Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
My DH is a computer scientist and has a lot of understanding about how PC's work. Many friends bring their infected PC's to him for recovery. He is also consulted about upgrades or new PC or network related purchases.
This past weekend, he was given an infected Dell PC. A Dell 4550 circa late 2002 running Windows XP Home on a 30 GB hard drive.
He removed the drive and attached it to our network, then linked it to a PC used only to evaluate infected drives.
According to DH it was very badly infected. He reviewed the infections, browser history, and a lot of other stuff. This friend is a mother of a young college student who has recently "come out". He is gay, and there is no problem with that. Other than he seems to love visiting very unusual gay porn sites.
Previously he infected his laptop, and while it was bad, DH fixed it (as he has done for many PC's over the years). He warned the individual to be careful about dangerous sites and try to avoid them. DH installed Avast AV, Secunia, made certain everything was up to date, and suggested he use open DNS or install a hosts file to limit access to known dangerous sites.
Instead this brilliant college kid, uses mom's PC to visit his porn sites. The mom in this case had decided her AV didn't notice any virus in over 2 years of use, and thus wasn't necessary. She allowed it to lapse. Son decided to use his mom's PC to visit his dangerous sites as a means to protect his own laptop.
The result was massive infection. Hundreds of trojans, virus, and a bunch of stuff listed as unidentified but picked up by heuristic analysis as potentially a virus.
DH ran Avast, Superantispyware, NIS 2010, AVG and other products against the drive, it was awful and took quite a bit of time.
DH noticed that there were many locked and password protected files, which may indicate this PC was being used as a bot or server by someone outside the home. The drive was virtually completely filled with password protected and locked files that didn't belong to any application installed.
Viewing the browsing history, it was clear that mom shopped online and had done her taxes online. The infection started about 6 weeks before DH got the PC and the credit card sites, online stores and tax services were all accessed within this period.
DH warned mom that she may want a service like Lifelock, and should change all her online passwords, and get new credit cards. Mom thinks that is not warranted. She feels safe.
Now comes the weirdness. DH tried to reinstall the hard drive last night, and the BIOS wouldn't let him in. It wasn't locked, it didn't prompt for any password. It wanted a network connection. DH checked that there was no boot enabled on the network card.
He believes this may be the first hacked BIOS he's ever encountered. While he isn't 100% certain, he says the cost to fully evaluate it would be more than the machine is worth. While he doesn't charge friends for his time, burning a new BIOS to flash and replacing the current BIOS would require equipment he doesn't have. Then to properly analyze the existing BIOS would also take time. Tools to analyze a BIOS for infection seem limited according to DH, and he'd have to disassemble code then review it line by line.
Anyone out there who doesn't run with an AV, doesn't know what a hosts file is on a PC, or enable their firewall, keep up with updates, doesn't have secunia installed, is essentially a time bomb, waiting for the inevitable. In this case DH claims it's the first PC he couldn't salvage from what appears to be a virus.
Yes I've read, although rare, BIOSes can be infected. It sounds as though that computer was worse off than a sailor in the 1920's.
My, less than tech savvy friend, recently divulged to me that he punched the computer to end it's misery. He couldn't re-install Windows; it wouldn't let him.
I don't know if he's into gay porn though.
...
lol
My mom recently had her e-mail hacked at work by a keylogger. I contacted a windows live representative and regained control of her e-mail. The hackers used her name to try to con money out of her contact list (in horrible English). I canceled her account and made her a gmail. Ugh.
It should be a fairly straightforward task to download a copy of the BIOS for that Dell computer and flash it back in.
I'm also curious about the credit card bills.
Last edited by mensaguy; 04-22-2010 at 02:25 PM..
Reason: edit what?
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
