AfterDawn Forums

malware removes the ability to select a boot device

This discussion thread has 12 messages.

Does anyone know how malware could remove the ability to select a boot device? It also distroys the system restore records dated before it took over the computer so there is no easy fix. Actually there is no fix if you can only boot from C:. I bought system restore disks then discovered I couldn't use them. I took the computer over to my favorite computer repair with the disks and let them do it. I got the minimum charge. If the disk was a 3.5" I would have pulled the disk and low level reformatted it as an external disk. I have pricesd out an external adapter that will do 5.25 - 2.5 and IDE as well as SATA. Before I plunk down the cash I am wondering if there is a smarter way. The adapter is cheaper than the minimum charge so I will buy it if I can't figure out a better way. I expect I will see that problem again.
This message has been edited since its posting. Latest edit was made on 23 Jul 2013 @ 10:05
▼▼ This topic has 11 answers - they are below this advertisement ▼▼
AfterDawn Advertisement
If it was a virus that managed to flash the bios? - but then you could reflash the bios to get rid of that, then check the machine for whatever did it initially.
malware doesn't touch bios but virus does. enable the flash protection in the bios once bios reflashed.
Yes ddp is probably correct. Unfortunatly, how the malware infection is carried out is by connecting your computer to a hacker's server which breaks through your filewall then steals any password files or any files that contain FTP info, analyses your computer then replaces certain exes and/or DLLs on your computer. If the hacker wanted to update your BIOS it could. The beauty of this is there is no virus signiture, if you run HiJackThis you will see nothing suspicious ect. It is 100% stealth. They all use VPN to connect with the 'mother ship'. The connection between your computer and the hacker's computer is created by an injection port on an infected web page. Opening the page opens the connection.

The computer was a Win 7 computer and the boot timeout was probably set to 0. The only way to get into the BIOS would be to create a hardware boot failure but that will still not change the boot time. Even if I press the key for the boot device selection it will not be on the screen long enough to use it. I have downloaded an editor that will allow be to inspect and modify the settings. I think I will still buy the adapter. Not only is it one more tool in my bag of tricks but I can see what is on a few old IDE drives that are sitting in my office collecting dust. If they are small and have nothing I want I can chuck them but some are pretty big. Great for system backups I might use once a year or less. When not used they will be sitting collecting dust. Right now my backups are on some general storage devices that get accessed at least once a month. I doubt that the malware is smart enough to find and destroy backups but it is possible.
try resetting the cmos. other option is if bios chip is in a socket then might be possible to get a new pre-programmed bios chip.
Couldn't BIOS just be restored by placing jumper to it's recovery option assuming it has one you know the thing if you stuff up a flash or whatever

AD Guides: guides/
Console Mod Tuts:

that is what resetting the cmos does & if no jumper, disconnect external power cord then remove cmos battery. i have a board from a customer which the programming on the bios chip was corrupted so i am going to reflash the bios if i can get it to boot off a floppy or pay $15 for new programmed bios chip.
Yes I could have done that. Except, I do not think the BIOS was tampered with. There is no setting to disable the boot menu that is hard wired. The hang time in Win 7 is regulated by the OS which can be modified.
the boot device is set with the bios not windows unless you have a real real old board which you don't.
If you say so. What I am sure of is to get something other that a HD to be used as a boot device you can either press F12 which brings you to a BIOS menu and select any type of device or press F7 and select a CD using the OS. The bootup went directly to windows start.
when you selected to boot from dvd with the 1st recovery disk in the dvd drive, it went to windows start instead? try to boot another computer with that disk to see if does same thing or it boots off the dvd to load win7.
As I mentioned in the opening post, I had a local family run shop do the fix. My inquiry was for a future infection. I bought a USB HD cheap-o adapter for less than $20. The next time my daughter's computer gets infected I will learn if it is the BIOS or hard disk. I am sure it is the hard disk since there only a few OSs while there may be hundreds of BIOS to create an attack plan for. The attacks are preformed by robots not humans.

I have seriously upgrade the firewall. This is a warning for anyone reading this post. I installed the firewall before I connected to the network. As soon as I plugged it in the fire wall asked me if I wanted to allow incoming connection. The attack took less than a second. If you install a 'fresh' system do not have it connected to the internet until you have a firewall up and running. If not it will be infected before you are finished installing everything.
This discussion thread has been automatically closed, as it hasn't received any new posts during the last 180 days. This means that you can't post replies or new questions to this discussion thread.

If you have something to add to this topic, use this page to post your question or comments to a new discussion thread.