Question Can bootkit, MBR virus, GPT virus, and rootkits infect WiFi or BIOS (for both legacy or UEFI)?

[Justcicia]

Hi Can bootkit, MBR virus, GPT virus, and rootkits infect WiFi or BIOS (for both legacy or UEFI)? Is this possible, in theory or in practice, in any way, albeit very unlikely?

 

[hotaru.hino]

Considering you can update firmware through the OS, including system firmware (my XPS 13 got one the other day), then yes.

However, in the case of UEFI firmware updates, secure boot is supposed to mitigate this.

 

[Justcicia]

Considering you can update firmware through the OS, including system firmware (my XPS 13 got one the other day), then yes.

However, in the case of UEFI firmware updates, secure boot is supposed to mitigate this.

Hello, thank you for your answer. Well, then, a boot virus that infects me can come back to me after I format the disk, go into the BIOS and make it impossible for antiviruses to find it, right? so how do i delete it from my device? @hotaru.hino

 

[hotaru.hino]

Hello, thank you for your answer. Well, then, a boot virus that infects me can come back to me after I format the disk, go into the BIOS and make it impossible for antiviruses to find it, right? so how do i delete it from my device? @hotaru.hino

If you run into this scenario, you have to find the firmware flash memory chip and either replace it outright or find a reprogramming device to re-flash it.

 

[Justcicia]

If you run into this scenario, you have to find the firmware flash memory chip and either replace it outright or find a reprogramming device to re-flash it.

I don't fully understand, but can you explain a little more? @hotaru.hino

 

[hotaru.hino]

I don't fully understand, but can you explain a little more? @hotaru.hino

The actual motherboard firmware is stored on a small flash memory chip. For example, the chip in the red box is said memory chip:

So you have to either replace this chip with firmware that's not infected, or find a tool that can reprogram it. With the tool, you usually don't have to remove the chip, just hook up a bunch of wires to it to the tool.

 

[Justcicia]

The actual motherboard firmware is stored on a small flash memory chip. For example, the chip in the red box is said memory chip:

So you have to either replace this chip with firmware that's not infected, or find a tool that can reprogram it. With the tool, you usually don't have to remove the chip, just hook up a bunch of wires to it to the tool.

Ok but then it can recover itself by going from there to the boot partition, and assuming it's fixed that way, what about re-infection from the network? @hotaru.hino

 

[hotaru.hino]

Ok but then it can recover itself by going from there to the boot partition, and assuming it's fixed that way, what about re-infection from the network? @hotaru.hino

If you suspect you have a boot sector virus, keeping the infected drive in the machine is probably not the smartest thing to do.

Regarding an infection from the network, AFAIK, this isn't possible in a pre-boot setting unless you're using PXE boot. And even then, PXE booting should only be limited to the local area network or intranet. In any case, if you're getting infected from PXE booting, you have bigger fish to fry.

 

[Justcicia]

If you suspect you have a boot sector virus, keeping the infected drive in the machine is probably not the smartest thing to do.

Regarding an infection from the network, AFAIK, this isn't possible in a pre-boot setting unless you're using PXE boot. And even then, PXE booting should only be limited to the local area network or intranet. In any case, if you're getting infected from PXE booting, you have bigger fish to fry.

I'm sorry I don't know much technical information, can you expand a bit? @hotaru.hino

 

[hotaru.hino]

I'm sorry I don't know much technical information, can you expand a bit? @hotaru.hino

What part isn't clear?

 

[Justcicia]

Regarding an infection from the network, AFAIK, this isn't possible in a pre-boot setting unless you're using PXE boot. And even then, PXE booting should only be limited to the local area network or intranet. In any case, if you're getting infected from PXE booting, you have bigger fish to fry.

This Part @hotaru.hino

 

[hotaru.hino]

This Part @hotaru.hino

Computers have a way to boot into an OS via contacting a server somewhere that'll serve the files. This can be used in thin clients (PCs that are meant to connect to a server that does most of the work) or for IT to remotely deploy an OS onto a computer. The thing is, this should only happen within a local network or an intranet (e.g., a company internal network type thing). While I have a feeling PXE can access the internet, I don't see why this would be useful given the security implications.

So assuming you have PXE set up (which consumer computers don't and is typically disabled by default) and a local server to support PXE booting, if you're still getting infected, there's something worse going on, like say the PXE server is compromised.

 

[Justcicia]

Computers have a way to boot into an OS via contacting a server somewhere that'll serve the files. This can be used in thin clients (PCs that are meant to connect to a server that does most of the work) or for IT to remotely deploy an OS onto a computer. The thing is, this should only happen within a local network or an intranet (e.g., a company internal network type thing). While I have a feeling PXE can access the internet, I don't see why this would be useful given the security implications.

So assuming you have PXE set up (which consumer computers don't and is typically disabled by default) and a local server to support PXE booting, if you're still getting infected, there's something worse going on, like say the PXE server is compromised.

No, if it was not installed by itself or the computer I took did not install it, I did not install it. @hotaru.hino

 

[Justcicia]

Can you help me please? @hotaru.hino

 

[Justcicia]

dude will you help me? @hotaru.hino

 

[USAFRet]

dude will you help me? @hotaru.hino

Dude....please stop bumping your thread. People will get to it when they get to it.

What makes you think you have a rootkit or other similar boot virus?

 

[Justcicia]

Dude....please stop bumping your thread. People will get to it when they get to it.

What makes you think you have a rootkit or other similar boot virus?

Well, don't worry This is actually a suspicion and if my doubt arises how can I delete it completely I want to take care knowing that

 

[USAFRet]

Well, don't worry This is actually a suspicion and if my doubt arises how can I delete it completely I want to take care knowing that

"how to delete" depends entirely on what it is.
A BIOS virus or similar is vanishingly rare.

 

[Justcicia]

"how to delete" depends entirely on what it is.
A BIOS virus or similar is vanishingly rare.

The boot virus I said, gpt, mbr, bootkit virus, I'm not saying that the BIOS-UEFI virus is infected, but I doubt if these virus types I mentioned above can infect the BIOS-UEFI.

 

[USAFRet]

The boot virus I said, gpt, mbr, bootkit virus, I'm not saying that the BIOS-UEFI virus is infected, but I doubt if these virus types I mentioned above can infect the BIOS-UEFI.

Again, vanishingly rare.
And the How depends on the exact What.

 

[Justcicia]

Again, vanishingly rare.
And the How depends on the exact What.

How so, I don't quite understand

 

[USAFRet]

How so, I don't quite understand

Its like you have an illness, or supposed illness.

The doc can't fix it unless he know what it is, or if you even have something. A broken leg is fixed differently than lung cancer.

 

[Justcicia]

Its like you have an illness, or supposed illness.

The doc can't fix it unless he know what it is, or if you even have something. A broken leg is fixed differently than lung cancer.

Ok, I don't need to go any further then, I'm just going to ask this one last time. Except for bootkit, gpt, mbr, boot virus, that is, infecting disks, is there a possibility that the virus itself steals my information in all viruses that infect the boot parts and BIOS-UEFI? I know they can hide malware on disks, but I've heard somewhere that they can also steal information. In theory or in practice, could these types of viruses steal any of my information, even if it's the least chance? Is this possible, although unlikely?

 

[USAFRet]

Ok, I don't need to go any further then, I'm just going to ask this one last time. Except for bootkit, gpt, mbr, boot virus, that is, infecting disks, is there a possibility that the virus itself steals my information in all viruses that infect the boot parts and BIOS-UEFI? I know they can hide malware on disks, but I've heard somewhere that they can also steal information. In theory or in practice, could these types of viruses steal any of my information, even if it's the least chance? Is this possible, although unlikely?

A virus generally does not "steal information".
Rather, it may open a back door in your system, and allow a human to log in unseen. He might then cruise around and see what there is to see.

But....what critical information do YOU have on your system?
Blueprints for a working cold fusion plant?

No. It is more likely that your system would be used for something else. Part of a botnet perhaps, to serve as a jumping off and cutout point for the hackers nefarious deeds.

 

[Justcicia]

A virus generally does not "steal information".
Rather, it may open a back door in your system, and allow a human to log in unseen. He might then cruise around and see what there is to see.

But....what critical information do YOU have on your system?
Blueprints for a working cold fusion plant?

No. It is more likely that your system would be used for something else. Part of a botnet perhaps, to serve as a jumping off and cutout point for the hackers nefarious deeds.

I understand, so what I really want to ask is, these viruses go away when I format the disk, but is there a possibility that they infect the BIOS-UEFI or WiFi before I format the disk, and then come back when I format the disk?

ID numbers, bank accounts and more