normal.
 
How can there be a BIOS V!rus? I though that one of the main purposes of the BIOS is to make it where H@X0Rz cannot access it. Hmn, but if you think about it, there must be a way to access the bios data becase when you set a new Windows password, it stores it there. hmn...Does anybody know how to access the BIOS then?
 
eNathan said:
How can there be a BIOS V!rus? I though that one of the main purposes of the BIOS is to make it where H@X0Rz cannot access it. Hmn, but if you think about it, there must be a way to access the bios data becase when you set a new Windows password, it stores it there. hmn...Does anybody know how to access the BIOS then?
The BIOS is the lowest level of software in your computer. It has no purposes of being "hack-proof," and it's hackable like any other piece of software. All motherboards can be updated interactively. You can download a new BIOS image off a motherboard manufacturere's website, and reprogram the BIOS. A virus can modify the BIOS in the same way, but for a malicious purpose.

- Warren
 
I think the data of the viruses are saved in CMOS-Memory.

And gnome acknowledged it...

When you reset that by using the CMOS-Jumper or by taking away the battery, the virus must be away, or not?

I think that'll be not that big problem, if i undertands you right...

Greets
Soeren
 
soeren said:
I think the data of the viruses are saved in CMOS-Memory.

And gnome acknowledged it...

When you reset that by using the CMOS-Jumper or by taking away the battery, the virus must be away, or not?

I think that'll be not that big problem, if i undertands you right...

Greets
Soeren

No, a BIOS virus would overwrite the BIOS itself, not just the memory the BIOS uses to store data.
 
I would argue that a "virus" that prevented a PC from Booting by trashing the BIOS is not a virus...

A Virus per definition uses its Host to "reproduce" its self... If the virus kills its host it can't reporduce and thus kills itself...
 
Anttech said:
I would argue that a "virus" that prevented a PC from Booting by trashing the BIOS is not a virus...

A Virus per definition uses its Host to "reproduce" its self... If the virus kills its host it can't reporduce and thus kills itself...

Of course, it's entirely possible that it really is a virus which replicates itself for a while and then trashes the BIOS.
 
  • #10
Anttech said:
I would argue that a "virus" that prevented a PC from Booting by trashing the BIOS is not a virus...

A Virus per definition uses its Host to "reproduce" its self... If the virus kills its host it can't reporduce and thus kills itself...

I think you are talking about a 'worm'
 
  • #11
Actually I am not. A virus (thus its name) has to reproduce and spead...

virus

Worm

A worm is the same but doesn't need to attach to an executable code and is self contained, for example the Slammer worm
 
  • #12
master_coda said:
Of course, it's entirely possible that it really is a virus which replicates itself for a while and then trashes the BIOS.

Well errm yeh good point ;-)
 
  • #13
BIOS Code is flashed at production. It is written in low level C machine code. If a worm can replicate this low level C code and flash itself into BIOS memory at boot time before POST, then yes, you can corrupt a system to a point of unbootable state. These kind of worms are however very rare nowadays with the advent of Dual BIOS, dynamic flashing on the EPROM and so forth.

There is also little point to this, as your BIOS only really stores system information related to the motherboard and IC itself. All other devices are loaded during the POST process, and then the bootstrap loader.
 
  • #14
Nemesis said:
BIOS Code is flashed at production. It is written in low level C machine code. If a worm can replicate this low level C code and flash itself into BIOS memory at boot time before POST, then yes, you can corrupt a system to a point of unbootable state. These kind of worms are however very rare nowadays with the advent of Dual BIOS, dynamic flashing on the EPROM and so forth.

There is also little point to this, as your BIOS only really stores system information related to the motherboard and IC itself. All other devices are loaded during the POST process, and then the bootstrap loader.

Dual BIOS is probably the only thing that can protect you from this sort of problem, and it isn't is universal use yet.

The fact that you can flash your ROM is actually the cause of the problem, not a solution. If your BIOS couldn't be rewritten then it couldn't be overwritten with garbage. Unfortunatly, once your BIOS is overwritten by a virus, it's unlikely you'll be able to restore it. I've never seen a system that provided a way for you to flash to BIOS without booting the system first, and if your BIOS is trashed then you'll be unable to boot.
 
  • #15
Maybe it was just an allergy. :biggrin: :biggrin: :biggrin:


As it turns out, that's exactly what it was -- a dust allergy. I rebooted it a little while ago (as you can see I don't often turn this thing off) & found that the POST was again way too slow. So I went into setup & turned off the logo so I could watch the POST messages; the long delay in booting was actually occurring even before the memory test started. So I opened up the case & found that my oversized ThermalTake Silent Boost heatsink was choked - REALLY choked - with dust. Blew it out, let it cool for a few minutes, & now it boots like a champ.

Apparently the slow startup was caused by the motherboard's thermal protection waiting for the choked heatsink to cool the cpu down to an acceptable temperature. With a standard heatsink & fan it probably wouldn't have been able to run at all.

Oh well ...
 

Similar threads

Windows 10 made a brick out of my laptop
3
Replies
123
Views
18K
A Problem to Chew On: PC shutdown during boot
Replies
12
Views
7K
[ubuntu] Can't boot into anything after installing Ubuntu on Windows 7
Replies
2
Views
6K
NVidia GeForce 8400 GS: BIOS Settings, Driver, DirectX, GPU Benchmarking
Replies
1
Views
5K
RAID5 SSD: Pros & Cons of Replacing Failed HDD w/SSD
Replies
30
Views
4K
Troubleshooting a Dead Motherboard on My Desktop PC
Replies
21
Views
6K
I finally found a way to access the BIOS on my computer
Replies
7
Views
3K
Graphics Card and Motherboard Problem
Replies
3
Views
5K
Why is my new PSU causing my monitor to lose display?
Replies
1
Views
3K
ATI Radeon 2900 XT No input detected
Replies
2
Views
4K

Hot Threads

Recent Insights

Back
Top