Re: Any solution for a virus in the BIOS?
- From: "Michael R. Martinez" <mike@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 4 Dec 2007 15:34:01 +0000
Yes, all good points. Good luck with boot virus, perhaps in the future hacving some kind of virus protection will improve your overall security and prevent future infection.
Michael R. Martinez
TF: 800-987-7307
-----Original Message-----
From: PCSC Information Services <info@xxxxxxxxxx>
Date: Mon, 3 Dec 2007 23:00:19
To:Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
Cc:security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Any solution for a virus in the BIOS?
On 3-Dec-07, at 4:02 PM, Ansgar -59cobalt- Wiechers wrote:
On 2007-12-03 Michael R. Martinez wrote:
On Mon, 3 Dec 2007 19:40:00 Ansgar -59cobalt- Wiechers wrote:
On 2007-12-02 admin@xxxxxx wrote:
Get a av that has boot sector protection. Once you've run a scan
with that, it will clear things out.
Please explain how boot sector protection is supposed to help
against
malware living in the BIOS. You do realize that it's the BIOS that
executes the boot code, don't you?
Assuming the BIOS actually is infected (which isn't too clear after
the OP's rather vague description) the appropriate way would be to
replace the BIOS chip or flash a clean BIOS onto it using a
dedicated
device (*not* a PC that is booted with the potentially infected
BIOS). Also examine the supposedly infected harddisk from a clean
system, either by booting some live-CD after cleaning the BIOS or by
attaching the disk to another system (as secondary/external disk).
Boot into a disk that scans for virus at boot!
Hiren
EBCD
Etc...
And then what? In case you didn't notice: the BIOS starts the OS on
that
disk too, meaning that malware in said BIOS can also manipulate that
OS
and thus any software it may run, meaning that despite booting from a
clean media you still have a (potentially) compromised system.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Booting from a LiveCD with a current AV and defs might alleviate some
of this concern.
LiveCDs won't be written to during the boot process and shouldn't be
exposed to this
problem.
Flashing the BIOS seems to me to be the most appropriate fix in this
case from your post
it seems to me that your inability to reflash the BIOS may stem from a
jumper or dipswitch
setting on the motherboard that would prevent writing. Check for this
before attempting to
reflash.
Further to this, remove the drive in question from this system and use
a HDD enclosure to
mount the drive USB / Firewire to allow you to scan the drive from a
'known-good' machine.
Best,
Sean Swayze
- References:
- Re: RE: Any solution for a virus in the BIOS?
- From: Michael R. Martinez
- Re: Any solution for a virus in the BIOS?
- From: Ansgar -59cobalt- Wiechers
- Re: Any solution for a virus in the BIOS?
- From: PCSC Information Services
- Re: RE: Any solution for a virus in the BIOS?
- Prev by Date: remote access to server
- Next by Date: RE: remote access to server
- Previous by thread: Re: Any solution for a virus in the BIOS?
- Next by thread: Re: Any solution for a virus in the BIOS?
- Index(es):
Relevant Pages
|
