mailing list archives
Re: RE: Any solution for a virus in the BIOS?
From: "Michael R. Martinez" <mike () security-bounce com>
Date: Mon, 3 Dec 2007 20:26:35 +0000
Boot into a disk that scans for virus at boot!
Michael R. Martinez
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 3 Dec 2007 19:40:00
To:security-basics () securityfocus com
Subject: Re: RE: Any solution for a virus in the BIOS?
On 2007-12-02 admin () lh com wrote:
First things first, get rid of AVG Free edition and find a decent AV.
AVG misses most modern anti-viruses and can be avoided easily.
Care to elaborate on that one?
Get a av that has boot sector protection. Once you've run a scan with
that, it will clear things out.
Please explain how boot sector protection is supposed to help against
malware living in the BIOS. You do realize that it's the BIOS that
executes the boot code, don't you?
Assuming the BIOS actually is infected (which isn't too clear after the
OP's rather vague description) the appropriate way would be to replace
the BIOS chip or flash a clean BIOS onto it using a dedicated device
(*not* a PC that is booted with the potentially infected BIOS). Also
examine the supposedly infected harddisk from a clean system, either by
booting some live-CD after cleaning the BIOS or by attaching the disk to
another system (as secondary/external disk).
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq