[makotech222]

I've been stricken with a very malicious little virus. Symptoms include random keyboard input (even without at keyboard plugged in!) and not being able to boot in safe mode, or able to run a boot disk (windows installer)

I got it a couple nights ago, and managed to put it in remission (somehow?) by opening my computer and taking out my graphics card (in an attempt to take out my cmos battery, i physically couldnt figure out how to remove it though, lol) I booted back up and everything seemed fine for a day then it came back. Im trying to reformat but i cant run a bootdisk at setup and i tryed running it in windows, i tryed to just install windows again over my already installed version, but it has to restart during installation then it will freeze.

My main goal is to reformat my harddrive, is there any way i can do that without majorly damaging it? I already backed up most of my data to my laptop.

 

[D.D.]

The first two methods that come to mind are:

1. Ultimate Boot CD, after making sure that your "startup options" in your bios are set to the CD drive. Actually you can probably do this with any other boot-disc (such as a bootable Linux distro). Afterwards, just navigate your way to the disc format option.

2. Get someone with a non-Windows installation (ie Linux or Mac) to attach the harddrive (directly or through a USB adapter) to their computer and format it

Depending on the method you choose, the format options may vary (ie. fat32 only)

 

[makotech222]

Thanks DD but i dont know anyone with those oses, lol.

I should add, that i cant access the bios, cant do a boot menu, or run in safe mode, a.k.a. anything before windows boots ups. So it really has to be a cmos virus, in which case i have to do a reset. However im not quite sure how, as gigabyte doesnt include a cmos jumper and i really dont know much about cmos. I guess i managed to reset it last time, but most likely i still had the original virus on my HD that reinfected the cmos.

BTW avast and kaspersky both fail at detecting this bugger.

 

[D.D.]

Have you looked in the manual of your motherboard? If you know the model number of your motherboard, you can probably find an online version online if you don't have the physical copy. There maybe instructions that tell you how to revert to a 'back up' cmos (which would be useful provided that the backup cmos isn't infected).

When you're booting up, does everything else appear normal apart from not being invoke the bios through keyboard input?

By the way, what keyboard type are you using ? USB ? PS2? I'm wondering if there are issues on either side of the connection between the keyboard and the computer (ie connector(s) broken, keyboard malfunction).

 

[makotech222]

No i could unplug the keyboard and there will be random input.
I just checked the manufactuer manual and tried to reset the cmos by using a screwdriver to short the jumper thingy but apparently it didnt work. Im leaving my dorm for the weekend so my computer will be unplugged for 2 days, hopefully that will reset the cmos.

Btw i also have my harddrive unplugged and tried booting, but it still messes up, so im sure its the CMOS.

 

[D.D.]

I see. To be honest, I haven't dealt with bios viruses before, but I highly doubt unplugging the PC will help get rid of it (it might reset the date if you pull out the battery as well). Its likely written directly to the NVRAM section of the bios chip's memory and will boot up with the PC.

That said, if the virus is for some reason programmed to be date sensitive, it might give you a chance to flash to a newer, non-infected bios that you can probably download from the manufacturer site. If this does occur, be sure to use a boot CD of non-MS origins to completely format the harddrive (low level format perferred) so you can start from scratch).

You can probably find out what I said above from Google, and probably if you dwelve in more you'll find people with actual experience with Bios-based viruses, but I believe what I said above is a good start.

The reason I asked what kind of keyboard you're using is to eliminate the possibility of you using a PS/2 keyboard and having the pins on the computer side touching each other (perhaps due to someone trying to force the keyboard connection in wrong) and wreaking havok on you. If this is not the case, we can safely close that possibility.

In the worst case though, I think you can probably phone the support section of Gigabyte and ask them to send you a new bios chip. Then you can ask a skilled person (ie. engineering friend or techy) to pull out your old one and replace it with the new one.

Good luck and enjoy your weekend !

 

[Squall-Leonhart]

it not a virus, your mainboard's southbridge is dead/dieing.

 

[makotech222]

Why would you think that, squall?

 

[Squall-Leonhart]

Its not the first time i've seen a mainboard die

 

[makotech222]

And how would i test this theory? I have a slight inclination to believe, as both virus scanners failed to detect it.

 

[Squall-Leonhart]

well you already can't get into the bios and stuff,

first off, if a virus had done in your system, you wouldn't be booting it at all, bios virus's ARE very rare and are usually specific to a certain ventor / bios revision.
Second... it would've replaced the entire boot block with either corrupt code or its own bootable data, so you probably wouldn't even see abilties to boot into a drive.

 

[makotech222]

Can the motherboard cause a constant stream of keyboard input? the first time it got bad, i would start up the computer and the computer would boot to the bios by itself and then it would scroll through menus by itself. If i managed to get past the bios screen, it automatically clicks run windows normally (instead of safe mode) then, if i get into windows, it becomes just random spurts of keyboard input, like opening folders, opening a file like 50 times at once, etc etc.

It seems more of the doing of a virus, just by its symptoms, they seem malicious.

 

[Gossamer]

Why would you think that, squall?

He's used your computer.
He's been in your house.
...in your sheets.

 

[Spyhop]

mako, I have never seen a virus do what you're describing, I don't even know if it's possible. You have a hardware issue.

 

[makotech222]

Okay so how can i test for this? I have a 3 year warranty on this, so ill just send it in if its broken.

It realy does have to be broken now, if i reset the cmos it would have cleaned out the virus, but the symptoms are still there. ill probably send an email to gigabyte tonight or sunday when i get back to my dorm..

 

[Squall-Leonhart]

Okay so how can i test for this? I have a 3 year warranty on this, so ill just send it in if its broken.

It realy does have to be broken now, if i reset the cmos it would have cleaned out the virus, but the symptoms are still there. ill probably send an email to gigabyte tonight or sunday when i get back to my dorm..

If it was a bios virus, clearing the cmos data would not remove it. You would need to flash the bios with a current or newer version, with specific commands to rewrite the entire rom (including the bootblock)

However, a Bios virus has no effect on the workings of windows since XP and Vista override the majority of bios operations.

Its definitely a hardware issue. i would expect if its a ps2 keyboard, that ps2 is on its death bed, if usb your southbridge is borked.

 

[Gossamer]

If it was a bios virus, clearing the cmos data would not remove it.

Indeed; people still think that clearing cmos data effects the bios in some way. It only resets settings; it doesn't effect the actual data the bios is built on.

Your best bet is to try to find a cheap alternative motherboard or use a different computer until you can replace the one you own with either one of equal value or better. Once you do; format the HDD upon startup. Don't try using it beforehand.

Personally, once you get a new HDD; I'd find a Ubuntu live CD; boot into it and then run "Gparted". Since Ubuntu is Linux based it might inhibit the virus from spreading any farther. Running gparted would allow you to format the entire HDD to either unpartitioned or you can wipe it to ntfs for your next Windows install.

 

[tuanming]

This is why people should have at least more than one hard drive or better yet a second computer! The only way to figure out if this is a virus or just a hardware malfunction is either swap the hdd with a functional Windows or format the messed up hdd on the 2nd computer then do a fresh install on the 1st pc.

Yeah, yeah I know im a genius no need fo thanks. =)

 

[Gossamer]

This is why people should have at least more than one hard drive or better yet a second computer! The only way to figure out if this is a virus or just a hardware malfunction is either swap the hdd with a functional Windows or format the messed up hdd on the 2nd computer then do a fresh install on the 1st pc.

Yeah, yeah I know im a genius no need fo thanks. =)

Taking full precaution is the best rout. Virus or not; his bios was effected. In which case his computer is either fried or on the verge.

If you can't pinpoint the cause then pinpoint the problems; then prevent them.

 

[Squall-Leonhart]

i doubt its a virus at all. I've seen this happen with failing cpu's and failing mainboards.