How do you delete BIOS and re-instal clean version?

Anonymous February 7, 2014

How do you delete BIOS and re-install a clean version? Already tried pulling the battery and it didn’t work.

My BIOS was hacked and he/she gets all my keyboard strokes, they already stole my contacts. I had to change my credit cards! So I have to use my wife’s laptop!

I’m running Windows 8.1 and even Microsoft is saying I have to many license numbers used (7). I even explained that I was hacked and had to replace my hard drives! It’s funny, every time I buy another hard drive they hack that and bar me from deleting them!

  1. Jan F
    February 7, 2014 at 11:15 pm

    Honestly, I doubt the virus/trojan is coming from your BIOS.
    1. They are very rare in general.
    2. To actually flash the BIOS from within Windows it needs to first bypass your Windows security like being run as an administrator which UAC should inform you of and your anti-virus (Windows Defender which is built into Win 8.1 or third-party).
    3. It requires the BIOS to actually be write-able from within Windows which isn't always the case.

    Getting rid of it isn't rocket science, but does require some work.
    First of all you should boot your system, enter the BIOS and do enable the flash/write protection so it cannot be infected from within Windows again. Then get the make and model of your motherboard, visit the vendors support page and read about flashing the bios.

    If you are lucky the board has some easy-to-use flash utility built in and all you have to do is copy the BIOS file from the vendors page to a floppy disk or USB flash drive, reboot your system, press a certain key to access the flash utility and follow the instructions.
    If that isn't the case you will have to create a DOS boot disk with the BIOS flash utility suggested by the vendor and the BIOS file. Then boot from this floppy disk (yes, floppy disk) and perform the flash as described by the vendor.

    In my opinion/experience it is more likely the malware is hiding on some burned CD/DVD you are using e.g. to install certain software, an external hard drive, USB memory stick, SD storage card, maybe even on another storage/computer within your network ~ I have seen malware infecting every single network location the system had write-access to.

    So there are already multitude of places you will want to scan with an up to date anti-virus, better even wipe entirely.

    Your system is listed as Mac so that's already a good place to do such a thing as Windows malware usually doesn't effect OS X. However, it is worth noting that most Mac Anti Virus tools do not detect Windows malware. One decent choice to scan everything would be ClamXav which detects both, Win & Mac malware.

    The best suggestion I can give besides of that:
    Only use original CD/DVDs, download and install drivers from the manufacturers homepage, download and install software & tools from the developers page.
    Don't connect and use any external mass storage device until you have an up to date anti-virus installed to scan them, better scan them e.g. using the Mac, or wipe them before connecting.

    All of this may come at some loss of data but then again, if you have to re-install once a week because of an infection you don't have much use for data anyway.

    • Steve
      February 10, 2014 at 7:28 pm

      I'm using my wife's Mac, mine is running windows 8.1 and like I said I purchased 2 new hard drives and I got a clean New Windows disc from microsoft directly. They even suggested it was hiding in my Bios!! I can't tell you how many Antivirus programs I purchased along with Maleware software he/she is still there! I'm on 8th hard drive cause even with the toughest Blasters he/she doesn't want to leave, so what should I just break down and buy another computer all together this has been going on for a year and half?

    • Jan F
      February 10, 2014 at 11:12 pm

      Since the BIOS is executed first thing at boot (even before you get to flash it) the virus could store itself in the buffer and rewrite itself back after the flash.
      If sophisticated enough it could write a backup copy into other parts of the computer, other hardware, like the hard drives boot sector, even firmware or NVRAM of other PCI devices.

      Which might work to a certain point:
      1. disconnect all storage devices from the computer, hard drive, flash drives, ...
      2. Clear CMOS
      * usually done by removing the battery or a jumper on the motherboard and powering on (see manual)
      3. boot the computer and access the BIOS
      4. enable the BIOS flash protection (see manual)
      5. turn the computer off again

      6. download a Live Anti-Virus Rescue Disk e.g.
      7. burn the ISO file to a CD on the Mac
      8. reconnect only the hard drive (and CD/DVD drive if you disconnected it too)
      9. boot from the Live CD and run a full system scan

      If you want to be really safe re-flash the BIOS using the manufacturers instruction in-between the two.

      A lot of work given it's just an assumption based on some tech who hasn't put hands on the system to see whats going on…
      I've seen countless of systems getting effected because people just have to double-click on "some_invoice.pdf.exe", "greetings-card.exe" or "dhl_tracking.exe" even with an up-to-date Anti-Virus.

  2. Bruce E
    February 7, 2014 at 10:42 pm

    Removeing the battery will only clear the BIOS settings, not the BIOS itself. You MIGHT be able to download the correct BIOS version from the manufacturer and flash your system. Depending on how the BIOS was modified, you may not be able to flash the ROM from the system. You may need a dedicated device for it (so the BIOS code is never executed before re-flashing it).

  3. Hovsep A
    February 7, 2014 at 10:16 pm

    if BIOS rootkits hacked your BIOS they can start working since BIOS is the first thing a computer loads up, even if you wiped your hard drive and reinstalled the Windows operating system, the rootkit is still there and able to work...

    How to Find Out If Someone Hacked Your Laptop Using the BIOS