Question purging rootkit infection from BIOS

DAPUNISHER

Super Moderator and Elite Member
Moderator
Aug 22, 2001
20,925
467
136
What makes you so certain that you have one? They are rare and usually aimed at high value targets. I recently read posts from professionals, that there has not been any appreciable activity in bios infecting proof of concepts, let alone real infection distribution campaigns.

Not trying to debate you, insult you, or otherwise antagonize you, so don't take umbrage. It is simply that your having one is about the least likely explanation. A software or hardware issue is much more likely than a rare bios rootkit.
 
  • Like
Reactions: DigDog

wpshooter

Golden Member
Mar 9, 2004
1,561
2
81
No, don't think I have one just ran across this subject in conversation and was wondering what the possible effects would/could be. And how to fix it IF it did occur. I found a post elsewhere suggesting that indeed reflashing the bios would fix. Thanks.
 

DAPUNISHER

Super Moderator and Elite Member
Moderator
Aug 22, 2001
20,925
467
136
Given what I have read about them, I would be more prone to trash the chip or even the whole board, to be on the safe side.
 

whm1974

Diamond Member
Jul 24, 2016
8,280
1,369
96
Given what I have read about them, I would be more prone to trash the chip or even the whole board, to be on the safe side.
Speaking of rootkits, are any ways and safeguards to prevent rootkits from getting installed in the UEFI?
 

daveybrat

Super Moderator
Jan 31, 2000
5,099
477
126
Yes, reflashing the bios should remove a bios rootkit. Although as others have already chimed in, i've never in my professional career seen a bios rootkit and i've been a tech for almost 24 years now.
 

Mr Evil

Senior member
Jul 24, 2015
398
133
116
mrevil.asvachin.eu
The BIOS isn't the only firmware on a motherboard, and GPUs and storage devices have firmware too. A sophisticated enough rootkit could infect any or all of them, the only way to be sure is to throw it all away.
 
  • Like
Reactions: Charlie22911

ASK THE COMMUNITY