Main Area and Open Discussion > Living Room
Possible rootkit attack
bit:
This is all just guesswork, and I only have procedural ability (push this button, insert this disk, etc.), not tech.
This morning, none of my HDs would boot.
The Fix:
Hit del on boot, had to reset CMOS/BIOS device boot priority to DVD first.
(no bogus BIOS popups appeared).
Tried various boot disks......FINALLY tried Lazesoft bootable recovery CD, hit basic 'bootfix'.
Fixed & rebooted from HD successfully.
So I'm back......thinking of running Malwarebytes full scan, maybe Norton full scan, not sure what else.
bit:
That 'weird' BIOS on boot pop-up reappeared, with a failed boot-up.
This time, the Lazesoft boot-fix disk failed to fix it.
This is what the pop-up message said (appearance simulated here with double line brackets):
============================
Message Confirmation
The system intruded, chassis opened or tempered before ,
Please check the system
[OK]
============================
It wanted me to click on the [OK]; I did not click on the [OK].
The 'weird' pop-up was green with black letters, which seems nonstandard.
Normally, legitimate BIOS pop-up mssgs are a different color.
I switched to a clean backup EIDE Maxtor HD and rebooted successfully.
My pc seems to read the CD/DVD disk drive OK on boot, but not from Desktop.
I am preparing to run a new/repeat [EASE US Todo Backup Free 4.0] HD clone backup from the EIDE Maxtor HD to the failed-boot SATA Western Digital HD, but am becoming increasingly skeptical of lasting success.
I will look into replacing the CMOS clock battery, as Shades suggests.
x16wda:
If you google the error message, you'll see a lot if hits (like this). Most of them blame an Asus motherboard and say you can go into the BIOS and disable the chassis intrusion setting, or check the relevant jumper on the motherboard and make sure it is jumped.
bit:
If you google the error message, you'll see a lot if hits (like this). Most of them blame an Asus motherboard and say you can go into the BIOS and disable the chassis intrusion setting, or check the relevant jumper on the motherboard and make sure it is jumped.
-x16wda (September 27, 2015, 06:38 PM)
--- End quote ---
^Checking this out......
Yes, mine is an ASUS A8N-SLI Premium, and it was exactly as you said; I found the case open warning set to 'enabled' in BIOS and disabled it. :Thmbsup:
Also, I swapped in a different disk in the disk drive and now it reads it just fine.
And my other SATA WD HD that had long ago stopped booting after clone backups to it, just booted perfectly. :)
Shades:
Replacing the battery won't help with any rootkit.
It will help with strange time-related issues in Windows and...if your PC acts the same as mine, you won't have to fill in the time/date/whatever other boot preferences you have in your BIOS, each time your computer shuts down because of a power failure (complete power cuts, insufficient power on the three phases, only power on one phase, etc).
Rootkits can hide themselves in hardware (such as BIOS of your motherboard or hard disk). The really nasty ones do not have a problem with that. And in those cases you'd immediately start decommission the affected hardware, for your own sake, as the hardware cannot be trusted at all after it has been infected.
Now, this won't happen that quickly when you don't visit (Russian) bride sites, where you find lots of pictures and/or videos of those brides naked and being "field-tested" in ways that should never leave anyone's imagination or more traditional manners, while they whisper sensually the latest key-codes/serials of the latest software to your...eh screen. ;)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version