A virus that wipes the BIOS....

Hi all.
I have a customer that recons he has a virus call Win32.Marijuana worm..and he thinks that its wiped his BIOS..

Ive searched the web and cant find it.

My question is, does this virus exsits??
Can a Virus wipe your BIOS??
Ive alwysed belived Viruses couldnt harm your HardWare..or BIOS for that matter...

Plaese just opinions on this matter would be good....

And if anyone knows of Viru that does harm the BIOS please tell me about this as well..


Regards
Redghan

 

http://www.sophos.com/virusinfo/analyses/w32marijuana.html
W32/Marijuana Aliases I-Worm.Mari, W32/Mari
http://www.europe.f-secure.com/v-descs/mari.shtml
http://securityresponse.symantec.com/avcenter/venc/data/w32.mari@mm.html

(nothing about it harming the bios though)

CIH (Chernobyl virus) comes to mind:

http://www.symantec.com/avcenter/venc/data/cih.html

 

Thank u for your help...

i must find a decent site with the Virus's listed...and a good discribtion of what they are and do.

Can you help me there as well...Im not happy with symantec or Vet's virus list and they are hard to use....

Anyway thanks for your help.

Regards
Redghan

 

Sorry i should of asked this in my first post,..

but how would you go about scanning the BIOS for a virus??

and if it is stuffed, can you re flash it??

Or can you clean it??

Thanks..

Regards
Redghan

 

Symantec's is the virus lookup tool I use most. Here is a list of the ones I have bookmarked:
http://www.symantec.com/avcenter/vinfodb.html
http://www3.ca.com/virusinfo/Search.aspx
http://ve.nod32.ch/
http://www.pandasoftware.com/virus_info/
http://vil.nai.com/vil/default.asp
http://www.f-secure.com/v-descs/
http://www.trendmicro.com/vinfo/virusencyclo/
http://www.sophos.com/virusinfo/

If you search on bios using one of the above virus encyclopedias you can look through the results to see what other viruses attack the computer's bios. I found another one: W32.Kriz:
http://www3.ca.com/virusinfo/virus.aspx?ID=5590

PS Here's a third: W32.Magistr
http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.24876@mm.html

http://www3.ca.com/virusinfo/virus.aspx?ID=6076

 

Wow, didnt relise that there were so many virus that could do that...But i quess CMOS and BIOS are still software in a way arnt they...

So ok how would you discover if you had a virus that did that...I mean you know what people are like they click on something and bam...the computers in here to be fixed...

So can you detect a CMOS-BIOS virus before its to late? Or once it runs is that it? But i quess it depends on the virus to..

Well thanks for your help.

Regards
Redghan

 

The best "antivirus" defense for Windows users where people are not careful enough about which attachments they open would be an up-to-date antivirus program with an "autoprotect" or "real-time protection" feature turned on so that it will scan files as they are being saved or opened, so that you never become infected in the first place. Many antivirus programs also have automatic update features so that the program always has the latest virus signature files.

There are also online antivirus scanners than can detect viruses on your system. Here's a lising:
http://virusall.com/downscan.html#scan1
(Many people here recomend Housecall.)

Many people recommend non-Microsoft products like Netsape or Mozilla for browsing and e-mail because they are safer as far as virus vulnerability. If you must use IE and OE see http://www.windows-help.net/features/surf-safe.html

I think you are asking, what to do after you suspect that the computer is already infected.

If you read through some of the virus descriptions you will see that after an infection occurs, there may be different stages. Often the final destructive "payload" will not be delivered until weeks or months afterwards, many on specific dates, such as December 25th in the case of Kris, and April 26 (Chernobyl, the Soviet nuclear disaster) in the case of CIH.

If the computer has already become infected, but is still bootable then running an up-to-date virus scanner or a specific removal tool for the particular virus can clean it.

Symantec offers many removal tools that anyone can download run, not just users of Norton Antivirus, for example :
KRIZ: http://securityresponse.symantec.com/avcenter/venc/data/w32.kriz.fix.html
MAGISTR: http://securityresponse.symantec.com/avcenter/venc/data/w32.magistr.removal.tool.html
CIH: http://securityresponse1.symantec.com/sarc/sarc.nsf/html/kill_cih.html

If you are asking what to do when the computer is no longer bootable, you need to give more information, for example,

What Windows version are you running?

Have you tried booting with a startup floppy, or with a bootable CD-Rom? there are dos virus scanners like F-Prot for Dos that you can use from a bootable floppy disk to scan the hard drive, and some Antivirus installation CD-Roms like Norton Antivirus are botable and will scan for viruses. I don't believe you can "scan" the bios for viruses. What you need to do is to try and enter the bios setup utility.

Have you tried entering the Bios setup utility to make sure the startup sequence lists the floppy and CD-Rom drives first, then the hard drive? How to enter depends on the system. On my IBM Aptiva I hit F1 when I see the IBM logo screen. Other systems may use the DEL key.

What exactly happens when the pc is turned on? Do you hear any beeps or do you see any lights flash on the tower or keyboard, or do you see anything on the monitor screen?

Is this a brand-name computer like Dell or HP? If not, do you know who makes the motherboard?

I'm really not an expert on hardware or non-booting computers, though.

PS. Here's a page with information on recovering from CIH damage, in case it helps:
http://grc.com/cih.htm

 

In reagrds to Virus checking. There is something that 98SE will allow that so far I can not find a way to make XP do. Because ME and XP do not allow DOS COMMANDS in the Autoexec.bat.

Up to and including Win98 SE AVG, Norton and other Anti-Virus programs could be set to check the Boot Sector at boot up.

I don't think that helps the BIOS but it can help anything after it.

BillyBob