Sign in with
Sign up | Sign in
Your question

This is the Mother of all Malware ...

Tags:
  • Security
  • BIOS
  • Malware
  • Apps
Last response: in Antivirus / Security / Privacy
Share
January 16, 2011 11:13:52 AM

I am in the midst of the worst malware/virus/trojan/rootkit attack I've ever experienced, ever heard of, ever imagined.


  • It re-directs web pages to sites that pay for traffic, no big deal of course, but get this:
  • It established a new User Account named "Administrator." When I log off that User and log on to my User, suddenly "Administrator" is gone. Presumably it established the User to acquire privileges to access the BIOS ...
  • Because it infected and altered the BIOS to lock out IDE and floppy ports. No kidding. I've cleared the CMOS, locked changes out, new password, but nothing. I've tried numerous IDE devices in these ports, BIOS refuses to see them (these devices work fine elsewhere)
  • Before it disabled the IDEs, I attached an IDE HDD to offload data, but the virus jumped into that HDD ... I realize this seems impossible, but it's true. Must've came from the infected BIOS.
  • I cannot seem to burn DVDs ... they all fail between 80 and 95% complete
  • I got a BIOS flash from MSI, but that's only do-able in DOS of course, so I started up with a 'Bart's Way' DOS bootable CD. I went into C to retrieve the flash BIOS file - but it was gone, invisible. It was there when I re-booted into Windows.
  • Can I make a Bart's Bootable CD and include the Flash BIOS file in the burn? Then boot and flash from the CD?


    I realize this all sounds preposterous, but I assure you it's all real.

    Some consolation that it permits full use of the computer (it's clearly a pay-per-click money-maker), but I have to do something. Ideas?


    Just FYI: The sites that get the redirected traffic are primarily 'Tazinga,' 'Scour' and "My Yearbook." The jump URLs that flash up are mostly "Get-Search-Results," "New Search Results," "Traffic-Master."
  • More about : mother malware

    Related resources
    a b 8 Security
    January 16, 2011 2:02:55 PM

    Personally i would do a clean install of the computer if there are that many known isues!
    m
    0
    l
    January 17, 2011 2:17:01 AM

    SR-71 Blackbird said:
    Personally i would do a clean install of the computer if there are that many known isues!


    I tried several times, but the IDE ports were locked off by the rogue BIOS, and the burn process was nixed every time, so I had no way to offload the data, which I can't lose. Very smart malware, I'm know it's responsible for the IDE lockout, and I'm pretty sure it's killing the burns. The thing is like a Great White shark ... it defends itself at every turn. It's a remorseless redirecting machine.

    Besides, a wipe and re-install wouldn't have worked anyway, info online says the infected BIOS will jump back on the new install.

    Anyway, Grumpy, that Kaspersky process was quite helpful ... it knocked out some of the trouble, enough at least that I could catch up on Windows Update, which had also been locked out. That Kaspersky scan took maybe 90 seconds, and when it stopped I groaned inside - thinking it had been cut short by the thing. Thanks.

    The W-Update has appeared to make a difference, and I discovered there is a utility in CMOS that permits a flash BIOS from a thumb drive. That should solve most of the rest of the problem. I'll get back to you.
    m
    0
    l
    January 17, 2011 5:06:05 PM

    Also, another way to attack it, take drive out of that pc, slave it to another pc, then blast it with malware bytes, spybot search and destroy, then for good measure, maybe super antispyware. See if you can flash bios from usb like you were going to, reinstall drive into machine. Boot to safe mode, hit again with those utilities, then full av scan. After that, delete ALL system restore points if the machine lived through those scans. Then create a new restore point called clean.
    m
    0
    l
    !