# Bios virus help



## twantnix3 (Oct 17, 2009)

I don't know if this the right place to put this but recently, I installed linux on my box, a few days after, between my installing software using apt on the Debian like system, or downloading something, I caught a virus that effected the whole system.  I believe its a bios virus because it effects the keying process, and the mouse.  In other words, i cant type effectively in the GUI environment, nor CLI on linux. I can only type without error in CLI mode on freebsd, which was the only thing I was able to install.  I read about programs such as coreboot and flashROM, but currently haven't been able to find them for Freebsd, Someone please help me.


----------



## ale (Oct 17, 2009)

twantnix3 said:
			
		

> I caught a virus that effected the whole system.  I believe its a bios virus because it effects the keying process, and the mouse.





			
				twantnix3 said:
			
		

> In other words, i cant type effectively in the GUI environment, nor CLI on linux. I can only type without error in CLI mode on freebsd



Those 2 statements are a _non sequitur_.


You said that you caught a bios virus on linux.
I've never heard about bios viruses on linux
You said that the virus affect the whole system resulting in a not working mouse and keyboard at low level.
So why they should work on FreeBSD?

Maybe playing with apt you simply screwed your linux installation.


----------



## SirDice (Oct 17, 2009)

ale said:
			
		

> Maybe playing with apt you simply screwed your linux installation.


Occam's razor says this is the most likely scenario.


----------



## twantnix3 (Oct 17, 2009)

my whole pc is screwed...  I cant even navigate through my bios freely.  I just need a program to fix this.


----------



## twantnix3 (Oct 17, 2009)

ale said:
			
		

> Those 2 statements are a _non sequitur_.
> 
> 
> You said that you caught a bios virus on linux.
> ...



maybe the virus was written by someone using freebsd....  

furthermore, I even tried to install netBSD and I was unable.
people seem to think that catching a virus on a unix system is non existent.  I beg to differ!!  after all, you only need to know C to write a Linux/Unix virus/exploit versus needing to know ASM for Windows virii.


----------



## twantnix3 (Oct 17, 2009)

to go deeper, if I boot up a slackware livecd and go to type "setup" NO characters will appear in the shell, if I boot a freebsd disk, EVERYTHING WORKS for some strange reason.  I have used Linux for a while and I know when theres a problem.


----------



## ale (Oct 17, 2009)

twantnix3 said:
			
		

> to go deeper, if I boot up a slackware livecd and go to type "setup" NO characters will appear in the shell, if I boot a freebsd disk, EVERYTHING WORKS for some strange reason.  I have used Linux for a while and I know when theres a problem.


Maybe on your PC there is a sticker with the logo "Designed for FreeBSD(TM)" 

I still don't believe that the cause is a bios virus, anyway you can try resetting the CMOS.
Usually this is done unplugging from AC, removing the battery on the MB, shortening a couple of pin with a jumper and wait some minutes.
Refer to the vendor manual for the correct procedure.
You can also check if there is a BIOS upgrade available.
Some vendors let you download a bootable ISO to update the BIOS, some other require a bootable dos floppy...
But remember, your are the only responsible if something go wrong.


----------



## twantnix3 (Oct 18, 2009)

let me add...(sorry)  i have a laptop so I dont know if that CMOS thing will work.


----------



## ale (Oct 18, 2009)

twantnix3 said:
			
		

> let me add...(sorry)  i have a laptop so I dont know if that CMOS thing will work.


If you still think that this will help you, try searching for the procedure for your vendor/model. Try also looking for bios updates on the vendor website.


----------



## Carpetsmoker (Oct 18, 2009)

A BIOS virus is extremely rare, even in the wonderful world of Windows.
I would say it is _highly improbable_ you've managed to catch a BIOS with apt-get, I would expect somehow would have noticed before 

Are you using a PS/2 or USB keyboard? Maybe there is something wrong with one of either connections? Try switching.
For that matter, it may be as simple as your keyboard being broken.



> people seem to think that catching a virus on a unix system is non existent. I beg to differ!! after all, you only need to know C to write a Linux/Unix virus/exploit versus needing to know ASM for Windows virii.



You're right, you can make malware for UNIX systems, and there is some malware out there.
But Windows does support C, and you can use it for writing malware, why wouldn't you be able to?


----------



## Beastie (Oct 18, 2009)

Yes, what's this C vs. assembly thing? You can code anything (including viruses) in both C and assembly under Windows, GNU/Linux, BSD, etc. I've seen many Windows viruses written in C.

And your way of saying "you only need to know C" suggests you think assembly is harder than C, which is not quite true.


----------



## sossego (Oct 19, 2009)

I'm going to be burned for this one.
Whatever Linux distro you had on there, use a rescue disk of the exact same release to fix the problems.

You're going to need to mount the drive externally and check a few files. 
What you may have is a rootkit.

But, before mounting try this: When grub or lilo appears, hit the spacebar and choose single user mode.
Create a new user:
	
	



```
#adduser <username>
#passwd<username>
Password:
repeat passwd:
```
Exit and log in as the new user.

Open the package manager- yast, yum, apt, etc- and do a search for rootkits. There should be a rootkithunter/rkhunter and checkrootkit/checkroot.
Install both of them.
Run each as root.
Open a terminal, su to root, and follow this- http://www.cyberciti.biz/faq/howto-finding-files-by-date/ You want to see which files have been affected.

Remove these files.

And the next part: You need to copy all necessary files to  some media and reinstall the OS.

Or. You can use the livecd.
For the moment, I'm assuming that you know how to use a live environment.
Use the link above and the terminal to find the file and manually remove it from the system. If you don't think that will work, then copy what you need and do the reinstall suggestion at top.


----------



## chavez243ca (Oct 19, 2009)

maybe your hardware is just hosed.


----------



## twantnix3 (Oct 20, 2009)

Beastie said:
			
		

> Yes, what's this C vs. assembly thing? You can code anything (including viruses) in both C and assembly under Windows, GNU/Linux, BSD, etc. I've seen many Windows viruses written in C.
> 
> And your way of saying "you only need to know C" suggests you think assembly is harder than C, which is not quite true.



If I didnt say it, very few viruses are written in C for windowz

ASM to me is harder to learn and master.  printf is easier than mov any day in my book.


----------



## twantnix3 (Oct 20, 2009)

sossego said:
			
		

> I'm going to be burned for this one.
> Whatever Linux distro you had on there, use a rescue disk of the exact same release to fix the problems.
> 
> You're going to need to mount the drive externally and check a few files.
> ...




all that probly would work if my typed characters would show up right. i.e.: I type cfdisk and I get a^*k?>


----------



## expl (Nov 2, 2009)

Since you did not tell us what is your motherboard or BIOS manufacturer. You will have to look up for a clean BIOS flash image on manufacturer's home site. Now some will provide a boot CD image, some will just give Win32 program that will rewrite the BIOS flash from windows. If you get only the windows BIOS flash rewriter you will need some short of windows live-cd (can find some on torrents). Before booting disconnect your hardrives. Put the BIOS writer on USB stick boot the windows and write the BIOS. Format all your partitions just in case.

Then again this is just if you are sure that its a BIOS virus. These viruses are very rare on Windows not to mention Linux/BSD becouse they are easy to detect at the moment of infection and are easy to protect against, since most of BIOSes come with BIOS write protections, etc. Make sure to turn them on in settings .


----------



## michaelrmgreen (Nov 10, 2009)

Try a memtest run. This is what I use. http://www.memtest.org/ Memory is much more prone to failure than supposed.


----------

