In that post I detail how my bios boot password was over rode and now I just have user access to the bios, flashing bios did not fix it even with all hard drives removed and I think I made the flashing cd from an uninfected machine.

The bios did upgrade but still almost all options are grayed/greyed out in bios so I can’t choose to go back to default bios. It’s a Gateway P-6860FX laptop with phoenix bios. I haven’t discovered a jumper on the motherboard (if you know if there is one and or where it’s at please post about it) yet and if I can’t wipe the bios and cmos (if you know a way to clean the bios please reply) then I’ll have to get a new laptop.

Any suggestions would be very welcomed.

Sorry for my late reply, i haven’t checked this website in a while and only recently received your e-mail.

What is to be imperative for a final solution is the fact that you need to flash the bios _without_ any harddisk attached to your machine. Also no other devices or network cable should be attached when you flash the bios; Only the usb stick with the new bios on it should be attached!! ON The Asus laptop i cleaned, i was able to flash the bios with the easyflash utility, which is inside the bios itself and accessed through the F2 key.

If this is not possible (either because the machine has no easyflash utility or the easyflash utility itself has been modified so it doesn’t do a full flash of the bios) it will NOT be possible to clean your machine. The only option left at this point would be to actually replace the bios chip; Hardware inside your PC or laptop, but i doubt if you could get a hold of this chip and then solder it onto your motherboard.

You also mention: If I buy a new laptop and try and flash a tainted bios on an ASUS dark knight router, the router actually hangs the new laptop and after the flash is finished, the new laptop is infected at the bios level.

Do NOT use an Asus router, it appears many Asus products are infected when they leave the factory already and attaching a laptop or PC to an Asus router already can infect your laptop or PC on bios level.

When flashing the bios on your laptop or PC, make sure you have NO devices attached, except for the usb stick that contains the new bios.

So when you flash the bios with the easyflash utility make sure no devices (No disk, no routers no network cable etc, are attached to your machine). If you suspect your network card to be infected, disable it before you flash the bios of your laptop.

Ok, assuming you’re able to flash the bios on your laptop now successfully, the next step is to clean your old harddisk. I did this by attaching the old hard disk as a usb device to a clean computer (so NOT your laptop The hardware i used for this is a Digitus IDE/Sata Hard drive usb cable adapter(DA-70200). Do a low level format of this disk or remove all partitions and when you’re done boot that clean PC where you have attached your old disk to, with HIREN boot CD 15.1

On this CD is a program called Parted Magic 6.7 (Linux based rescue environment). Start this program, you should get a desktop with a few icons on it (File manager, System profiler, Keybord layout, Disk health, Monitor settings, Network manager and Partition Editor). If you do not get this desktop, choose Xorg in the menu you will get and this will show you the desktop i just mentioned).

Start Partition Editor and see if there are no partitions (if you removed them all or did a low-level format). In case you already created a new partion on your old hard disk which is now attached as a usb disk, make sure there is no small partion at the end of the disk (usually 1 or 2 MB in size). If there is such a small partition, resize the partition in front of it and add the size of the very small partition at the end to the normal partition. This will get rid of the small partition at the end of the disk.

If this all went well you’re laptop now has a clean bios flashed and your old hard disk has no partitions or at least no small hidden partitions at the end of your disk.

Do not attach any devices yet to your laptop (Also NO network cable!!), but you can put in the empty harddisk again and boot the laptop from a windows install DVD (i used a Vista install DVD). From here on it’s a normal clean windows install

A few more remarks;

* Do NOT install Java, this is the perfect vehicle for virusses to get around.
* Disable client for Microsoft networks on your network card.
* Disable file and printer sharing on your network card.
* Do not install Flash unless you _really_ need it (No one does _really_ need it btw

What i’m about to state now may seem a bit ridiculous but i’m still gonna throw it out here as it is what i see in real life;

The hacking atm is of an unprecedented level, it originates in Russia and many many institutions and companies are hacked.

(Banks, ISP’s here in the Netherlands, Microsoft Windows update, DNS servers etc. They all pay ‘ransom’ to stay up and running and the Russian hackers have set up banks to store the money they receive. I know many of you will laugh at this point and that’s probably the best thing to do as the internet would really have to change to get rid of this (New DNS structures, no more Java, no more scripting and no more flash etc. Also companies like Asus would have to start using a different bios and all this goes way to far to fix the problem overnight …

My suspision is that DNS servers are infected and through injection, websites are infected which in turn infect PC’s and laptops.

I hope you had fun reading this, you can do with it whatever you like and i hope it actually helps you solving your problem.

As for me, i still service my customers, but in many cases it comes down to a clean install now, without Java!!, rather then trying to clean the PC/laptop of virusses. If there is no Java on the freshly installed machine, the customer is 95% Secure.

As antivirus i install Microsoft security essentials. Running a full scan with this scanner is the best there is out there atm in my opinion.

Ok, good luck with fighting this, don’t spend another 1000 hours on it but instead get another laptop (Not an ASUS ofc) that has a different bios than Asus products use.

Greetings

Jaapm

jaapmenist@versatel.nl
http://www.computerjaap.nl

At first i cleaned a customers laptop from virusses and spyware with all the usual progams (combofix, mbam, roguekiller, otl, KAV resue disk, msert, rootrepeal, gmer, aswmbr, tdsskiller, emsisoft kit, etc), but after 2 reboots the virus had infected autochk.exe again.

I finally got a bit desparate and reinstalled Vista through the recovery partition (it’s an asus laptop K50IN series). Guess what, 2 reboots and Combofix reported that autochk.exe was infected again!!
The laptop is in a tightly secured LAN and hacks through a $ADMIN share can be excluded.

Now i got even more desparate ) I ended up deleting all partitions on the disk and did a clean install with my official vista DVD. And again, 2 reboots later the laptop was infected again!
I then repeated this with a brand new harddisk and an install from an official DVD but still the virus came back.

So: Brand new harddisk, official Vista DVD, no usb sticks or whatever in the laptop and still after 2 reboots Combofix reported autochk.exe as infected.

At this point i was left with 2 possible causes; Either Combofix reported a virus incorrectly or the machine was infected through bios. Now i highly trust Combofix and on the other hand a bios virus has last been seen by me back in 1999 (tsjernobyl virus).

So i took out the infected disk, downloaded the latest bios on a clean PC and saved it on a new usb stick. Booted the infected laptop and went into the bios (with F2 key), started the Easy Flash utily from there and flashed the bios. I attached the infected disk as a usb disk to a clean computer and removed all partitions. Next i placed the empty disk into the laptop and reinstalled Vista from DVD.

The laptop has been fully installed now (all updates and software needed) and i’ve again scanned it with all programs mentioned before. And now it’s finally clean and it stays clean, no matter how many reboots

My conclusion is that the laptop was indeed infected with a bios virus, in a very very sophisticated way.

Just wanted to share this with you cause bios virusses are rare and undetectable themselves. if you want more info feel free to e-mail me.

Jaapm

Cheers