Three day old laptop has bios malware.

[Valorus]

This has been a bad month for me. I had a Dell N7010 that became infected with BIOS mal ware that disabled
most functions, shut off the wireless adaptor and shut off USB ports. Unable to repair it, I decided to buy a
replacement, a Dell N7110. In only three days, I managed to find a site that advertised drivers for SM bus drivers
that I was missing. It was infected with mal ware that changed my BIOS security settings and caused IE an almost everything that has to load to slow to a crawl,  restore won't restore and the mal ware tools I downloaded were
erased. I haven't had any external devices in it and can't think of any other source of this bug. I hope someone
Here can figure out how to clean this. I'd really appreciate any help you might come up with..

[DaveLembke]

I'd get a replacement laptop under Dell's Warranty if its brand new and now broken 3 days later. If you tell them you infected it they wont cover it, but of you tell them there is a Bios issue and you dont know why, they might accept it as a hardware failure and give you a replacement. The last replacement with Dell, they sent a replacement over night, but I had to give them my credit card to bill me for 2nd computer, and then be credited in full on receipt of the defective laptop. Otherwise they have a policy in which you can have a replacement in 6-10 business days, or at least thats what it was 4 years ago when dealing with them with a cooked GPU that I had to play dumb on cooking the GPU playing video games.

Bios issues on laptops are harder to fix than desktop computers!

( I am not suppose to answer in this forum in regards to malware, and am only answering from a hardware standpoint which is my specialty. Tried to get credited through one of the free malware training sites and no response... will try the next one on the list so that I can get the training/testing/cert credentials and be able to reply and help here without being in violation in the future        )

[Allan]

Laptop drivers should ALWAYS and ONLY be downloaded from the website of the laptop manufacturer.

For now, please wait for a malware specialist to respond.

[BC_Programmer]

BIOS malware wouldn't change IE security settings. It was likely just your everyday malware.

That doesn't mean it's not something to be concerned about, of course.

[Valorus]

Thanks to everyone for your comments, does anyone have any idea where to go from here? As you can imagine,
this has made for a very unhappy week.

[Allan]

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[Valorus]

This bug won't allow me to connect. Are there any tools that would allow me to connect? Thanks for your reply.

[Allan]

Connect to what - the Internet? You seem to be online now - just download the required tools / apps on a different system and copy them to the one in question.

[Valorus]

I'm on a tablet now.

[Allan]

You'll need access to a computer that can get online. Download what you need, copy them to a flash drive or cd and transfer them to your system.

[Valorus]

This is what I could get. I'll post it and explain in another post.

[year+ old attachment deleted by admin]

[Valorus]

I wanted to post those logs before this thing quit. I was able to D/L Chrome and it
began somewhat normally, but won't let awdCleaner to run. I think the rest worked OK.
Explorer doesn't load usually, it freezes and takes three or four minutes to recover.
It's different every time I use it. Right It's acting almost normally.

Thanks for your help, I obviously can't do much on my own.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[Valorus]

Hi Dave,

I have to do this one at a time.  Two, I guess. These took all afternoon.

Norm


[year+ old attachment deleted by admin]

[Valorus]

Here's one more.

[year+ old attachment deleted by admin]