Home page logo

basics logo Security Basics mailing list archives

Re: RE: Any solution for a virus in the BIOS?
From: "Michael R. Martinez" <mike () security-bounce com>
Date: Mon, 3 Dec 2007 20:26:35 +0000

Boot into a disk that scans for virus at boot!

Michael R. Martinez
TF: 800-987-7307

-----Original Message-----
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>

Date: Mon, 3 Dec 2007 19:40:00 
To:security-basics () securityfocus com
Subject: Re: RE: Any solution for a virus in the BIOS?

On 2007-12-02 admin () lh com wrote:
First things first, get rid of AVG Free edition and find a decent AV.

AVG misses most modern anti-viruses and can be avoided easily.

Care to elaborate on that one?

Get a av that has boot sector protection. Once you've run a scan with
that, it will clear things out.

Please explain how boot sector protection is supposed to help against
malware living in the BIOS. You do realize that it's the BIOS that
executes the boot code, don't you?

Assuming the BIOS actually is infected (which isn't too clear after the
OP's rather vague description) the appropriate way would be to replace
the BIOS chip or flash a clean BIOS onto it using a dedicated device
(*not* a PC that is booted with the potentially infected BIOS). Also
examine the supposedly infected harddisk from a clean system, either by
booting some live-CD after cleaning the BIOS or by attaching the disk to
another system (as secondary/external disk).

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]