 sj |
||
|
||
BIOS Virus nasty but it can be squished!
|
|
|
|||||||
|
BIOS Virus nasty but it can be squished! |
Share Thread
|
||||||
|
Subject: BIOS Virus nasty but it can be squished! From: j0_77 Date: 16 Oct 99 - 09:03 PM This one assumes you will press the reboot key OR ctl alt Del when lock up occurs, assumes the user does not keep track of BIOS settings and assumes you are not familiar with your BOOT UP screen. It does not expect you to TURN OFF THE POWER when you lock up. It does not expect you will reset the BIOS if it has been altered. There is now a variant of the Cernobyl idiot virus that sneaks into a PC. The route is ---any website java script-->your computer's memory--->any cache / tmp folder---> creates a folder or tmp file to create/unpack---->causes lockup. Which makes you reboot, whereon it tries to write to BIOS or garble BIOS where you've a flash type BIOS---> Noticable changes 1 Boot up memory check reports look odd = You used have 16 meg now you see 8 meg - it will try to grab a hunk of memory -assuming the victim presses ctl alt del - If you turn off the power for a long time OR remove and reseat the memory chips= kills it. If it continually reloads, boot to startup disk in the A drive and search for new files folders on YUP the C drive. DELETE EM. If it still persists you'll need a techie to fdisk the MBR. Also may need the C drive have a sys command off the A drive. 2 Hard Drive specs are changed !! That is not something you'd pay any attention to - for some reason this idiot script tries to set all BIOS settings to default. You'll have to reset each page ESPECIALLY your Hard Drive. If not the system may report 'invalid system disk' Since it appears it requires the services of System BIOS cached to RAM it HAS to reset that value in BIOS. Clearly Video ram can easily be mistaken for System so twill also reset that too. Reset to 'Disable' or adopt that as default = in windows95/8 sytems it makes no difference which you choose. Disable is preferred since it forces these type viri to make a victim reboot twice - A SURE SIGN something aint quite right. :0)
|
|
Subject: RE: BIOS Virus nasty but it can be squished! From: Jon Freeman Date: 16 Oct 99 - 09:29 PM I think that the viruses that go for the BIOS are the most worrying of all - they can destroy a PC. I don't know how this software compares with other anti-virus software for PCs but Computer Associates offer a free version of their InoculateIT Personal Edition together with regular free upgrades. This can be downloaded from http://antivirus.cai.com/ Jon |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: _gargoyle Date: 16 Oct 99 - 11:02 PM Look back to the "assumes" in your text.
Remember, the old adage, "ASS-U-ME"....it makes an "ASS" of "U" and "ME."
Personally, I consider this virus quite brillant....it builds upon the the knowledge that, "the masses are asses." |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: j0_77 Date: 17 Oct 99 - 04:28 AM Actually gargoyle - worse than that if it succeeds in garbling a Flash type Bios the motherboard is scrap!! 100 to 250 bucks worth. Since it is deliberate and designed to hurt innocent people I do not praise it no matter how clever the creator. At this time there is no antivirus image if it as far as I know - it is hot off the idiot press. So running a Virus Protection program is no help. Keep a watch on reboot type lockups and watch for the tell tale signs. Another option disable cookies, disable java and delete all temp folders - that one can be automated to run every 20 seconds or less if you are really worried. Just comming to Mudcat would not be a risk but surfing would. |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: bseed(charleskratz) Date: 17 Oct 99 - 08:02 PM Every time I see that damned "makes an ASS out of U and ME" thing I want to barf. We make reasonable assumptions all of the time--that is what intelligence is all about. Actually, the phrase "reasonable assumptions" is redundant--an assumption is a judgemnt base on experience or accumulated knowledge, and is, therefore, reasonable--if the mind making it is not irrational. Obviously, not all assumptions are justified, but the use of that ASS/U/ME crap is--in my experience--the special province of petty tyrants, and is intended not to justify a negative response to the assumption but to make the person offering an assumption feel stupid. The first time I heard it was from a drill instructor in basic training; sometime later, my son's second grade teacher made him stand in front of the class while she wrote a huge ASSUME on the board and went through the routine. Sorry, Gargoyle: I'm sure you'd never have such intentions. --seed |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: katlaughing Date: 17 Oct 99 - 08:18 PM Jo77, I'll ask, since nobody else has, would you kindly explain what you are talking about in the simplest terms possible. I know a little bit, but do not recognise some of the acronyms you've used nor understand totally the precautions you mentioned. It is obvious that you know a great deal about operating systems, etc. and I appreciate your alerting us; I just don't understand some of what you all are talking about. Thanks, very much, kat |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: j0_77 Date: 17 Oct 99 - 09:11 PM Very simple Kat, a script is a little program that should be used to enable stuff on a webpage. Disable java and see some exmples at the bottom of any page. (Depending on your browser some versions of Netscape reveal the scripts some do not) Java Script Errors/Viri
|
|
Subject: RE: BIOS Virus nasty but it can be squished! From: _gargoyle Date: 17 Oct 99 - 09:22 PM No apology needed B.S...... I was probably both your D.I. and your son's teacher. It is always important to Net-Surf with a triple condom....and to never permit access to your H.D. |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: j0_77 Date: 17 Oct 99 - 09:59 PM Gargoyle it is nearly impossible to deny access to the hard drive! In Windoze and Linus boxes there is a swap file (another favorite hiding place for naughty code!) where excess current memory 'pages' are kept. The swap file is on disk not in ram! Rebooting the machine normaly deletes that file, but some viri have been found which survive the reboot in the swap file. In these cases windoze may reload but complain a lot. If not it will go into safe mode and complain less. |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: bseed(charleskratz) Date: 17 Oct 99 - 10:31 PM When I got the virus that disabled my hard drive, Gargoyle, I had not downloaded anything--I had merely opened an expected e-mail from Adobe after erasing all two hundred or so similar messages. I didn't Save the message, I simply didn't delete it because it had some directions I had asked for for installing an Adobe program, directions I didn't have time to put into use immediately. I don't download files I haven't requested or which have come from someone I know and trust, and I hadn't downloaded anything at all in days, maybe weeks (it's not a regular occurance in my computer usage). So the message itself was in aol, not my computer--after I had closed it. I think that generally it's safe to accept e-mail from a major software publisher--and I'm not sure that it was the message itself which caused its alias to reproduce itself endlessly. If and when I can get data from my old hard drive, maybe I'll find out what happened. Also, I find it hard to use my Mac when it's covered with too many condoms--one, maybe, but more than that and the screen gets a bit dim and the keyboard and touchpad difficult to use. By the way--did you feel the earthquake yesterday morning? --seed |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: _gargoyle Date: 17 Oct 99 - 10:41 PM Another slogan you obviously dipise: Haste makes Waste
You can view the time it took to restore your HD as an "educational process." What earthquake? |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: SingsIrish Songs Date: 17 Oct 99 - 10:52 PM Huh? Can anyone translate the first thread so the computer illiterate might understand... SingsIrish |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: j0_77 Date: 17 Oct 99 - 11:50 PM Seed the only recent virus I can think of that would do that to your drive is Melissa - do try FProt home page for profiles. It can be removed :0) Posted the message after capturing the bug and did not think anyone would be interested except those who were having problems with viri.
|
|
Subject: RE: BIOS Virus nasty but it can be squished! From: bseed(charleskratz) Date: 18 Oct 99 - 02:46 AM jO, is Melissa a Macintosh virus? There aren't too many around. By the way, I still haven't been able to make Real Audio work (but then I haven't tried anything drastic--or much of anything period, for that matter). --seed |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: _gargoyle Date: 18 Oct 99 - 03:54 AM Another possibility is that your machine was malicously "cracked" through the use of "Back Orifice" aka "BO."
"BO" permits control of all your machine's functions to be monitored and manipulated from a remote location. It is not a "virus" but it is has potential to be even more powerfully nasty. It exploits a vulnerability within MS Office. It was recently featured (second time/new improved version) at August's "DefCon Convention" in Las Vegas. More information is found at "The Cult of the Dead Cow" (put up "full shields before entering their site!")
There are lots of good Virus Sites - one of my favorites is: Top Ten Virus Reports for the Month. Another good place (subscription is free and they will E-Mail concerning the newest of virus reports) is CERT.ORG Carnagie Mellon's Computer Emergency Responce Team
You truly do have my sympathy, viri are nasty, devasting and a terrible waste of time,money and energy.
|
|
Subject: RE: BIOS Virus nasty but it can be squished! From: _gargoyle Date: 18 Oct 99 - 04:06 AM For the month of September the current top-ten listed at http://www.us.sophos.com (link above) has "FORM."
The description is similar to what you describe. |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: j0_77 Date: 18 Oct 99 - 09:36 AM Don't know Seed whether Melissa is a Mac virus I do know it does some weird stuff. You ought to check it out! Hi gargoyle - thankyou for the links |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: sophocleese Date: 18 Oct 99 - 12:26 PM Okay I am really really new to this wonderful world of the web. I've heard gargoyle talking about Protection, but I have no idea of how where what or anything actually about it. So far I don't do anything except occasional surfing on the net and I don't use anybody elses disks etc. What are some basic necessary procedures to stop my computer dying on me of a virus?
|
|
Subject: RE: BIOS Virus nasty but it can be squished! From: MMario Date: 18 Oct 99 - 12:40 PM Melissa (aka MAILISSA) was bi-platform in that it was actually a Microsoft Office macro-virus, and was dependent upon the program being run for mail, rather then the Operating System. If you use/d Microsoft products as the client for your e-mail, then it could hit you. Non-microsoft and you were (probably) safe, but could infect other people if you forwarded. |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: MMario Date: 18 Oct 99 - 12:50 PM sophocleese....get yourself a virus scanning program if you do not already have one. (try inocculatit - workstation version if you are a win95/98 machine - it's free.....*grin*) NEVER EVER EVER EVER "open" or "run" an e-mail attachment, or a download from the web, that ends in .bat,.com , or .exe without scanning it with a virus scanner (unless you KNOW it has been scanned and certified free by the person sending it to you.) Ditto for ALL Microsoft Office documents received or downloaded. Ditto for any floppies EVEN IF ALL YOU INTEND TO DO IS LOOK AT THE DIRECTORY!!!! This is a bit simplistic, but will protect you a lot. Remember, new virii and trojan horses and macro-virii come out frequently and the best virus protection is next to useless if you don't update *it* frequently
|
|
Subject: RE: BIOS Virus nasty but it can be squished! From: Jon Freeman Date: 18 Oct 99 - 01:40 PM MMario, as new viruses crop up so frequently, I won't consider opening the email attachments that you mentioned (scanned or otherwise) unless I know who sent it and why. Sophoclese, a link to Computer Associates, the makers of InoculateIT is in my previous post. Jon |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: MMario Date: 18 Oct 99 - 01:46 PM JOn - I agree. I don't trust any kind of executable file sent by someone I don't know. |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: Jon Freeman Date: 18 Oct 99 - 02:09 PM Just to explain what I meant by why to Sophocleese, even a friend can unwittingly send a virus so if an unexpected attachment came, I would still be wary. The only one that has arrived to me in this way is a little beastie called Happy99.Exe. This one is not really a threat to PCs and is quite well known. Basically it attaches itself to emails and just causes a lot of unwanted junk on the web. I am not sure but believe that it has been know to reach epidemic levels in some newsgroups. Jon |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: bseed(charleskratz) Date: 18 Oct 99 - 03:53 PM Garg and jO, it doesn't seem to me to be any of the top 10, all of which seem to work in Windows or Word (or MS Office, which includes Word). None are specifically mentioned as capable of infecting Mac systems, although Macs can serve as a vector: a Mac user could forward an infected e-mail without being infected. My only contact with Microsoft is when I get connected to Internet Explorer via a web search (I tossed out AOL 4.0 when I saw that it used Internet Explorer--I went back to 3.0 which uses Excite). My word processor is Claris Works, which I also use for graphics and database functions. I'm not absolutely certain it was a virus, although it certainly acted like one. Your suggestion that it might be BO seems to be ruled out, again, by the fact that I have no Office nor other MS products. What is it about Word that makes it so vulnerable to viral infections? Can't Bill Gates put one of his multi-billions of bucks to work protecting his customers (why does he have customers at all if his products are so subject to infection? So he can sell anti-viri?). We Macintosh users generally feel we are the cyber god's chosen people and can't for the life of us understand why anyone would stick with Windows. Join the revival, folks--how can you resist a cuddly little i-Mac or a Windows crunching G-3 or G-4 tower ? --seed
|
|
Subject: RE: BIOS Virus nasty but it can be squished! From: sophocleese Date: 18 Oct 99 - 04:42 PM MMario and Jon thank you very much for the information. I'll be working on it this evening and doing what I can to enjoy safe surfing. Sophocleese |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: j0_77 Date: 18 Oct 99 - 06:08 PM Some thoughts - Seed I doubt that Macs are better protected from viri since they employ the same technology to write from memory to disk! I agree with you that an 'interupt' error could have knocked out the end of file or end of routine marker so the command could not fully execute - in memory - result endless disk activity untill all free space is filled. I also envy anyone with the Big Mac - yummmie - I love the graphics ability and have no doubt the newer ones leave the rest in the dust for multimedia apps. BTW Real Audio has a big problem with Video drivers so I would double check copatibility issues where installs fail. |
|
Subject: RE: BIOS Virus nasty but it can be squished! From: bseed(charleskratz) Date: 19 Oct 99 - 02:41 AM jO, maybe my problem is that I downloaded Real Player--maybe my old Mac could handle Real Audio without the video player. I'll try again. --seed(whoissorryforthethreadcreep) |
| Share Thread: |