Computer Hope
Hardware => Drivers => Topic started by: boriken on January 14, 2010, 12:16:50 AM
-
Hi all,
I just updated the award bios due to a virus. the update bar indicated all but 2 blocks were updated. I wonder if a trace of the virus has been left behind.
This is a garage desktop computer where it gets around 50 degrees at night. In the morning I have to reboot 2 or 3 times to get beyond the black screen. I wonder if that might be the problem?
I deleted and updated the mbr in the hhd, formatted same, updated bios, and reenstalled os.
win xp home, ecs 848p mb, 1gig memory, ati 9000 video card, broadcom wireless card, nothing fancy.
any help or info is appreciated
-
I really, really don't understand your post.
You updated the bios due to a virus? Please explain what that means.
All but two blocks were updates? Either the bios flash worked or it did not. And the virus (unless it is the VERY rare boot sector type of virus) would have absolutely no effect on a bios update.
Computers work just fine at 50 degrees (fahrenheit)
You deleted the mbr? Then updated the bios again?? Reinstalled the OS - so is it working or not?
Is there a question here somewhere?
-
That’s right, a temperature of 50 ̊ F should be well within the normal range of any desktop computer.
Yet for some reason I have noticed problems sometimes with older computers if they are too cold. Don’t know why. :(
-
If your BIOS flash was interrupted in anyway you will need a motherboard, or if it has a LIF(Low Insertion Force) chip or ZIF(Zero Force Insertion) chip it might be changeable.
A failed BIOS flash is ALWAYS a bad thing.
-
most motherboard have a small ROM chip as well though that, if the normal BIOS is corrupted can be used to flash straight from a floppy. Doesn't have anything else; just the flashing ROM.
-
Hello, boriken;
Before we go any further with the BIOS Flash thing, we need to know the make and model of the Motherboard. Just ecs 848p ? No other numbers ? And which version(s) of the flash software you had.
And how did you know the BIOS had a virus?
Did you say this was a SATA drive?
Did you test the drive on another PC?
-
most motherboard have a small ROM chip as well though that, if the normal BIOS is corrupted can be used to flash straight from a floppy. Doesn't have anything else; just the flashing ROM.
Really?
I wasn't aware of that, of course I'd never had a need to find it. Can you supply some documentation I could peruse through?
-
Actually, I was only partially correct. It's not actually a seperate chip, but rather a special area in the start of the BIOS called the Boot Block.
http://forum.overclock3d.net/showthread.php?324-Motherboard-BIOS-Flashing-Guide
* Boot block :
Most flash BIOS's incorporate something called a 'boot block'
and UNIFLASH will not normally overwrite it so it remains intact.
The boot block contains just enough code to boot up your computer with basic
peripheral support to enable you to flash in a working BIOS in case something
went wrong , you wont see anything at the screen and you must use a floppy disk as the boot block only supports the floppy drive, no harddrive access!
Even so, newer PCs literally have two Duplicate BIOS chips. Mine has two, so if a flash fails or something it runs off the backup.
-
Nice, thanks for the heads up BC.
<edit> I thanked you for that one, you know, in case you care ;) </edit>
-
Really?
I wasn't aware of that, of course I'd never had a need to find it. Can you supply some documentation I could peruse through?
BC is no too sharp on hard ware.
OK, he got you the docs.
A portion of the FLASH is "blown" at the factory so that it ca not be erased. The remainder can still be flashed. That part is ROM. The ROM will read a prepared floppy and re do the flash. This is documented somewhere in the Intel motherboards. Don't know which and not sure if it is still done that way.
-
BC is no too sharp on hard ware.
A portion of the FLASH is "blown" at the factory so that it ca not be erased. The remainder can still be flashed. That part is ROM. The ROM will read a prepared floppy and re do the flash. This is documented somewhere in the Intel motherboards. Don't know which and not sure if it is still done that way.
not too sharp... but that's essentially what I just said! ??? that "blown" flash that cannot be erased is the boot block...
unless of course this is your dictation program causing confusion :P
-
Yes, BC.
Basically you had it right. That is old technology and I was just talking off the top of my head. Little bit of research with Google shows that everybody is repeating the same words that they found somewhere about the accidental rewrite of the BIOS. According to one popular source there may have been only one well known virus that actually attacked the flash BIOS. I think it was called the Chernobyl virus. But it only affected certain Intel motherboards anyway. :(
I just did a Google search on some of this to try to bring my memory back and it appears that now days they think the possibility of a BIOS virus is rather rare. This is because most i386 operating systems will not allow direct access to the hardware that does the flash. So you have to boot the system with the DOS floppy and run the program in that environment.
That being said, it would seem very unlikely that the OP had a virus in his firmware.
And I scratched out that part where I said you were too sharp on hardware. Actually you did whether rather well.
-
If he's running a 286 he'd have to worry about a BIOS infection....unlikely. ::)
-
Bios & Boot Sector viruses are indeed extremely rare. Then again, so is a response from the OP.
-
Hi All,
Sorry I didn't resond to all you kind people, but I do have to work. I found the problem, besides a virus I also have a bad HDD. Problem solved.
Thanks for your help
-
There are any number of things I want to say, but I'll just leave it at: glad you got it all sorted out.
-
If he's running a 286 he'd have to worry about a BIOS infection....unlikely. ::)
The 286 BIOS was a ROM. unchangable by any means.
-
The 286 BIOS was a ROM. unchangable by any means.
True. But somebody is going to ask if you can do it...
In A BATCH File!! ;D
-
The 286 BIOS was a ROM. unchangable by any means.
All of them ? ?
-
All of them ? ?
No, not all of them. There were some that were flashable, but they weren't software flashable.
-
The 486 was the first set of systems where the BIOS was changable on-chip; even then, you had to remove the chip, expose it to UV light, and reprogram the thing. Actual Flash ROM's in PCs didn't become widespread until late into the Pentium Era.
The Original IBM PC, AT-286 and AT-386 PCs implemented their ROMs via true-to-their-name ROM chips; high-end late model 386 PCs might have implemented their BIOS as EPROM chips (UV erasable) but EEPROM chips didn't become something to expect in a average PC until around 1995/1996.
I of course speak of PCs... since the 286 is really a processor, there are probably a lot of applications of the 286 being used in things like barcode scanners and so forth that do use a programmable ROM.... that being said it isn't strictly speaking a BIOS in that instance anyway.
Additionally, one must define what it means to "flash" the BIOS. "Flashing" the BIOS really sort of requires, well, a Flash BIOS. Flash BIOS chips use Flash Memory- EEPROMs- which didn't appear until 1995-96. the first programmable BIOS chips, the PROMs, arrived relatively early (these were present in 286 PCs) however it really didn't matter, you couldn't change what was on them anyway, they were only written to once. Just made production cheaper, since no longer did the actual circuitry itself contain the data, but rather a more abstract ability for manufacturers to "burn" the BIOS code onto the chip. Only once, though.
EPROM chips were (as I mentioned before) erasable with UV light over their little window, but you still needed a BIOS programming station in order to write a new one to it. Certainly not something you can do in-place.
-
There were programmable chips on the 286 platform. They were the first EPROM chips. I know, I worked with them at NWI.
-
Nice history lesson.
Yeah, me too. Used to program them things.
But, back to topic. When did a virus get into a OS and do something bad to the Flash BIOS of a popular PC? And when did they make it hard to to do? Or is it still a real threat?
Here is an article from March 27, 2009 by Marcus Yam
New BIOS Virus Withstands HDD Wipes (http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html)
So, are we missing something here? A system based on the i386 and beyond should stop any process that tries to use a hardware function that is disallowed. Or so we are told.
Now I really am confused. ???
-
Yeah, see that's the million dollar question. I've heard of virus' that infect the BIOS, but not once have I ever seen valid data to prove it. It might be an urban legend or just incredibly rare.
-
only one I've ever heard of is the one Geek stated; the chernobyl virus, and like he said it only works on specific motherboards and operating systems.
There is literally no way to even access the BIOS without direct hardware access; and Windows NT versions give that out pretty sparingly. In order to infect the BIOS, a payload delivery system would literally need to install a device driver, reboot the system, and then the device driver would need to be specifically programmed to know about various chipsets, and motherboard configurations and the where the patch the BIOS code to infect it. And even then, there is a major roadblock in the way; almost all flashable motherboards (since around 2000 have a jumper that needs to be set before the BIOS will accept a flash.
Really- the effort doesn't have enough of a gain. Malware writers time is far better spent (relatively speaking) writing spyware programs and other stupid things like that.
Here is an article from March 27, 2009 by Marcus Yam
New BIOS Virus Withstands HDD Wipes (http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html)
This cannot be true; there are a number of issues with this:
first, a Google search only brings up tomshardware with really anything about that; if this was actually a threat, then I imagine it would be on more then 2 sites. Additionally, Python is a script language; what they are saying is that it's also possible in perl and any number of script languages. The best that appears to be done with python as far as malice goes seems to be limited to infecting other script files, this is probably because the people who are good enough to make something really scary are off doing something more productive, you know, having reached puberty and all that.
-
So an urban legend?
-
Naaaaahhh...
Just BS.
-
... Few software is so fundamental and at the same time, so closed,
as the BIOS. UEFI [UEFIORG], the new firmware interface, promises
open-standards and improved security.
But meanwhile, we need more people looking, reversing and
understanding this crucial piece of software.
It has bugs, it can contain malicious code, and most importantly,
BIOS can have complete control of your computer. Years ago people
regained part of that control with the open-source revolution, but
users won't have complete control until they know what's lurking
behind closed-source firmware.
If you want to improve or start researching your own BIOS and
need more resources, an excellent place to start would be
the WIM'S BIOS High-Tech Forum [WBHTF], where very low-level
technical discussions take place. ...
BC_Programmer, don't underestimate the threat. The above was one of hundreds of similar references I have found. Do some more research please.
-
Sounds more like a open-source rant.
OMG! the BIOS HAZ COMPLEET CONTROLL! OH NOES THIS IS A THREAT!
No it's not. the BIOS does. And technically it is "open-source" since I'm pretty sure it's all written in assembly. DOS boot disk, dump the ROM addresses, bobs your uncle you have a ASM listing.
Of course it's a THREAT if something malicious get's into the BIOS, That's why it requires an actual, physical change to the hardware to enable writes to the EEPROM.
-
That's why it requires an actual, physical change to the hardware to enable writes to the EEPROM.
We are talking about the FLASH chip found on many popular motherboards. Many do not have a physical way to stop a write operation, except cut the trace on the motherboard. Not recommended.
BTW: Python can be compiled into machine code.
-
We are talking about the FLASH chip found on many popular motherboards. Many do not have a physical way to stop a write operation, except cut the trace on the motherboard. Not recommended.
And unless you cut that trace it arcs across the gap from the missing jumper, does it?
BTW: Python can be compiled into machine code.
redundant.
EDIT: redundant and untrue, actually.