1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

malware removes the ability to select a boot device

Discussion in 'Windows - General discussion' started by Mez, Jul 23, 2013.

  1. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Does anyone know how malware could remove the ability to select a boot device? It also distroys the system restore records dated before it took over the computer so there is no easy fix. Actually there is no fix if you can only boot from C:. I bought system restore disks then discovered I couldn't use them. I took the computer over to my favorite computer repair with the disks and let them do it. I got the minimum charge. If the disk was a 3.5" I would have pulled the disk and low level reformatted it as an external disk. I have pricesd out an external adapter that will do 5.25 - 2.5 and IDE as well as SATA. Before I plunk down the cash I am wondering if there is a smarter way. The adapter is cheaper than the minimum charge so I will buy it if I can't figure out a better way. I expect I will see that problem again.
     
    Last edited: Jul 23, 2013
  2. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,147
    Likes Received:
    41
    Trophy Points:
    128
    If it was a virus that managed to flash the bios? - but then you could reflash the bios to get rid of that, then check the machine for whatever did it initially.
     
  3. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    malware doesn't touch bios but virus does. enable the flash protection in the bios once bios reflashed.
     
  4. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Yes ddp is probably correct. Unfortunatly, how the malware infection is carried out is by connecting your computer to a hacker's server which breaks through your filewall then steals any password files or any files that contain FTP info, analyses your computer then replaces certain exes and/or DLLs on your computer. If the hacker wanted to update your BIOS it could. The beauty of this is there is no virus signiture, if you run HiJackThis you will see nothing suspicious ect. It is 100% stealth. They all use VPN to connect with the 'mother ship'. The connection between your computer and the hacker's computer is created by an injection port on an infected web page. Opening the page opens the connection.

    The computer was a Win 7 computer and the boot timeout was probably set to 0. The only way to get into the BIOS would be to create a hardware boot failure but that will still not change the boot time. Even if I press the key for the boot device selection it will not be on the screen long enough to use it. I have downloaded an editor that will allow be to inspect and modify the settings. I think I will still buy the adapter. Not only is it one more tool in my bag of tricks but I can see what is on a few old IDE drives that are sitting in my office collecting dust. If they are small and have nothing I want I can chuck them but some are pretty big. Great for system backups I might use once a year or less. When not used they will be sitting collecting dust. Right now my backups are on some general storage devices that get accessed at least once a month. I doubt that the malware is smart enough to find and destroy backups but it is possible.
     
  5. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    try resetting the cmos. other option is if bios chip is in a socket then might be possible to get a new pre-programmed bios chip.
     
  6. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,266
    Likes Received:
    63
    Trophy Points:
    78
    Couldn't BIOS just be restored by placing jumper to it's recovery option assuming it has one you know the thing if you stuff up a flash or whatever
     
  7. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    that is what resetting the cmos does & if no jumper, disconnect external power cord then remove cmos battery. i have a board from a customer which the programming on the bios chip was corrupted so i am going to reflash the bios if i can get it to boot off a floppy or pay $15 for new programmed bios chip.
     
  8. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    Yes I could have done that. Except, I do not think the BIOS was tampered with. There is no setting to disable the boot menu that is hard wired. The hang time in Win 7 is regulated by the OS which can be modified.
     
  9. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    the boot device is set with the bios not windows unless you have a real real old board which you don't.
     
  10. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    If you say so. What I am sure of is to get something other that a HD to be used as a boot device you can either press F12 which brings you to a BIOS menu and select any type of device or press F7 and select a CD using the OS. The bootup went directly to windows start.
     
  11. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    when you selected to boot from dvd with the 1st recovery disk in the dvd drive, it went to windows start instead? try to boot another computer with that disk to see if does same thing or it boots off the dvd to load win7.
     
  12. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    As I mentioned in the opening post, I had a local family run shop do the fix. My inquiry was for a future infection. I bought a USB HD cheap-o adapter for less than $20. The next time my daughter's computer gets infected I will learn if it is the BIOS or hard disk. I am sure it is the hard disk since there only a few OSs while there may be hundreds of BIOS to create an attack plan for. The attacks are preformed by robots not humans.

    I have seriously upgrade the firewall. This is a warning for anyone reading this post. I installed the firewall before I connected to the network. As soon as I plugged it in the fire wall asked me if I wanted to allow incoming connection. The attack took less than a second. If you install a 'fresh' system do not have it connected to the internet until you have a firewall up and running. If not it will be infected before you are finished installing everything.
     

Share This Page