How to remove Grub4Dos from by BIOS

ericjohn004 · Oct 23, 2013

Recently my system got infected, I'm guessing a hacker got into my system. It infected my entire OS. I found a Gigabyte BIOS flash utility in my most recently used items list, which I had never seen or used or installed. Later on, I found that Grub4Dos had been installed to my system, which I didn't do. So I actually bought a brand new 500GB Samsung 840 EVO SSD, and freshly reinstalled Windows 7 from the disk to remove the viruses and to remove that Grub4Dos crap. Well even with the new SSD and freshly installed Windows 7, it's STILL there. I think a hacker used that BIOS flash utility to install that. I thought Grub4Dos was only installed to your MBR on your SSD or HDD. I didn't know it could be installed to the BIOS itself. And it HAS to be in the BIOS cause it's not on my new SSD. Could it be on my Crucial m4 64GB mSATA drive?

The problems I am now having is that my system says my SSD and my mSATA SSD are connected to SATAII and not SATAIII. Even though they are connected to SATAIII. And it's impossible that my mSATA is SATAII. I also get a message during every reboot that says "Disk Error, Press Any Key to Restart". When I press a key, it boots into Windows 7.

What could possibly be causing this? What do I need to do to get rid of Grub4Dos? I'm guessing I should re-flash my BIOS so it will start working right again. How do I reflash this type of BIOS?

Any help would be greatly appreciated. If you want to know my system specs they are: Gigabyte Z77X-UD5H motherboard, i5 3570k CPU@4.6Ghz, 4x4GB Corsair Dominator Platinum 2133 RAM, 2GB Nvidia GeForce GTX 660Ti Graphics Card, 500GB Samsung 840 EVO SSD. Any other details are in my profile.

nukemaster · Oct 23, 2013

I do not think it is in your bios to be honest.

It may well be hidden on the Msata drive. Does your system boot from the msata drive?

Why not try to remove the msata drive to see if it does go a way.

Alabalcho · Oct 23, 2013

Re-flash BIOS for your motherboard, and do that from "clean" environment - outside Windows.

ericjohn004 · Oct 25, 2013

Alabalcho :

OK, I've done all of that. I re-flashed the BIOS from within Windows 7, and it worked, but I still had that Grub program. Then I reinstalled the BIOS outside of Windows 7 with the Q-Flash utility and a copy of the BIOS on a USB drive. That didn't remove the Grub program either.

Even worse is the fact that my BRAND new OS, is again INFECTED. I'm only getting SATAII speeds, and if I go to the task scheduler, a pop up says "Task scheduler has either been tampered with or is corrupted". Plus my graphics card keeps tearing and it's only started doing this since the infection. My system is heavily corrupted now, and it seems like theirs no solution. I can reinstall Windows 7 again, but this will just happen again. Until I get that Grub crap removed.

And this isn't the normal Grub4Dos either, it's an infected one that someones installed on my system. If I click right click "computer" and click "properties", then click "security". It has an "unknown user" with a question mark next to it.

How can this possibly happen? A fresh BIOS re-flash, and a brand new SSD, with a fresh install of Windows 7 on it constantly gets corrupted even though I have security programs running.

I also removed my mSATA drive and all of my USB thumb drives just to see if this program was still in my BIOS. And yes, it still is.

This program is INFECTING my PC. I know it. I noticed a few weeks ago that a program from Gigabyte called "@BIOS" was in my recently used items list when I never ever even knew of that program. Someone messed up my BIOS by flashing it with that software, and even a BIOS re-flash outside of Windows doesn't fix this.

I may have to buy a new motherboard.

Any thoughts guys? I'm all out of answers. One of my friends knows A LOT about PC's but he lives in Colorado. I can send it to him and I know he'll fix it right, but then I'll be out of a PC for at least 7-9 days.

nukemaster · Oct 25, 2013

I want you to remove ALL drives from the system(including the msata sata drive.).

Now boot the system and see if this grub4dos is still showing up on the system.

If it is not, it is time for one last reinstall(but you have to secure erase the ssd before using it.)

Use these instructions to do it.
http://www.corsair.com/applicationnote/secure-erase

Your ssd will be empty and you can try to reinstall Windows one last time.

I personally am guessing it was hiding on the msata drive and when Windows installs if it sees another drive with a boot loader it tends to use it. For this reason it is VERY important to ensure you have NO other drives in the system but the one you want(no flash drives/card readers either.).

Disconnect the system from the network when installing as well.

One way or another it HAS to be removable.

When you add the msata drive back to the system, ensure it is not set to boot from it in the bios then you can go about removing files you need and then secure erase it the same way after(remove you normal ssd while secure erasing the msata drive to ensure you do not erase the wrong drive.). After this you can boot back into windows and setup the msata drive again with disk management.

Search

How to remove Grub4Dos from by BIOS

ericjohn004

Honorable

nukemaster

nukemaster

Titan

Alabalcho

Titan

ericjohn004

Honorable

nukemaster

Titan

TRENDING THREADS

Latest posts

Moderators online

Share this page