eeeeeeeeeeeeeeeek...did my son catch a doozy...(virus)

[humble]

Sometime not all that long ago my son latched on to some type of virus from hell.

To give a bit of background he's 16 and autistic. He's very verbal and in regular ed classes and doing quite well overall. Like all autistic kids hes got a bunch of issues specific to interacting with the real world at times and one of his escapes is playing around on the computer. He's actually petty good hardware/software wise and very computer literate overall but he is a film nut and its unbelievable how much content he finds world wide.

Obviously this type of world wide video oriented surfing is gonna create potential issues so I do what I can, he's got NOD32 and a few other programs as well as separate authority levels (user/admin/guest) and understands the how/why. I also had him set with a VM app to isolate sites he didn't have a history with etc.

Long story short he must have accepted a fake codex or something disguised/embedded to look safe. I put the box aside and fired up another one for him but figured once the move was over I'd wipe it and fire it back up (basically I always have a spare box up)....so with windows 7 I figure I'll throw it on and see hoe iy works with a true legacy system (circa 2003).

So I try the window 7 DVD...goes to his dual boot screen?
power down, jumper the cmos fire up...hangs on "CD boot". rinse and repeat with vista and XP cd/dvd?
hmmm, throw in old HD with windows OS (have a dozen or so)...goes to his dual boot screnn???then hangs
OK, power down, cmos again no HD at all load mint via CD...works great...quit install clean LLF HD figuring I'll load linux then go from there....dumps linux on boot to command prompt and seems to negate my command line attempts (not really good anymore from command line so could be me)...

OK dig out DoD level dos based security "Fbomber" and nuke the sucker proper, power down cmos etc....same old same old.

Go to load linux based bootable AV (avira)...nada, go to flash bios...no cigar for you...

Never have I seen one locked down this tight, it literally will kill the VC feed from a DOS boot so you get a dead screen after cmos reset if you mess with it? Not really a big deal but its the 1st time i've ever run into a bios based virus that totally stumped me. Old dog needs a new trick or next step is the 12 guage:)

[Getback]

Have you tried to reinstall or update the bios?

[humble]

the question is how, it seems to kill video feed on any dos based bootable CD, I dont even have a floppy anymore and I dont want to try a bootable USB since I dont know what it is. MB is a DFI lan party nf3 250g. They do have a bios designed to be bootable from floppy, I might be able to run it from a CD....
http://www.dfi.com.tw/portal/CM/cmproduct/XX_cmproddetail/XX_WbProdsWindow?action=e&downloadType=biosTab&windowstate=normal&mode=view&downloadFlag=true&itemId=472

Not sure if I can just burn it to a CD instead...

[Getback]

the question is how, it seems to kill video feed on any dos based bootable CD, I dont even have a floppy anymore and I dont want to try a bootable USB since I dont know what it is. MB is a DFI lan party nf3 250g. They do have a bios designed to be bootable from floppy, I might be able to run it from a CD....
http://www.dfi.com.tw/portal/CM/cmproduct/XX_cmproddetail/XX_WbProdsWindow?action=e&downloadType=biosTab&windowstate=normal&mode=view&downloadFlag=true&itemId=472

Not sure if I can just burn it to a CD instead...

It's been my experience that a bootable floopy drive is best. I'm no expert for sure. My thoughts were just a guess. You can grab a floppy drive from a local shop for next to nothing. I paid 3 bucks. My thinking was if you replace the bios then you solve the problem. Now I may be wrong here but that is the course I would take. You can download the bios from your comp to a bootable floppy drive and then put the drive in your son's comp.

Another guess is can you back date the bios? If it's been upgraded from the virus then I would think you could back date it. All guesses. That is just how I would think.

Addendum: Humble, I just read up on this. It is nasty. You may have to replace the bios chip. Do a google search.

[Getback]

http://techrepublic.com.com/5208-6230-0.html?forumID=81&threadID=201438&messageID=2101522

Does this make sense? Hopefully it will help.

[humble]

I went ahead and googled dos bootable CD to refresh my memory. loaded up dos on CD along with the bios and flash program and reflashed from dos via the CD....obviously ugly if you mess it up but its a simple process. Seems fine as bios is going thru memtest etc....will know tomorrow morning I guess....

[MrRiplEy[H]]

Next time enable the 'bios protect' option in your bios..

[Getback]

Next time enable the 'bios protect' option in your bios..

Went in and protected my bios and set up password. Thanks for the suggestion. I especially was motivated by the stories I read on the net. It's not an easy fix.

[BaldEagl]

I slapped a floppy drive in my new machine when I built it.  For $7.00 it's worth it.

[humble]

Next time enable the 'bios protect' option in your bios..

To the best of my knowledge it was since its SOP for me to do that

[Denholm]

I heard of viruses installing themselves in RAM (I was actually on the receiving end of that dilemma) but into the BIOS?! Wow, that's one crazy programmer to take the time to make malicious software of this nature.

I hope you get it fixed.

[humble]

I heard of viruses installing themselves in RAM (I was actually on the receiving end of that dilemma) but into the BIOS?! Wow, that's one crazy programmer to take the time to make malicious software of this nature.

I hope you get it fixed.

I'm actually wondering if thats where it is, the memory is "failing" its mem test as we speak. system showed no mem related issues at all prior to this.

[MrRiplEy[H]]

I was suspecting memory failure at your first post actually. Most likely you never had a virus but just bad ram.

Things just break you know, yesterday your car was working, today it won't start..

[Getback]

I'm actually wondering if thats where it is, the memory is "failing" its mem test as we speak. system showed no mem related issues at all prior to this.

I wondered about that too. When a did a search on Bios virus in one of the forums this was brought up.

[humble]

I was suspecting memory failure at your first post actually. Most likely you never had a virus but just bad ram.

Things just break you know, yesterday your car was working, today it won't start..

Actually online scans and scan in safe mode found a bunch of stuff. System failed on recovery, that does not mean that the cause of the current stuff isn't bad memory. I've always had a "blue screen of death" of some kind from a memory leak/failure. All in all I've been pretty lucky hardware wise with very few failures so my 1st hand experience is limited....the conundrum now is do I invest in old memory or not?