Re: Bad CMOS?

Discussion in 'Intel' started by Rez, Aug 1, 2005.

  1. Rez

    Rez Guest

    In article <-hwp.com>, Haines Brown <> wrote:
    >Without doing anything with hardware, the last time I booted, instead
    >of the MBR being executed, I got garbage.

    <snippola>

    I don't know if CIH virus would produce the exact symptoms you're
    experiencing, but I do know it can trash the CMOS and make it spit
    gibberish and/or refuse to boot. Worth checking for, anyway.

    Also, I'd be suspicious of an old-fashioned boot-sector virus.

    ~REZ~
    Rez, Aug 1, 2005
    #1
    1. Advertising

  2. Rez

    Rez Guest

    In article <-hwp.com>, Haines Brown <> wrote:
    > (Rez) writes:
    >
    >> In article <-hwp.com>, Haines Brown
    >> <> wrote:


    A long time ago... it's my monthly foray into newsgroups. (ELN has
    LONG retention on text ngs.)

    >> >Without doing anything with hardware, the last time I booted, instead
    >> >of the MBR being executed, I got garbage.

    >> <snippola>
    >> I don't know if CIH virus would produce the exact symptoms you're
    >> experiencing, but I do know it can trash the CMOS and make it spit
    >> gibberish and/or refuse to boot. Worth checking for, anyway.
    >> Also, I'd be suspicious of an old-fashioned boot-sector virus.

    >I want to thank you for the alert. A virus didn't occur to me (besides


    Welcome. As an old DOS-head, viruses come into my mind easily.

    Hmm. Maybe I should rephrase that. :)

    >running only debian, it is with ClamAV, I also have possible ROM
    >problems on my video card and SCSI cards, which apparently can be
    >symptoms of CIH, and it might explain why all three SCSI hard disk
    >sectors might be corrupted at the same time. No problems with


    <blink> A friend recently lost a crapload of files when the server
    "went berserk and started randomly deleting files" (this was on a
    linux box). A bad RAID controller can do that. I wonder if a SCSI
    controller that's going bad could exhibit similar behaviour??

    I'm also reminded of what happens when a failing HD blows off parts of
    the partition table: If you view the disk with a hex editor, you see
    gibberish -- instead of file and directory names, you get the raw data
    itself being displayed. A similar mess happens when a FAT16 disk util
    gets used on a FAT32 disk.

    And .. linux, eh? linux FDISK (I don't know what versions) has a known
    bug that writes an invalid byte in an unused sector, which on a
    DOS-Win/Linux multiboot, will eventually nuke the DOS-Win side of the
    system. I know several people who've been bitten by that, which is why
    I no longer let any system multiboot outside its species. Anyway, I'm
    wondering if under some conditions, whether this bug could cause
    filesystem FUBARing on a straight linux box as well. Buggy hardware
    can make the difference there (frex, the "47 day rollover bug" in
    Win9x seems to require a timer bug on the motherboard, as many systems
    do NOT exhibit it!)

    >partition table or disappearing files, although those symptoms may be
    >only for Windows systems. Flashing my BIOS may have cleaned it, but if
    >other ROMs or boot sectors are affected, it would not be a fix.


    If the BIOS was infected, yeah, that should have fixed it. But not
    other ROMs. I've heard of one that infects video ROMs, so I'm sure any
    flashable ROM could be hit, unless it's protected by having to change
    a jumper first, or the like.

    >Your note led me to check my ClamAV logs, and sure enough, I found in
    >the last week reports of worms (Lebrea.A, SomeFool.P, Mytob.V and
    >Gibe.F) and an exploit: Exploit.HTML.IFrame. I presume that if I had
    >CIH or a boot-sector virus, ClamAV would tell me about them as well.


    One would hope so, tho it is becoming common now to simplify or even
    eliminate reports re "obsolete" viruses, since these old BSVs and file
    infectors are no longer the happening thing in the virus world. No
    idea how anal ClamAV is about logging stuff. (IMO the more anal the
    better :)

    >Some obvious questions: a) Does the ClavAV reports mean that my
    >machine operation is likely affected, or merely that the worms are
    >resident (possibly dormant and harmless in the debian environment)? b)


    Don't know. I use the DOS version of FProt in DOS and Win32 myself
    (just downloaded ClamAV, but haven't installed it yet). However, I
    *do* know that UNIX/DOS cross-platform viruses exist, which are boot
    sector infectors. But they are *very* rarely seen in the wild.

    >What do I do about them? c) Most importantly, what worries me is that


    If nothing executes it, the worst a virus does is waste a little disk
    space. The AV app should still report them, but just being present as
    a file is harmless. Now, if it found them in memory, that's another
    story as it would indicate an active infection. And then you'd have
    something to worry about!

    >I'm doing a cross install to a new hard disk, and wonder if an
    >infection could migrate to it just by setting up a basic debian system
    >(no migration of files). The target disk has no communications of its
    >own with the wider world yet.


    See above. If a virus is running or in the boot sector, bad. If it's
    just sitting there on the HD foolishly wasting space, no problem.

    I haven't done enough with linux to have any other thoughts, and have
    no idea about other disk migration issues. That virus must have got to
    my brain and turned everything to zero-byte files. :)

    ~REZ~
    Rez, Sep 3, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. owyn
    Replies:
    4
    Views:
    612
  2. Marcus

    A8V CMOS Checksum Bad

    Marcus, Dec 30, 2004, in forum: Asus
    Replies:
    3
    Views:
    615
    Larry
    Jan 1, 2005
  3. cen04543
    Replies:
    4
    Views:
    1,269
    stacat69
    Feb 20, 2006
  4. Peter van der Goes
    Replies:
    1
    Views:
    983
  5. Chris H.
    Replies:
    10
    Views:
    388
    Avner Ben
    Sep 10, 2004
Loading...

Share This Page