POST BIOS Virus/Malware Scan

[Krovos]

Hello! I've started contracting out of a computer repair store in my area and ran into a rather unusual issue today.

I had a customer who's laptop, running Windows XP, had discontinued Microsoft Security Essentials, and was running without AV. This being so, he had caught "FBI Money Pak".

I have dealt with this malware script before and is usually resolved with a safe mode boot and a simple run of Malware-Bytes. This time, however, "FBI Money Pak" had disabled the laptop from booting into both "Safe Mode w/ Networking" and "Safe Mode w/ Command Prompt". Long story short, I rigged a work around, was able to run Malware-Bytes, and removed "FBI Money Pak".

Although I was able to remove the program, I was shocked that a program like that could inhibit my operating system from certain modes of booting.

For future planning, in a similar instance where my software rigging doesn't miraculously work, how could I tackle such a situation?

Are there any ways I could run AV's or Malware-Scanners POST BIOS?

Thank you!

 

[voyagerfan99]

They make live CD's of virus scans such as Kasperky's Rescue CD which is pretty effective. Panda and AVG also make similar boot rescue disks.

 

[Krovos]

Excellent, I'll look into it! Thanks Voyager!

 

[Agent Smith]

Check out SARDU. But I think it might have open candy so just make sure you do a custom install. I have never had any problem using it, but when I recommended it to someone they complained. Probably a noob.

This is a one multi boot USB or DVD disk. http://www.sarducd.it/

Keep in mind that very old computers might only have 512 MB of RAM and some scanners may not work

BTW- Hitman Pro has a ransomware remover. I think it's for Cryptolocker. Not sure if it decrypts though. Might be the Kickstart. Been awhile. http://www.surfright.nl/en/downloads/

 

[johnb35]

You can also put the drive in another computer and scan it using malwarebytes and a antivirus program. But I highly recommend running tdsskiller on it while its in another system as it should pick up a rootkit that it is stopping you from booting into safe mode when its in your original system. When you open tdsskiller, click on change parameters and click on check for tdlfs file system then click ok, then click on scan. Tdsskiller will check all mbr's of all attached hard drives attached to your system.

 

[Krovos]

Check out SARDU. But I think it might have open candy so just make sure you do a custom install. I have never had any problem using it, but when I recommended it to someone they complained. Probably a noob.

This is a one multi boot USB or DVD disk. http://www.sarducd.it/

Keep in mind that very old computers might only have 512 MB of RAM and some scanners may not work

BTW- Hitman Pro has a ransomware remover. I think it's for Cryptolocker. Not sure if it decrypts though. Might be the Kickstart. Been awhile. http://www.surfright.nl/en/downloads/

One of the techs at my shop swears by Hitman Pro; I might have to look into it more.

You can also put the drive in another computer and scan it using malwarebytes and a antivirus program. But I highly recommend running tdsskiller on it while its in another system as it should pick up a rootkit that it is stopping you from booting into safe mode when its in your original system. When you open tdsskiller, click on change parameters and click on check for tdlfs file system then click ok, then click on scan. Tdsskiller will check all mbr's of all attached hard drives attached to your system.

As much as I would love to do that, the guys that own the shop discourage me from tampering physically with HDD's unless necessary; they don't want to gamble with drive failure and data loss.

What are your guys opinions about Anvi Rescue Disk?

 

[johnb35]

Not a very good repair shop then. I do it all the time and never lose data. And its kind of hard to run certain progams without being inside windows.

Run a rescue cd such as AVG, bitdefender, Kaspersky, comodo.

 

[voyagerfan99]

Not a very good repair shop then. I do it all the time and never lose data. And its kind of hard to run certain progams without being inside windows.

Run a rescue cd such as AVG, bitdefender, Kaspersky, comodo.

See, if I had issues, I used to pull HDD's and run MalwareBytes on them externally, and then if I removed something, it sometimes wouldn't boot.

 

[johnb35]

I've never had that issue. Its always external scans always has fixed the problem, whether it be a rootkit or serious infection.

If the drive didn't boot beforehand and you scanned externally and still didn't boot then its not because of the external scan. Always run tdsskiller externally as well. It will still detect rootkits on all attached hdd's with mbr's.

 

[Krovos]

Not a very good repair shop then. I do it all the time and never lose data. And its kind of hard to run certain progams without being inside windows.

I wouldn't say that, they are very talented with the services they provide. We work in a very yuppy, upper-middle class, suburban area of Colorado called "Highlands Ranch"; it's essentially the Beverly Hills of Colorado. We get customers, who have a lot of money, that are not hesitant to sue if something were to happen with their data. They [the guys in the shop] have expressed instances of working with poorly conditioned HDD's, where drives have failed and files were lost. Despite the HDD's state of condition, it is not an easy thing to explain to a customer who is already has a lack of patience in this area. They are confident with their levels of expertise in dealing with computers, but prefer to avoid dealing with matters weighed with such extreme consequences.

Run a rescue cd such as AVG, bitdefender, Kaspersky, comodo.

Which one do you prefer over the others?

 

[johnb35]

Don't ever use them lol and i've been doing malware removal now for about 7 years or so on this forum. I also have my own computer repair business and never used it personally. You'll have to try a few to see what you like.

 

[Krovos]

Don't ever use them lol and i've been doing malware removal now for about 7 years or so on this forum. I also have my own computer repair business and never used it personally. You'll have to try a few to see what you like.

Thank you for an honest answer; I'll continue researching.