is it possible to get a virus in the BIOS?

[Harvey]

Originally posted by: powerMarkymark

Originally posted by: minofifa

Originally posted by: ronach
You may have something going on in your [ MBR ] master boot record of your harddisk, with that said, what are you useing for an anti-virus program or other software to protect yourself ?

ya that's it! it said something about that as well. wouldn't a reformat get rid of anything in there though?

Yes

NO! Reformatting would NOT get rid of a corrupted MBR. As gsellis suggested, booting to a floppy with DOS 7 from a Win98 and FDISK on it, and running FDISK /MBR should reset it.

 

[dszd0g]

There is a lot of bad information in this thread along with some good information. I am mainly restating the good information in this thread as a summary with some additions.

Yes, you can get a virus in the BIOS. The BIOS chip can be erased and reprogrammed by a virus. Most modern motherboards have BIOS anti-virus protection, however, a lot of motherboards do not have this turned on by default. You should check your BIOS to see if you have the BIOS protection enabled. When the BIOS protection is enabled and a program attempts to update the BIOS the screen will be replaced by a dialog box asking if it is OK to update the BIOS. Obviously, one would not want to allow a program to update unless one is flashing the BIOS. Some BIOS protection does not use a dialog box and just prevents writing to the BIOS unless one turns off the setting. If you have a BIOS virus you can check if your BIOS has a reset jumper, however, this often just wipes the nvram that stores the BIOS configuration and not the BIOS that may have been programmed with the virus. You can try following the BIOS reset instructions in your motherboard manual. If there is no jumper one can generally just remove the battery for 24 hours to wipe the nvram, but the virus is generally not in the nvram. To get rid of the virus if it is in the EPROM, one needs to reflash the BIOS by following the BIOS update instructions for your motherboard.

You can also get a master boot record virus. A normal format will not clear the master boot record. As mentioned in this thread the easiest way to wipe the MBR is to create a DOS floppy with fdisk on it and run "fdisk /MBR". Make sure to create this floppy on a different computer that does not have a virus otherwise the virus could infect this floppy. A lot of the older BIOS/MBR viruses spread using floppies. As I recall there was one called the monkey virus that was very common for a few months 5-10 years ago.

 

[dszd0g]

There are some older viruses that infect both the MBR and the bios. Getting rid of these viruses is a pain. I believe these are the steps I used:

1) Turn off BIOS protection in the BIOS if you turned it on
2) On a virus free computer create two floppies, one with fdisk and one with the BIOS flash utility and latest
BIOS image
3) Disconnect the hard drive
4) Remove the battery from the motherboard
5) Boot off the BIOS flash floppy, and update the BIOS
6) Put back the battery in the motherboard
7) Turn on BIOS protection
8) Disable booting off the hard drive in the BIOS
9) Plug the hard drive back in and boot off the fdisk floppy
10) Run fdisk /mbr
11) Re-enable boot off the hard drive in the BIOS