Strange malware

Please forgive me for stepping outside of this forum’s boundaries.

A friend just called me about a strange result he got from a client’s non-booting hard drive. Connecting only that drive to one of his desktops he tried booting what is supposed to be a Windows system. It did not boot. When he replaced the drive with one of his own, the machine would not boot, but repeatedly turned on and off (the power). Suspecting that his motherboard may have failed at that point he switched to another desktop repeated the process and got exactly the same result. He reset his BIOS…no change. He now has two non functioning desktops and called me in a panic for assistance.

If anyone has heard of such a problem please let me know. It’s beyond my comprehension.

The problem drive is an SSD, so power supply failure (twice) is not a likely cause as power consumption is low.

Hi
Not if the drive has a short across the 5v or 12v power rails feeding the hard drives… needs to check the power connector voltages. All depends on how the power supply is configured as may be getting enough for the motherboard(s).

Understood, but even when the drive is removed? You mean it damaged two power supplies?

By the way, many thanks for the speedy response and suggestion.

Hi
Yes, just the part that powers the drives… get out a multimeter and check…

My friend reports that both desktops have recovered with the following message…

“The Main BIOS is corrupted. The system will be recovered from the Backup BIOS. Please DO NOT turn off power or reset the system. This may take a few minutes. Updating the Main BIOS…14%”

It’s all strange to me having only old equipment. Thanks again.

Were there thunder storms in the area?

  • Was there a lightning strike near the premises?
  • Does the system have surge protection on the 110 V / 230 V power sockets supplying the system?

If the system doesn’t have a fast DSL network connection, consider also fitting surge protection to the network connection to the Internet Service Provider (ISP).
[HR][/HR]If the area is often affected by thunder storms, consider installing surge protection rated at 20 000 A (yes, twenty thousand ampere).

No lightning. Good surge protection.

My guess is that your friend just really doesn’t know what his system was doing and somehow initiated a BIOS Flash upgrade… which was interrupted.
Of course, a system’s BIOS upgrade should never be interrupted.
On bootup, the system probably recognized an incomplete flash upgrade (ie “corrupted”)

I don’t know that a backup BIOS normally exists, but when in the middle of a flash upgrade today’s utilities normally create a backup of the existing BIOS in case the flash fails so the system isn’t bricked.

So,
I highly recommend that your friend look again into any updates from the motherboard’s (or system) manufacturer, and if a BIOS upgrade is available to do the backup again… This time don’t interrupt the flash upgrade which will involve at least one reboot.

TSU

What I’ve noticed with the BIOS/UEFI on a new Mainboard is, that the updates can be initiated via the network – the BIOS/UEFI is capable of activating a network connection without any Operating System being loaded.

  • And, the BIOS/UEFI can be setup to always, at boot time, activate the network connection, check for a new BIOS/UEFI and, install the newest version, automatically …

That’s exactly the conclusion my friend came to. He returned the drive to his client and suggested a professional (expensive) data recovery service in the U.S., reminding him that simple backups are much cheaper.

Thank you for the follow-up and confirmation.

You’re welcome – thank goodness that, I decided to purchase some new hardware – my previous desktop had “Windows 7 ready” on the Mainboard …

I’d never heard of a machine which would update the BIOS outside of a running OS…
So, I did a quick Internet search for such a thing, but was unable to find anything (caould just be a comment on my Internet search skills)

What I found was…

On a Windows machine, either Windows Update or manually running a firmware flash utility is required.
On a Linux machine, you’ll still need to manually run a firmware flash utility.

Nowhere except Windows Update did I find any kind of automated BIOS upgrade,
And even from what I’ve seen on Windows machines, you have to

  • Enable 3rd party updates (not default)
  • At least from what I’ve seen but may not always be the case, I saw a special warning about this update… After all even more importantly compared to other dates you shouldn’t interrupt the update, especially by cutting the power.

If there is any hint of an automatic BIOS update for any machine running any OS, would be curious to see it.
By “automatic update” I meant that the update is not expressly invoked by the User, and is possibly slipped in with other updates without special warning to the User.

Reason why I’m curious about this is because such a thing exists, then it becomes something on my list of things to watch for which could cause unexpected prolems.

TIA,
TSU

Hi
Your aware of fwupd? LVFS: Users a lot of the newer systems are using this…

Several ASUS mainboards have been able to update the BIOS via BIOS alone since the days of “Windows 7 ready” …

  • ASUS EZ Flash 3 …