New BIOS Virus Withstands HDD Wipes

Page 3 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Status
Not open for further replies.
I have this virus on an IBM T42 Thinkpad. Flashing the BIOS does not help. Does anyone know of a way to re-initialize the BIOS on this comp?

I'm an engineer and have considered buying a non-working T42 and pull off the BIOS chip and replace it on mine. Does anyone know where the BIOS chip resides?
 
duh...the only way of preventing software tampering is hardware lock-out...
No matter the software safeguards...once you're inside the computer, you can do anything if you know how...anything the bios can do, you can do too...
anything flash software does you can do too...
An actual hardware switch that cuts the writing line is the ONLY way to prevent software flash attacks..
Even if the switch would be monitored by the system but with the line still being attached could be circumvented....
And also...who's bright idea was it to make the BIOS flashable from under the OS ?
It oughta be a CD bootup with a secure download..
Boot from the CD...using it's writing routine..while pressing the button on the mainboard...
(and even THEN it ain't foolproof..cuz if somehow a hacker changes the software between the download and the actual writing to CD..it would still be circumvented..)

An old sschool ASM programmer who actually KNOWS how stuff works in there..
(And Python and stuff like that ?...right...amateur crap...)
 
@anderTP conficker was already programed to attack the bios, if the bios was unreachable it would go for the mbr instead. It was designed to attack the legacy bios then updated to attack the phoenix bios as well. It infects the bios but doesnt destroy the computer, instead it sets up a nice rootkit on the bios. Whoever made it had advanced knowledge of the windows os 95-win8. Did their research on the how and where to inject into the bios without causing the bios to get corrupted. The rootkit loads up before any os, as its on the bios and loads with such. You cant reformat and get rid of it, because its not on the os its on the bios. Any reformatting will appear to have worked, accept the rootkit modifies each new windows install. Setting up sql server, remote assistance, remote user login, and deleting all the important files, and deregistering updates, and anti-virus software at will. On internet login (wifi) it tries attacking other machines on the network, it calls out on udp with all the system info, to the attackers server. Then the attacker can look over the system info, and login remotely with your credentials as a system process. This thing just keeps getting better and better. I had my laptop hit with the newest version, which was in a crimekit, obvious by the way it infected me and the different worms that were downloaded as soon as the cve-2013 exploit got me. This is a proof of concept, that has made me rethink about what is possible. It took 4 different computer specialists, the last 1 was a NT/IT and Software Developer. C. Frantz of michigan(smart guy). Anyway he hooked up my pc to his pc and ran some tests, and found the bios was updated recently and their was a rootkit installed on the bios chip. He tried removing the rootkit but couldnt. So he got me a new bios chip. Anyways everything works great again now that the new bios chip is in. No over clocked hard drives, no list of impersonation logs in event viewer, no anti-virus leaking registry keys, computer is back to normal.
 
That is if it can get to the bios, if it cant then you only have the mbr infected, which is still a pain, but definatly much easier to deal with.
 
By reading an article, I am starting to suspect many computers will fall victim to this attack. Many scammers behind the ransomware infections (including those that disguise the FBI or other authority) might implement some kind of BIOS-attacking rootkit in order to prevent it from being completely removed from their systems. This way, they can get money from unsuspecting victims.

Separate from above, this could be the malware that is going to be used in a widespread elaborate conspiracy in place to stifle my contributions everywhere on the Internet and force my suicide via an increase in my medication as well as infecting my computer. This malware is likely a rootkit and a murder-ransomware, in which, unlike most ransomware, it locks the computer and forces users to commit suicide by increasing their medication intake. The evidence for this conspiracy is an image of a kitten at the top of an ED article (see https://encyclopediadramatica.se/Starkiller88); this was all I needed to confirm in my mind that "they" were out to get me. The potential people who are likely to infect my computer with such malware is ED user Anwar Sadat's Horny Ghost and Wikipedian BatteryIncluded, the former is now a friend of the latter.

I think antivirus companies should implement anti-rootkit programs and features in the internet security programs to defend this attack.
 
Oh crackers and hackers are getting even sneakier now. You can be sploited through your network printer. Why not just attack the pc you ask? Because if you login to the printer, you can use port 9100 jetdirect to sniff the whole network, run nmap scans whatever. Best thing is jetdirect is network aware which makes it all possible, and all scans lead back to the legit printer service... Better be careful now a days. Shizz is getting real, oh and dont get me started on VT-x...
 
Status
Not open for further replies.