CAN malware infect a bios?

[Neos]

Again ..Can malware infrct a bios ...and can a virus or malware infect an already recorded and closed off cd?

At the moment (after my fifth re-install) all is well. The prior time all was well too ... UNTIL ...I remembered I needed to install Office XP. The minute I started to install I got the BLUE SCREEN and a constant re-boot. The Office XP is a copy, not the original MS factory disc.

 

[HDR]

It should not be able to infect the CD.

If you are not worried about the data from the drive try to use a wiping program to wipe the drive (or at least the first few hundred sectors) and start again. If this does not work, unseat any cards and the RAM and clean the sockets with compressed air and then try again.

 

[Neos]

That is exactly what I thought - that the only way to get something onto a cd was to burn it on.

I will do the un-seating and re-seating - but ...what about the pc bios? Just curious.

 

[mechBgon]

Virus-infected files can be put onto a CD. Originally-clean files from an authentic CD can be infected if they're being burned on an infected system. Classic file-infecting viruses are plentiful. Why don't you use your authentic Microsoft CD-ROMs and see if that works better

Trivia item: yes, there are viruses that Trojanize CDs that are being burned, too. I'll see if I can dredge up a link to the one I read about.

 

[birdpup]

Is the hardware of your system operating normally? Maybe there are memory issues and testing the memory with memtest for 24 hours+ will check this.
Memory Tests
memtest86
memtest86+

EDIT:
If you think there is a virus in the Office XP CD, then install a virus scanner before you install Office and scan the CD before starting the installation. I think it is probably a hardware issue.

I recognize your name and think you have been asking other hardware related questions lately.

I suggest testing your system with memtest for 24+ hours and then running a Prime95 torture test for another 24+ hours. This should help eliminate obvious hardware problems.

 

[mechBgon]

but ...what about the pc bios? Just curious.

Meet one of the Win95.CIH variants. From Symantec's notes:

The second payload tries to cause permanent damage to the computer. This payload attacks the Flash BIOS (a part of your computer that initializes and manages the relationships and data flow between the system devices, including the hard drive, serial and parallel ports, and the keyboard) and tries to corrupt the data stored there. As a result, nothing may be displayed when you start the computer. A computer technician would need to fix this.

I'm still looking for the one that makes a point of infecting burned CDs. EDIT: here's one: http://www.f-secure.com/v-descs/sumom_a.shtml

Spreading to CD-Rs

The worm also copies itself as 'autorun.exe' file to the current user's 'Local Settings\Application Data\Microsoft\CD Burning' folder and creates the 'autorun.inf' file that contains instructions to run the 'autorun.exe' file when the media is inserted into a drive. As a result, when a user burns a CD-R, it becomes infected and can infect other computers if used there.

 

[Neos]

OK, guys - I will do the testing with memtest.

Yes - I am the one and same who has been making posts - trying to get to the bottom of this. Oddly, though - this does not happen on the older 40G EIDE Seagate - just the 80G Seagate SATA. I figured that it had to be connected to either a malware issue ...or a driver issue with the Via raid setup.

I degress ....I will do th test, and report back.

Thanks

 

[Neos]

NO errors. Ran all night.

About the recorded CD being infected. The cd in question is a burned copy - but it was burned a year or so back. I have used it many, many times with no issues. To be INFECTED it would have to have the virus/malware burned in with the initial burning, right???

Just using it would not open it to infection, would it? Example: If I installed Office XP to a machine that was laden with viruses - there would be no way that it would contract a virus UNLESS it was burned on with Nero or such???

Now on to un-seating and re-seating.

 

[Agamar]

Wow, that virus is pretty old. I would seriously doubt he could have gotten that.

 

[birdpup]

Originally posted by: Neos
NO errors. Ran all night.

This is good

About the recorded CD being infected. The cd in question is a burned copy - but it was burned a year or so back. I have used it many, many times with no issues. To be INFECTED it would have to have the virus/malware burned in with the initial burning, right???

Just using it would not open it to infection, would it? Example: If I installed Office XP to a machine that was laden with viruses - there would be no way that it would contract a virus UNLESS it was burned on with Nero or such???

You are correct. When data is read from a CD, such as when installing a program, the CD is mounted in the filesystem as read-only so there is no possibility of writing a virus to the CD during this operation.

Just scan the CD and you will know for sure if it is infected or not. It is probably not infected. Using the CD is much different from writing to the CD.

 

[mechBgon]

Originally posted by: NeosAbout the recorded CD being infected. The cd in question is a burned copy - but it was burned a year or so back. I have used it many, many times with no issues. To be INFECTED it would have to have the virus/malware burned in with the initial burning, right???

If you have problems with warez, you need to take it somewhere else than the AnandTech Forums. As a member since 2000, you should know that. If you need a legit alternative for free, try OpenOffice.

 

[Neos]

If by Warez - meaning downloading the Office XP from a site. I did not. It is a legit serialized program - just a copy.

I have not done the un-plug and re-plug yet, but will. Right now she is holding steady.

I did find that using IE let in all sorts of stuff when I checked with Adaware. Firefox stopped that.

Thanks for all the help.

 

[mechBgon]

Originally posted by: Neos
If by Warez - meaning downloading the Office XP from a site. I did not. It is a legit serialized program - just a copy.

Who has the original CDs and license/Certificate Of Authenticity? If you're using this, then you should. Try installing from your original CDs.

 

[Fern]

Can malware infrct a bios

From Mech's link:

The CIH virus, also known as Chernobyl, was first discovered in June 1998 in Taiwan. According to the Taipei authorities, Chen Ing-hau wrote the CIH virus. The name of the virus derived from his initials.

CIH is a destructive virus with a payload that destroys data. On April 26, 1999, the payload triggered for the first time, causing many computer users to lose their data. In Korea, it was estimated that as many as one million computers were affected, resulting in more than $250 million in damages.

That SOB cost me a lot of money :|

I have a small accounting firm and was out of town when my office was hit with it. Told my peeps to call in tech's cuz I couldn't return to check it out.

Didn't know what it was at the time. But it sure was lesson in backups Had to replace the PC's too.

 

[Neos]

Originally posted by: mechBgon

Originally posted by: Neos
If by Warez - meaning downloading the Office XP from a site. I did not. It is a legit serialized program - just a copy.

Who has the original CDs and license/Certificate Of Authenticity? If you're using this, then you should. Try installing from your original CDs.

Thanks for the input. I burn some copies to keep the originals fresh and un-scratched. I will try an install of Office from the original and see if it makes a difference.

 

[Neos]

For those who might have followed this thread - it finally came to a hard drive replacement. The Seagate SATA 80G got to where it took up to 10 minutes to load the OS. The disc utility tools from Seagate showed a bad drive.

I do hope that is it. I have the replacement drive, and have loaded most of my stuff onto it.

One note of interest ...the 80G Seagate SATA is supposed to be quiet. Well - the one that showed up bad was not. The replacement is fine. May mean something to the few that I have heard complaining that this drive was not quiet.

Thanks again for the input.

 

[birdpup]

I did not even consider that possibility...

This thread just provided a whole new area of problems to recommend running hard drive manufacturer tests.

Neos Is this the solution for all or most of your recent problems and threads?