Bios virus scan?

[PacMan]

SYS SPEC:
AMD XP 1800
ASUS A7V333 w/ onboard sound (C-Media 8738)
256 DDR pc2100 ram
Nvidia g4 ti4600
E-Mu asp E-Card PCI sound card
Agere Systems PCI Soft Modem 56 V.92 V.44
C: 80 gig WD 7200 HD
D: 40 gig Maxtor 5500 HD
Lite-on DVD
Windows XP SP1

Hi, I recently discovered I had 3 Trojan viruses but they were in my D drive in system recovery and D:\Recycled. I anti-virus (Micro Trend) found them and I deleted them. Then I ran an online scan as well and I was clean. My concern now is if I might have a bois virus? Sometimes, I get error message from my Mobo saying something about cpu overclocking (I have the speech error report and when this error happens, I only catch the end of the speech telling me about “CPU over clocking: ).

Can you suggest any virus scan for the motherboard bios?

Thank you.

[techs]

There are two kinds of viruses the Trend antivirus protects against. It is important to note we are now talking about the trend antivirus that you installed in Windows.The first is the type of bios that modifies the Boot sector on the hard drive. It sounds like that is what you had and eliminated. It is still possible that a virus has modified your hard drive boot sector because once it got through and changed it your system now recognizes the changed boot sector as the "true boot sector". If you post your operating system I will give you directions to restore your master boot record just to be sure. The second type of virus which is the one you are asking about I have never personally encountered. From everything I have heard they permanently destroy your bios instead of modifying it and stop your bios from working. I have never heard of bios virus scan. Since there are so many versions of bios's I don't think there are any.
Most bios's contain another type of Trend antivirus specifically designed to protect your bios and boot sector. This program is built into the bios itself and is turned on or off in the bios. This program protects the bios by not letting it be modified except by an actual bios update from the manufacturer. It doesn't work like a Windows antivirus in that you have to run a scan. It is either turned on or off and is only concerned with whether some software is trying to modify the bios. Newer versions will protect the boot record on your had drive and only warn you if the boot sector is about to be modified and gives you a yes or no option. It doesn't know if it has encountered a "virus" just that the boot record is about to be modified.
I think it is possible your bios settings may be too aggressive and that is why your computer is warning you about overclocking. Have you added new hardware? Memory? Try setting your bios settings less agressively such as your memory from manual to SPD or from SPD to manual and choose slower settings. You may have to hunt around awhile but I strongly believe you just need to change your bios settings to stop the overclocking warning. As a last resort you can "flash" your bios. This replaces the current bios program with a newer version (or an older one). This would be the substitute for virus scanning your bios. It would just erase the current bios and replace it with one you know to be good. Since flashing your bios can render it useless if done wrong (or if you try to do it with an infected bios file) I think just modifying your bios till you stop getting the overclocking warnings and making sure your computer hard drive is virus free is the way to go.

[PacMan]

Thanks for the response techs. My OS is Windows XP professional, service pack 1.

I have updated my bois through automatic update from Asus. Yeah, I didn’t know much about Bios virus but have heard of them. So I got a little scared. I’ll try the memory recommendation you suggested. That error happens once in awhile, so when it does happen, I’m thinking it is starting up normally and don’t usually pay attention to the error message until the last words.

Please, if you can, give me the directions on restoring the master boot records. Again, the operating system in Windows XP professional, with Service Pack 1 installed.

I have one more quick question. I have office XP installed and when I open WORD or a saved .doc file, it really takes 30 secs to a minute to open. Do you know if this is a setting issue, or is trend scanning the file before it opens or do I have some virus issue? Any Ideas?

Thank you for your time.

[NooNoo]

Originally posted by PacMan

Please, if you can, give me the directions on restoring the master boot records. Again, the operating system in Windows XP professional, with Service Pack 1 installed.

Get your XP cd, boot from it, and go to the recovery console. Once there, type fixmbr and hit enter. You will get a warning about this procedure can prevent you from accessing your data. It is a small risk in most cases, but you have had a virus, the risk is much greater, so back up first!! Having run fixmbr, then type fixboot and press enter. When that's done, reboot to normal mode.

Originally posted by PacMan

I have one more quick question. I have office XP installed and when I open WORD or a saved .doc file, it really takes 30 secs to a minute to open. Do you know if this is a setting issue, or is trend scanning the file before it opens or do I have some virus issue? Any Ideas?

Thank you for your time.

Most likely a setting. Go to my computer, tools, folder options, view, uncheck automatically check for network files and printers. Other thing to try is, with word closed, delete normal.dot from the templates and empty the recycle bin. Start word again it will recreate a clean copy of normal.dot.

Check that the setting in folder options doesn't get put back by that every helpful system restore!

[PacMan]

Thanks NooNoo,

The WORD advice worked like a charm. I have about 4 gigs of stuff I need to back up so I didn’t run the fixmbr. I’ll go out and get some cd-rws.

The viruses were in my D drive. I run a scan once every week. So it would seem I was infected recently. Don’t viruses spread only if I execute them? I mean if they are in the boot sector and I boot my OS, they will spread, but they were only found in my D drive and not executed? Just curious about that. But I will fixmbr asap.

Thanks again for the advice.

[NooNoo]

Originally posted by PacMan
Thanks NooNoo,

The WORD advice worked like a charm. I have about 4 gigs of stuff I need to back up so I didn’t run the fixmbr. I’ll go out and get some cd-rws.

The viruses were in my D drive. I run a scan once every week. So it would seem I was infected recently. Don’t viruses spread only if I execute them? I mean if they are in the boot sector and I boot my OS, they will spread, but they were only found in my D drive and not executed? Just curious about that. But I will fixmbr asap.

Thanks again for the advice.

once a week? do you have a background scan going as well? if not, once a week is somewhat lax.

Viruses can do anything they damn well please given the opportunity... hence the need for all those security and critical updates from microsoft. Define execute... if you have the preview pain open on your email - that is enough to execute some viruses. Others such as the famous nimda - you only have to be online and not have the correct ms security with IIS running and blam!

[confus-ed]

The second type of virus which is the one you are asking about I have never personally encountered. From everything I have heard they permanently destroy your bios instead of modifying it and stop your bios from working. I have never heard of bios virus scan. Since there are so many versions of bios's I don't think there are any.

Most bios's contain another type of Trend antivirus specifically designed to protect your bios and boot sector. This program is built into the bios itself and is turned on or off in the bios. This program protects the bios by not letting it be modified except by an actual bios update from the manufacturer.

Mmmm all these descriptions got a bit confus-ed with each other ....

There are many viruses e.g. bootsector viruses, memory resident vruses, & Bios viruses .... all with different 'methods' in their evil plans ! some of them are very clever & are written to 'get' specific things....

BUT I never heard of any software to stop bios virus infection, it's done with a jumper or switch - the whole idea is to stop Bios 'writes' being done programatically - you can't program a jumper being open or closed ... you need to do it physically, any protection which allows this to be done by software is shooting itself in the foot !

Boot sector protection (found in anti-vrus software & bioses) is another thing, it picks up any attempt to write to the mbr & hopefully stops it (software based), but like all programs it can be turned off by the virus itself if its smart enough....

As for your cpu warnings ... its a damn clever vrus that 'overclocks' for you ! Can we all have one ? - methinks Techs got that right, your machine settings in bios are too 'aggressive' reload 'system' defaults .....

If you are convinced you do have a bios virus, then re-flash the motherboards bios, though strictly speaking you ought to use the 'Hot Flash' technique (of Ruslan fame) to completely irradicate any possibility of spreading ....

Techs is right again bios viruses are exceptionally rare ...