# My recent and ongoing computer hell!



## ADF (Jun 30, 2007)

Idiots, computer illiterate, computer ignorant... whatever you want to call them they are a threat to themselves and everyone around them. I'm not even talking about one of those typical technophobia people either, this guy actually has some decent computer experience.

Today my dad asked me to look at his computer because he *thinks* he has a virus. It has been years since I have seen anything like it; pop up windows everywhere, 80 copies of calculator was open and increasing, the keyboard was constantly typing randomly, every installation attempt prompted corruption, web browsers kept locking up, scrolls bars would stick to the bottom of the screen and I couldn't even access safe mode!

I checked for protection but he had nothing; no firewall, not even a anti virus, he had some spyware program but it appeared to be on the frits. He had literally done next to nothing to protect his computer, he didn't even have windows update turned on! The guy can build a computer and install the operating system but he doesn't know how to protect the damn thing, or does he just not care? As long as it does everything you want it to right?

There was nothing I could do, so I recommended a fresh install of Windows. We, well 'I' put the infected drive aside and inserted a spare one for the installation. The install disk wouldn't boot so I went into the bios to check if boot from CD was selected, I couldn't believe what I saw. The actual bios of the motherboard was infected! Words and numbers were flashing and randomly changing, I shut down the computer quickly because it was changing CPU clock settings! I have never seen anything like it before, the motherboards bios actually had a virus! Logically the next thing I considered was flashing the bios with a stable one, but the motherboard is so freaken old we don't know what model it is.

So now that dated heap of crap is sat in the corner somewhere, may it rot in peace.

But now we have a problem, we have a technician coming around Tuesday to look at our slower than usual Internet connection. How is he supposed to fix anything if he doesn't have anything to work with? So I am in the computer room, typing this, what am I typing this on? MY COMPUTER! That's right my up to date, perfectly stable, looked after and protected computer is hooked up to the monitor, keyboard and all sorts of the old one. 

Every bit of my IT knowledge tells me you cannot get a computer destroying virus from a keyboard... but just being hooked up to the input/output devices of the diseased one has me in a cold sweat. Even if nothing bad happens it is in the computer room of the person who let his computer go to hell, I can protect it in my room but I cannot always be around to keep it safe in here. I have all my security settings on high and password protected the admin account, but you all know how people like this always find a way to screw things up. Either way I have my storage drive unplugged for the time being...

Bah, what is all your opinions on this? I know I am being overprotective but I need some reassurance here, I'm concerned if a motherboard bios can be infected then one of the devices here may be infected...


----------



## yak (Jun 30, 2007)

Dude, get Norton Ghost, seriously. Prefereably the old, DOS versions.

Do all the magic to your PC, then configure all your programs to use "other-then-C:" drive to store their data on and make a copy of the partition.  This way whenever you have a problem, you could simply restore the OS from an image, and because all of the programs were storing data on separate drives, you'll have up-to-date mail databases and such.

As for the 'protection', i never use windows update, don't have neither the anti-virus nor any spyware scanner and manage to live years without any problems. Not that i don't encounter them, no - i just know how to get rid of them.

However *THAT* doesn't apply to both my sister and my mom, who seem to attract every single virus from the internet by simply passing nearby the notebook i left them to use .

[edit]
Oh, and AFAIK the only way the bios can get infected on the modern PC is by leaving "on" the bios-update-from-the-OS option.


----------



## ADF (Jun 30, 2007)

I actually know about Norton Ghost, in fact my dads drive has a Norton Ghost image, it just doesn't do much to help when the motherboard bios is screwed. 

I would actually like to back up my drive to disk but remember I said I disabled the storage drive for safety? There is over 50GB in the download folder alone, a bit much for todays DVD disks. Data I cannot simply replace and the memories attached to them, maybe if HD-DVD or Blueray was the mainstream I could back it up to disk but that is still a while away.

I organized my computer with two drives; the main with the OS and programs, and the secondary with storage and games. It is designed to allow easy recovery and better utilize the dual core processor, a virus scan can occur on the main drive while the gaming drive is uninterrupted. The main drive can fry for all I care as long as the secondary is safe, which is why it is currently disabled. 

Like I said this virus somehow affected the hardware of my dads computer, damaging it on a level that cannot simply be repaired from a drive wipe. I'm just understandably concerned that if this thing can exist on hardware outside of the drive that it could be lingering in the bios of something else like the monitor for instance.


----------



## Janglur (Jun 30, 2007)

Be glad he doesn't use Vista.

You'd be there every other day.


----------



## Kougar (Jun 30, 2007)

Any computer device that features onboard memory retention capability can reasonably be "infected"... While I don't know of any keyboard viruses even the basic keyboard these days comes with a fair bit of circuitry embedded in it for extra features. All a virus needs is storage, and something to read and execute it, just like a floppy disk no? Â Â Viruses that target the mainboards BIOS are not uncommon, infact it is a great way to ensure the computer stays infected long after the user wipes and reformats their drive, or reinstalls their OS.

I'd imagine that his monitor, keyboard, mouse, speakers, and the ilk would all be fine... especially the monitor  Now if he had a printer (Or router)Â Â hooked up to that computer then I would worry a bit, printers can become infected and in turn infect computers they are plugged into, although it is rare. It's far more common to have the printer drivers a user installs exploited though... such as HP not once but twice was found to be distributing printer drivers from their website for their deskjets that were infected with the Funlove virus. Everyone should know about cell phone and mp3 player viruses, there is even a company that exists selling anti-virus software for cell phones even. But back on topic it would be fairly obvious if some peripheral device was infected as you would soon be as well, but you would know how to remove the infection if it does occur and would then have you answer as to if some peripheral was infected or not.

And it's always the people that think they know enough about computers (or say any other topic) that they can cut corners because they think they know what they are doing, when in reality they are often the type to do the most damage. Usually a technophobic person would still know to use and update his anti-virus, while a user with plenty of computer experience would just assume he knows how to avoid getting infected in the first place, and never bother installing a anti-virus or anti-spyware or take the time to ensure they are up to date and working. No offense meant to you Yak, as you obviously fall within the category a step or three above "a user with just plenty of computer experience"!


----------



## ADF (Jun 30, 2007)

For the record Kougar do you know of a method of checking if a printer is infected? I doubt a simple virus scan of the computer would suffice.

I ask because I want to explore all areas, and I actually am rather suspicious of this printer because of past experiences. I recall on a windows installation not too long ago getting a pop up or two after linking to the printer for the first time over the network.


----------



## Kougar (Jul 1, 2007)

No, I don't know and couldn't find of any method of outright checking a printer. It seems that more than a few viruses try to infect anything on the network including printers (such as Bugbear), however most of them like bugbear are unable to actually infect the printer itself. Personally I would simply isolate the computer, plug the printer in, install it and print something. Then scan the system for anything... if it's still clean the printer is fine. 

Considering I couldn't easily find anything on this topic it may bit a more uncommon than I thought, although I did find a PDF on the theory for inserting a virus into one RFID tag that would theoretically infect other RFID tags by somehow affecting the reading scanner or some such... :roll:


----------



## net-cat (Jul 1, 2007)

I work in a computer repair shop. The things people do to their computers...

As for "printer viruses," as Kougar said, it's theoretically possible to infect anything with on-board storage. However, because of the number of different printers and other devices out there, it's impractical for a virus writer to infect these things. There are many different processors and configurations. Plus, they can't outright break the hardware, or it will get thrown away or put in storage. (It's for that reason that I'm kind of surprised you got a BIOS virus, but that's not entirely unheard of.)


----------



## ADF (Jul 1, 2007)

net-cat said:
			
		

> I work in a computer repair shop. The things people do to their computers...
> 
> As for "printer viruses," as Kougar said, it's theoretically possible to infect anything with on-board storage. However, because of the number of different printers and other devices out there, it's impractical for a virus writer to infect these things. There are many different processors and configurations. Plus, they can't outright break the hardware, or it will get thrown away or put in storage. (It's for that reason that I'm kind of surprised you got a BIOS virus, but that's not entirely unheard of.)


I was surprised myself, like I said I have not encountered anything like this before. Normal viruses at least let you operate the computer that is infected, I had no control at all.

Even when the infected drive was removed the computer was still making the random beeping noises I was hearing on desktop. Safe mode refused to load and it refused to detect the fresh drive. It was the most malicious virus I have encountered, the computer was completely taken over.

I fail to see the point in such viruses; I couldn't install anything, I couldn't seek help online, I couldn't even access msconfig because any attempt to type it in run resulted in jibberish. Viruses are designed to steal user data, spam you with adverts (which it did) and zombie computers to spread to others. I see no point in a virus that so violently announces its presence and causes havoc resulting in a immediate user response, it significantly reduces the chance of the virus obtaining anything useful from the user.


----------



## net-cat (Jul 1, 2007)

ADF said:
			
		

> I fail to see the point in such viruses; I couldn't install anything, I couldn't seek help online, I couldn't even access msconfig because any attempt to type it in run resulted in jibberish. Viruses are designed to steal user data, spam you with adverts (which it did) and zombie computers to spread to others. I see no point in a virus that so violently announces its presence and causes havoc resulting in a immediate user response, it significantly reduces the chance of the virus obtaining anything useful from the user.



Yeah, that's how viruses are _now_. Ten years ago, virus tended to be written by individuals explicitly to cause harm to victims so they could brag to their friends about it. Now, the adware/spyware type viruses are more prevalent, but it really doesn't surprise me that the old school virus writers still exist.


----------



## Kougar (Jul 1, 2007)

Exactly what Net-cat said, I couldn't have put it better. 

I don't know of modern day BIOS viruses, but the old ones still do exist and are still floating around the interweb... One of the sub-1ghz PCs I've acquired from a garage sale featured an ASUS motherboard with a special BIOS onboard... The name of the BIOS company escapes me but it features a built in BIOS anti-virus scan to check the BIOS itself at bootup.


----------



## ADF (Jul 1, 2007)

It was a old PC, but I don't think 1ghz CPU old. 

It was running a Athlon XP CPU on a nforce 3.


----------



## ADF (Jul 7, 2007)

HO-LY-HELL

I just scanned one of his drives...

91... 91 freaken viruses!


----------



## Oni (Jul 7, 2007)

Bios Virus? Nasty. Flashing the bios rings a bell here for help. *shrugs*


----------



## ADF (Jul 7, 2007)

I could, but I would have to know the motherboards model. It is a old Nforce 3 running on a athlon XP, that is all we know about it.


----------



## Oni (Jul 7, 2007)

ADF said:
			
		

> I could, but I would have to know the motherboards model. It is a old Nforce 3 running on a athlon XP, that is all we know about it.


Hmm, there must be markings on the motherboard which relate to the manufacturer. Old motherboard manuals can be difficult to aquire. :evil:

btw that is some crazy stuff which was happening to the PC, it sounds like an exorcist episode of tech support. :lol:


----------



## Ron Overdrive (Jul 7, 2007)

Well if you can't get it working I have an old nForce3 mobo sitting in my room unused. If you're interested drop me an IM, maybe we can do a trade or something. Its a Gigabyte K8 Triton.


----------



## Rostam The Grey (Jul 7, 2007)

He's probably one of those people that open every attachment sent by email? I don't have anti-virus software or anything like that because I'm cheap and anything that slows my computer down aggravates me. When I get viruses, I know enough to get rid of them. I check my computers on about a monthly basis (task manager, registry, run adaware, update). And I've got every one in my house so that they wont open attachments to emails without checking with me. I've never had a serious issue following this routine. I don't know anything about motherboard BIOS viruses though? I could see how it would be possible, but I wouldn't think the OS would allow it? But I guess one of the viruses could have did something, esspecially if he's on 98 or 95?


----------



## blueroo (Jul 7, 2007)

The motherboard will have the specific model number and revision printed on it. Check between the PCI slots. That's a common spot.


----------



## Janglur (Jul 7, 2007)

Kougar said:
			
		

> Any computer device that features onboard memory retention capability can reasonably be "infected"... While I don't know of any keyboard viruses even the basic keyboard these days comes with a fair bit of circuitry embedded in it for extra features. All a virus needs is storage, and something to read and execute it, just like a floppy disk no? Â Â Viruses that target the mainboards BIOS are not uncommon, infact it is a great way to ensure the computer stays infected long after the user wipes and reformats their drive, or reinstalls their OS.
> 
> I'd imagine that his monitor, keyboard, mouse, speakers, and the ilk would all be fine... especially the monitor  Now if he had a printer (Or router)Â Â hooked up to that computer then I would worry a bit, printers can become infected and in turn infect computers they are plugged into, although it is rare. It's far more common to have the printer drivers a user installs exploited though... such as HP not once but twice was found to be distributing printer drivers from their website for their deskjets that were infected with the Funlove virus. Everyone should know about cell phone and mp3 player viruses, there is even a company that exists selling anti-virus software for cell phones even. But back on topic it would be fairly obvious if some peripheral device was infected as you would soon be as well, but you would know how to remove the infection if it does occur and would then have you answer as to if some peripheral was infected or not.
> 
> And it's always the people that think they know enough about computers (or say any other topic) that they can cut corners because they think they know what they are doing, when in reality they are often the type to do the most damage. Usually a technophobic person would still know to use and update his anti-virus, while a user with plenty of computer experience would just assume he knows how to avoid getting infected in the first place, and never bother installing a anti-virus or anti-spyware or take the time to ensure they are up to date and working. No offense meant to you Yak, as you obviously fall within the category a step or three above "a user with just plenty of computer experience"!






Actually this is a bit of a myth.  It is /possible/ to imbed a virus in anything with storage retention, but actually doing so is highly unlikely.  Most printers have a 'boot+clear' function, typically just turning them off, which will flush the RAM on them.  As well, this memory is rarely two-way:  In fact, most non-professional printers only use a tiny (less than 2 MB) SRAM cache which is write-only to the system, and read-only to the printer.  [The architecture makes it quite cheap]

BIOS Virii do exist, but they only effect a tiny, tiny handful of motherboards.  The virus must be coded down on a machine-code level to function in such a way, else it will fail.  And, most of the motherboards which this even CAN work on (as the board must support being flashed during operation, else the virus can't get on there unnoticeably) have protective features built in that are defaulted in the CMOS to 'off', disallowing any writing to the BIOS.

It is also possible to write a virus that infects the memory architecture of the CPU itself, several have been written for Intel Pentium4 and Core2Duo CPUs.  However, they're easy to thwart:  Reboot.  A cold reboot will do a hardware-level cache flush, thus eliminating the virus from the memory of the CPU.


The most common ways viruses spread other than via the network are through CD-Rs(1), flash drives(2), floppy disks, and imbedding themselves into .rtf, .doc, .ppt, .adb, .pdf, .psd, and other files.

I am not aware of a successful virus having ever been written even for theory for a printer, scanner, or any other such peripheral not used as a static storage device.  Nor any expansion cards such as a video card, soundcard, etc.

1) (many viruses exist that hijack Nero and other programs and stuff copies of autorun-executing crap on the disk),
2) (you'd be frightened how fast these spread, too.  A recent study had a man infect 54 thumb drives and scatter them on the ground, candy dish of the lobby, trash cans, etc.  All the virus did was report it's status, but it turned out that 27 of the 54 were inserted into a PC. This was a high-profile bank.  If this virus were not a drill, he could have made off with billions, as he had access to user and root accounts all across the network.  It was a nightmare for the institution.)


----------



## ADF (Jul 8, 2007)

Thanks for the offers of advice/assistance all, but this is actually a convenient excuse to get the git to upgrade.

I have actually had a problem with his computer for a while; while it is bad that is had kicked the bucket, it is just the excuse he needs to replace his dated hardware.


----------



## Oni (Jul 8, 2007)

*Shrugs* That does make sense.

Have fun shopping ^.^


----------



## Kougar (Jul 8, 2007)

Great time to be building a new system. 

AMD Athlon64 X2 3600+ Retail kit = $62
Socket AM2 motherboard = $35 on up
1GB kit of DDR2-667Mhz RAM = $35
Ultra 500watt PSU = Free AMIR
Hard Drive 160gb-500gb = $50-100

Just add a case and $30 more to double the RAM.... All the above are new, retail prices, so they can be had even cheaper elsewhere. CPU prices in both camps are getting slashed again on the 22nd too.


----------



## Ron Overdrive (Jul 8, 2007)

Recommend checking newegg.com for parts, they have some good prices and their tech support is top notch from my experience. Only had to RMI something once and they were very quick and friendly about it.


----------



## Kougar (Jul 8, 2007)

AMD is slashing prices this Monday actually. http://www.dailytech.com/article.aspx?newsid=7960

AMD Athlon64 X2 4000+ for $69, the 3600 and 3800 dual-cores are being EOL'd. Even the top end X2 6000+ will only be $169. Until Intel slashes prices the 6000+ will be the best performing chip at that price range.


----------



## Ron Overdrive (Jul 8, 2007)

They're slashing their prices for preparation for their new line of processors that will replace the Athlon series. I forget what the series is called, but it looks like it will be insane. They took advantage of ATI when it came to floating point calculations making their new multi-core CPUs 128-bit with 3 levels of cache.


----------



## Kougar (Jul 10, 2007)

That has absolutely nothing to do with floating point calculations, it's all cache memory.Â Â Any article you care to read on Barcelona/Agena/Kuma will tell you that what people call "K10" is an evolutionary product based on todays K8 Athlon64 chip. Performance should closely match Intel's new Penryn chips, and has good potential to supersede them in server & HPC situations, but the desktop is likely to be another matter altogether. It looks more like AMD just wanted to spoil Intel's long-announced July 22 price slashing, as they will not be selling any new chips for desktop users until around December to late January or so.

The socket AM2 Sempron 3200+ is only $31 now as well, btw...


----------



## net-cat (Jul 10, 2007)

Ron Overdrive said:
			
		

> They took advantage of ATI when it came to floating point calculations making their new multi-core CPUs 128-bit with 3 levels of cache.


That sounds suspiciously like SSE-type instructions that you're referring to...


----------

