Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: miliantnutcase

Yes, I did that on one of the Dell Optiplex 755 computers which was compromised again after performing a typical high level format and reinstallation of MS Windows XP. This was the system where the FBI Ransomware disabled access to the AMI BIOS setup. Naturally, it is suspected the malware has hidden in an area of the hard drive which requires a low level format and other special nati-malware disinfection, or the malware has hidden itself in the BIOS firmware.

My or our current bet in this instance is an infection of the BIOS firmware. We’re going to attempt to remove the system board battery to power down the firmware to see if that clears any malware infection in that hiding place. That is a future to do project...not something I can afford to spend time on at present.


115 posted on 12/29/2013 7:55:25 AM PST by WhiskeyX ( provides a system for registering complaints about unfair broadcasters and the ability to request a)
[ Post Reply | Private Reply | To 110 | View Replies ]

To: WhiskeyX

Have you attempted a reflash of the bios?


118 posted on 12/29/2013 8:00:23 AM PST by miliantnutcase
[ Post Reply | Private Reply | To 115 | View Replies ]
To: WhiskeyX
...I did that on one of the Dell Optiplex 755 computers which was compromised again after performing a typical high level format and reinstallation of MS Windows XP. This was the system where the FBI Ransomware disabled access to the AMI BIOS setup. Naturally, it is suspected the malware has hidden in an area of the hard drive...

If it is in the boot sector of the drive, I would set up the optical drive to be the first in the bootup sequence if it is not already, then boot from a live disk with rescue tools (I use System Rescue CD) and look at the system that way. GnuParted (gparted) can examine the hard drive and give you a graphical display of its useage. I have not run into that particular problem you describe, but on one or two refurbished drives that I was repartitioning to run Linux on, I did notice a partition that was labeled "unused" or "unknown". Been awhile so not certain which one exactly. Used GnuParted to delete all partitions, then reformatted the drive as all hpfs, then again as ext2, then deleted all partitions entirely and booted from a prestamped 'doze install cd and had it do a hard format and clean install. THEN repartitioned again, installed Linux, and immediately created image files using Partimage from the SRCD. Worked quite well.

If you can not get into the BIOS for some reason, disconnect all drives except the optical disc, and that way the system has no choice but to boot from it. Optionally, you can boot from a USB device instead and take it from there, simply remember to reformat the hard drive from an external USB case first before reinstalling it in the machine.

Worst comes to worst, and the BIOS chip itself is corrupted (hard to imagine, actually, considering how difficult it is to reprogram the things to begin with) there are companies available that will sell you a replacement chip for situations such as this.

126 posted on 12/29/2013 9:59:39 AM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the mooslimbs trying to kill them-)
[ Post Reply | Private Reply | To 115 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson