Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can system BIOS carry infections to other HDrives or USB sticks?


  • Please log in to reply

#1
riceorony

riceorony

    Member

  • Member
  • PipPip
  • 14 posts
Good morning all!

I'm usually the IT guy that tries to help friends with computer problems.

Friends and I are debating whether it is possible for a virus to reside in the BIOS and be carried to a HDrive.

My answer is no because viruses that infect the BIOS usually either remove it completely (e.g. the Chernobyl one from the 90's) or remove pieces of the BIOS which would therefore cause the system to not even boot-up. And even if it was "infected", either manually flashing the motherboard (removing the battery) or flashing the BIOS by updating the BIOS to the most current release by the respective company would solve any issues (since flashing the BIOS removes the old one and writes it over with a new one).

I believe the misconception about viruses in the BIOS comes from people talking about Boot-sector infections, which are totally seperate. Being that the BIOS is apart of the motherboard, and the boot-sector is a part of the hard-drive and is one of the earliest to be read upon start-up.

Therefore, it is possible for viruses to live after a simple reformat by staying in the boot-sector portion of the hard drive and therefore be reinstalled after reformatting a hard-drive. In order to cure that ailment, you would need to rezero the harddrive (writes over the whole HD) before reinstalling the OS.

Anyone agree or disagree?
  • 0

Advertisements


#2
pip22

pip22

    Trusted Tech

  • Banned
  • PipPipPipPipPip
  • 2,663 posts
The 'CIH' virus (later nicknamed 'Chernobyl') actually carries two payloads. One overwrites parts of the BIOS with garbage, the other erases the hard disk. While the BIOS garbage overwrite only works on some systems, the hard disk erasure always works. So in that sense the CIH virus does infect other parts of the system, though to say the infection is "carried over" from the BIOS is wrong (so you are right on that score). The two payloads infect two different areas of the system, each payload independent of the other.
You can be sure of one thing though -- if the BIOS is "hit" by the CIH virus, the hard disk will also be hit since that's the payload that never fails.

Edited by pip22, 18 April 2008 - 08:19 AM.

  • 0

#3
riceorony

riceorony

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
So how do you really know whether or not you've been able to remove a virus/trojan/rootkit that has embedded it's self in the boot-sector of a HDrive?

Actually, a good question is how do you know whether you do have an infection residing there?

Would doing online scans using kaspersky, b-i-tdefender, panda security, trend micro, mcafee, etc. be enough for detection?

1.) Getting a new hard drive?
2.) Using an HDrive eraser program? (e.g. webroot window washer)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP