Can a virus attach to the BIOS and require a new mobo to clean?

Discussion in 'General Hardware' started by Rikki, Nov 22, 2004.

  1. Rikki

    Rikki 2[H]4U

    Messages:
    2,300
    Joined:
    Oct 8, 2000
    I know that sounds like a competey newbie question and my gut reaction to it is of course - NO of course not. But I just wanted to ask and be 100% certain as a friend has been told by a reputable repair place that his machine is infected in "track 0" of the HDD and also the BIOS and that means he NEEDs a new mobo and HDD.

    Back when I was into PC's in a big way that was a lot of horsesh1t and I was wondering if by some freak of nature that it was now possible - there was a time when it was laughable that viewing a JPEG could infect your pc LOL.

    Many thanks folks,

    Rikki
     
  2. gamer1drew

    gamer1drew [H]Lite

    Messages:
    98
    Joined:
    Jul 17, 2004
    I dont know much on the subject, but after looking around it seems like a few years back the CIH virus could screw up the BIOS. It looks like most moderm motherboards have protections to disallow this from happening, but then again it is possible to flash ones BIOS inside windows these days, I guess theres nothing stopping a virus from corrupting it. I would ask the name of the virus if the place knows and and do some research on it first. Maybe even email a company that makes antivirus software like norton and ask them what they think. Also ask if your motherboard has a removable BIOS chip, maybe you could just replace that.
    Anyways Good Luck, and what a bummer.
     
  3. BlindedByScience

    BlindedByScience More Human than Human

    Messages:
    9,119
    Joined:
    May 26, 2000
    Hmmm.....on the BIOS, I'd say "no". BIOS is stored in CMOS, so even if you could get a virus in the CMOS, you could pull the battery / clear the CMOS and flash it to the latest revison...and you should be good.

    "Track0" on the hard drive is a little different. I can recall boot sector virus' that would indeed live through a format. The command:

    format c: /mbr

    ....used to work in that it would instruct the system to overrite the "master boot record" and that would fix it up, but I haven't used it in so long, I don't know if XP still recognizes it. Other OS's....not sure.

    Good Luck - B.B.S.
     
  4. Rikki

    Rikki 2[H]4U

    Messages:
    2,300
    Joined:
    Oct 8, 2000
    Thanks for the info guys.

    The more I look into it the more I smell a rat. True you can rewrite a BIOS but to actually put an executable virus in there would be very hard as all BIOS' on all Mobo's are different and if it was possible to insert code into one, it wouldnt work on them all. And writing garbage to the chip would render the system unbootable.

    I've also not been able to find any boot sector viruses that live happily with Windows XP and run in the background. The boot sector is 512 bytes long and runs in real mode, XP is a 32bit system and runs in protected mode so any real mode access should be disabled.

    The two names given by the shop were :

    Bagle

    and

    Blaster

    Both of which as far as I can see are worms and do not write to the boot sector or BIOS in anyway.

    Thanks for all your help on this one!

    R.
     
  5. Jr. Woodchuck

    Jr. Woodchuck Limp Gawd

    Messages:
    237
    Joined:
    Aug 8, 2004
    I recall years ago there being a virus that could "infect" your bios, but outside of that I dont recall the name or what it actually did.

    Before replaceing a mobo for a defunct bios I would flash it. If his bios is acting funny give that a shot.
     
  6. wwparrish

    wwparrish Limp Gawd

    Messages:
    353
    Joined:
    Nov 18, 2004
    why the heck could you not boot from a clean write portected dos floppy disk or even a bootable CD made on a clean computer and reflash the bios and low level factory format the HD as well. There are tools to recreate the boot sector and any decent computer shop has the floppy/cd sitting on the bench already.

    Pure bullshit. you bud is being taken for a ride IMO or at best the shop is incompentent.
     
  7. GeForceX

    GeForceX [H]ardness Supreme

    Messages:
    4,172
    Joined:
    Mar 19, 2003
    I'd say the shop is both incompetent but wants your money as well.

    -J.
     
  8. dariob

    dariob [H]ard|Gawd

    Messages:
    1,349
    Joined:
    Sep 13, 2004
    They are feeding you BS. Take the machine back, reformat and reinstall, and you'll be fine. Also tell them that you know about their BS and they better not feed it to others or else expect a nasty lawsuit.
     
  9. SmokeRngs

    SmokeRngs [H]ard|DCer of the Month - April 2008

    Messages:
    15,444
    Joined:
    Aug 9, 2001
    I know there were some viruses that affected the BIOS. They would mostly just wipe out whatever settings you had in there each time the system was booted and you would have to go back in and redo them. The ones I can remember were "anticmos" viruses with variations like a, b or c. They didn't actually damage the BIOS though, just wiped out custom settings.
    [​IMG]
     
  10. The_Mage18

    The_Mage18 [H]ard|Gawd

    Messages:
    1,712
    Joined:
    Jul 31, 2004
    Virii that affected Bioses would wipe them and render the motherboard useless until the Bios chip was replaced or reflashed to restore the data contents.

    Bios data IS NOT stored in CMOS, it's stored in a EEPROM (Electronically Erasable Programable Read Only Memory). Date, time, IRQ routing, enable/disable switches for hardware, boot order and drive type are stored in CMOS.

    Virii can infect track 0 of a disk but a low level format or a repartition of the drive wil wipe that out. Also nearly every antivirus program on the market today can clean these out, they're legacy virii from the DOS era.

    Tell the shop to stop trying to scam their customers, report them to the BBB and get the system back.
     
  11. BlindedByScience

    BlindedByScience More Human than Human

    Messages:
    9,119
    Joined:
    May 26, 2000
    ....you are correct. Register contents only in the CMOS, the BIOS in an EEPROM. First clue should have been the fact that it's non-volitle (more coffee there, B.B.S.....:rolleyes: ). But - you could still wipe and re-burn the EEPROM with a new version of the BIOS and be good to go, I believe, so we basically agree though I boogered up the details.....:D


    ...yep. What he said.....

    Regards - B.B.S.
     
  12. The_Mage18

    The_Mage18 [H]ard|Gawd

    Messages:
    1,712
    Joined:
    Jul 31, 2004
    Hot flashes are fun! :D

    Saved several motherboards that way. ;)