Question Can bootkit, MBR virus, GPT virus, and rootkits infect WiFi or BIOS (for both legacy or UEFI)?

Justcicia

Prominent
Oct 15, 2022
77
0
530
Hi Can bootkit, MBR virus, GPT virus, and rootkits infect WiFi or BIOS (for both legacy or UEFI)? Is this possible, in theory or in practice, in any way, albeit very unlikely?
 

Justcicia

Prominent
Oct 15, 2022
77
0
530
Considering you can update firmware through the OS, including system firmware (my XPS 13 got one the other day), then yes.

However, in the case of UEFI firmware updates, secure boot is supposed to mitigate this.
Hello, thank you for your answer. Well, then, a boot virus that infects me can come back to me after I format the disk, go into the BIOS and make it impossible for antiviruses to find it, right? so how do i delete it from my device? @hotaru.hino
 
Hello, thank you for your answer. Well, then, a boot virus that infects me can come back to me after I format the disk, go into the BIOS and make it impossible for antiviruses to find it, right? so how do i delete it from my device? @hotaru.hino
If you run into this scenario, you have to find the firmware flash memory chip and either replace it outright or find a reprogramming device to re-flash it.
 
I don't fully understand, but can you explain a little more? @hotaru.hino
The actual motherboard firmware is stored on a small flash memory chip. For example, the chip in the red box is said memory chip:
0rD84x0.png


So you have to either replace this chip with firmware that's not infected, or find a tool that can reprogram it. With the tool, you usually don't have to remove the chip, just hook up a bunch of wires to it to the tool.
 

Justcicia

Prominent
Oct 15, 2022
77
0
530
The actual motherboard firmware is stored on a small flash memory chip. For example, the chip in the red box is said memory chip:
0rD84x0.png


So you have to either replace this chip with firmware that's not infected, or find a tool that can reprogram it. With the tool, you usually don't have to remove the chip, just hook up a bunch of wires to it to the tool.
Ok but then it can recover itself by going from there to the boot partition, and assuming it's fixed that way, what about re-infection from the network? @hotaru.hino
 
Ok but then it can recover itself by going from there to the boot partition, and assuming it's fixed that way, what about re-infection from the network? @hotaru.hino
If you suspect you have a boot sector virus, keeping the infected drive in the machine is probably not the smartest thing to do.

Regarding an infection from the network, AFAIK, this isn't possible in a pre-boot setting unless you're using PXE boot. And even then, PXE booting should only be limited to the local area network or intranet. In any case, if you're getting infected from PXE booting, you have bigger fish to fry.
 
  • Like
Reactions: Justcicia

Justcicia

Prominent
Oct 15, 2022
77
0
530
If you suspect you have a boot sector virus, keeping the infected drive in the machine is probably not the smartest thing to do.

Regarding an infection from the network, AFAIK, this isn't possible in a pre-boot setting unless you're using PXE boot. And even then, PXE booting should only be limited to the local area network or intranet. In any case, if you're getting infected from PXE booting, you have bigger fish to fry.
I'm sorry I don't know much technical information, can you expand a bit? @hotaru.hino
 
Computers have a way to boot into an OS via contacting a server somewhere that'll serve the files. This can be used in thin clients (PCs that are meant to connect to a server that does most of the work) or for IT to remotely deploy an OS onto a computer. The thing is, this should only happen within a local network or an intranet (e.g., a company internal network type thing). While I have a feeling PXE can access the internet, I don't see why this would be useful given the security implications.

So assuming you have PXE set up (which consumer computers don't and is typically disabled by default) and a local server to support PXE booting, if you're still getting infected, there's something worse going on, like say the PXE server is compromised.
 

Justcicia

Prominent
Oct 15, 2022
77
0
530
Computers have a way to boot into an OS via contacting a server somewhere that'll serve the files. This can be used in thin clients (PCs that are meant to connect to a server that does most of the work) or for IT to remotely deploy an OS onto a computer. The thing is, this should only happen within a local network or an intranet (e.g., a company internal network type thing). While I have a feeling PXE can access the internet, I don't see why this would be useful given the security implications.

So assuming you have PXE set up (which consumer computers don't and is typically disabled by default) and a local server to support PXE booting, if you're still getting infected, there's something worse going on, like say the PXE server is compromised.
No, if it was not installed by itself or the computer I took did not install it, I did not install it. @hotaru.hino
 

Justcicia

Prominent
Oct 15, 2022
77
0
530
Dude....please stop bumping your thread. People will get to it when they get to it.

What makes you think you have a rootkit or other similar boot virus?
Well, don't worry This is actually a suspicion and if my doubt arises how can I delete it completely I want to take care knowing that
 

Justcicia

Prominent
Oct 15, 2022
77
0
530
Its like you have an illness, or supposed illness.

The doc can't fix it unless he know what it is, or if you even have something. A broken leg is fixed differently than lung cancer.
Ok, I don't need to go any further then, I'm just going to ask this one last time. Except for bootkit, gpt, mbr, boot virus, that is, infecting disks, is there a possibility that the virus itself steals my information in all viruses that infect the boot parts and BIOS-UEFI? I know they can hide malware on disks, but I've heard somewhere that they can also steal information. In theory or in practice, could these types of viruses steal any of my information, even if it's the least chance? Is this possible, although unlikely?
 

USAFRet

Titan
Moderator
Ok, I don't need to go any further then, I'm just going to ask this one last time. Except for bootkit, gpt, mbr, boot virus, that is, infecting disks, is there a possibility that the virus itself steals my information in all viruses that infect the boot parts and BIOS-UEFI? I know they can hide malware on disks, but I've heard somewhere that they can also steal information. In theory or in practice, could these types of viruses steal any of my information, even if it's the least chance? Is this possible, although unlikely?
A virus generally does not "steal information".
Rather, it may open a back door in your system, and allow a human to log in unseen. He might then cruise around and see what there is to see.

But....what critical information do YOU have on your system?
Blueprints for a working cold fusion plant?

No. It is more likely that your system would be used for something else. Part of a botnet perhaps, to serve as a jumping off and cutout point for the hackers nefarious deeds.
 

Justcicia

Prominent
Oct 15, 2022
77
0
530
A virus generally does not "steal information".
Rather, it may open a back door in your system, and allow a human to log in unseen. He might then cruise around and see what there is to see.

But....what critical information do YOU have on your system?
Blueprints for a working cold fusion plant?

No. It is more likely that your system would be used for something else. Part of a botnet perhaps, to serve as a jumping off and cutout point for the hackers nefarious deeds.
I understand, so what I really want to ask is, these viruses go away when I format the disk, but is there a possibility that they infect the BIOS-UEFI or WiFi before I format the disk, and then come back when I format the disk?

ID numbers, bank accounts and more
 

TRENDING THREADS