Sign in with
Sign up | Sign in
Your question

Possible bios virus

Last response: in Windows XP
Share
September 27, 2011 10:07:59 PM

hello, and thanks for reading this. I have a Dell XPS M1710 laptop. IT is about 5 years old, but because of some problems, most pf the computer is new. his includes the keyboard, mother board, touch pad, speakers and monitor. I am running Windows XP service pack 3.

Ok. So the other night I turn my laptop on and it starts fine. Once I log in, the mouse is jumpy and I can't type. I figured something didn't load correct. So I restart the computer. This time right after the bios screen and before the windows loading screen it starts beeping like crazy. No pattern. Every time since then , the beeps are not to a pattern that matches any of Dell's beep patterns. They always beep differently too. Sometimes solid 10-12 beeps. sometimes patterns, but never patterns of 3. So I can't find a problem then. After all the beeping it loads to a screen that Hardware Profile/Configuration Recovery Menu. There is only one profile to choose "Undocked Profile". It won't let me hit enter or do anything. It just freezes there unless I just rake my hand over the keyboard. Then it loads into Windows. After windows loads, the B,N,/, left arrow, right arrow, down arrow and space do not work. I spoke to Dell at this point since I am under warranty. Well that was a waste of 4 hours so far. I shut down and restarted numerous times. Same deal. I go and buy an external keyboard and it works perfect. So Dell is sending out a tech to change the keyboard thinking that's the problem. I couldn't do anything in the bios or hitting F12 to do diagnostics because before I bought the external keyboard I couldn't push down. Well now I can. I run diagnosis and everything passes. Well on Sunday night everything was going fine with just using the external keyboard. all of a sudden the explorer window I was in just closed. Then programs were trying to open. If I clicked on a program to open, it would just open the properties unless I right clicked them and hit open. This continued and at that point I figured I had a virus. So, I got out the old restore Cd's and did a complete factory restore. Doing the full format, not the quick one. Right away the keyboard was working even as I was doing the install. things worked great again. I also went to Dell support and updated the Bios. I thought I was over it. I am using free AVG as antivirus. It did pop up a few times yesterday saying it found some system volume problems throughout the day. Not sure if that helps anyone. Well. This morning I started my laptop and tried logging into work and what I was clicking on wasn't opening. Just kept trying to open other programs. Uh oh. then I realized the keys on the keyboard listed above don't work again. I'm at a complete loss now. I ran Windows File Protection this morning and right near the end it asked for XP disc 2. I only have one form Dell. Well either way. The keyboard and all work again. so it fixed something, but I'm assuming it's going to happen again. I also ran combofix and that report didn't really come up with anything out of the ordinary. I then ran Rootkitreveal. I will post that report below. Any help would be great. I know this was a long post. I apologize. I just wanted to get all the info out so you all know exactly what's been going on.

Rootkitreveal report:


HKU\S-1-5-21-1085031214-1767777339-682003330-1005\Console 9/27/2011 1:52 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 9/26/2011 1:56 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/26/2011 1:56 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\DbgagD\1* 9/26/2011 6:04 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 9/27/2011 4:20 PM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 9/27/2011 4:20 PM 4 bytes Data mismatch between Windows API and raw hive data.


I don't know what any of these are or if I should delete them.

More about : bios virus

September 27, 2011 11:54:33 PM

I tried those steps, but since I just did a complete restore, none of those steps helped. It found few cookies, but that's about it. I'm at a loss still.
m
0
l
Related resources
September 28, 2011 12:12:54 AM

It's more likely the issue is in your MBR. Try the Kaspersky Virus Removal Tool and Super Antispyware portable to see if they can root it out. A bios level virus is very unlikely, a bios in your partition table or boot record isn't unlikely at all
m
0
l
September 28, 2011 12:37:17 AM

Ran both of them and nothing, I do appreciate your guys suggestions,
m
0
l
September 28, 2011 12:43:49 AM

It might just be a data mismatch. It doesnt necessarily mean you have a rootkit. If you have a bios with absolute software computrace it may also just be completely normal and nothing to worry about. This is just a registry check, there could be a lot of reasons for differences. I wouldn't worry too much if none of those programs found anything
m
0
l
September 28, 2011 12:53:59 AM

starzty said:
It might just be a data mismatch. It doesnt necessarily mean you have a rootkit. If you have a bios with absolute software computrace it may also just be completely normal and nothing to worry about. This is just a registry check, there could be a lot of reasons for differences. I wouldn't worry too much if none of those programs found anything



The problem is when the keyboard stops working and it won't let me open programs because it's wanting to click on something I'm not clicking on. So there's plenty to worry about if it keeps happening. If it happened before the full restore and that was it, I wouldn't worry because it was fixed. But since the same symptoms occurred the day after I did the full restore. There is a problem.
m
0
l
September 28, 2011 1:08:10 AM

Yeah, that isn't great. I've got nothing, hopefully someone else has an idea
m
0
l
!