01-09-2012 07:55 PM
I have a lenovo G550 and know that my BIOS is infected. I require the original BIOS that came with the laptop (I know the risks about flashing my BIOS). I haven't been able to find anything OEM other than updates, and had a talk with a representative that ended up telling me that my only option was to send the laptop in to be flashed for me - not feasible in my current situation.
Any help would be greatly appreciated.
01-10-2012 01:25 AM - edited 01-10-2012 01:25 AM
Hello,
I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than it is because one has not been released.
As for the infection, can you tell us more about it, such as what your anti-malware software detected it as? Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.
Regards,
Aryeh Goretsky
01-10-2012 03:44 PM
As goretsky requested, please tell us more.
Following that if you or goretsky feels that you need additional assistance, I suggest posting in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the cleanup. Help is free, but you will need to register there. Posting instructions are at the top of the forum. Please include "[Attn: K27]" in the title of your topic.
Deutsche Community
Comunidad en Español
English Community
Русскоязычное Сообщество
Communidade Portugues
I am not employed by Lenovo or Microsoft. I am a volunteer.
SpywareHammer
01-10-2012 10:12 PM - edited 01-10-2012 10:19 PM
goretsky wrote:Hello,
I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than it is because one has not been released.
As for the infection, can you tell us more about it, such as what your anti-malware software detected it as? Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.
Regards,
Aryeh Goretsky
Well I know I'm infected because after formatting (I use ubuntu), I scanned through my kernel logs and found that there were some packets being sent from ring0 to a foreign IP. There happened to be an http server running at the IP and simply sent "lol". I really just want to flash my bios, do a zero-fill and be done with it, but... I guess that's not possible.
As for lenovo making no effort to release my particular bios.. (and throwing lenovo products at me .. out of the box [some popup application running on intervals]).. I don't see myself buying a lenovo again... but I digress.
Are there any suitable tools/resources that I could use to "repair" my BIOS?
01-10-2012 10:21 PM
Bugbatter wrote:As goretsky requested, please tell us more.
Following that if you or goretsky feels that you need additional assistance, I suggest posting in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the cleanup. Help is free, but you will need to register there. Posting instructions are at the top of the forum. Please include "[Attn: K27]" in the title of your topic.
Yes, thank you, I will do that.
01-11-2012 11:44 PM - edited 01-11-2012 11:46 PM
Hello,
I'll let the Ubuntu rootkit experts handle this from here, but a few things I am personally curious about:
It might be useful to dump the BIOS and have that ready to provide the person who will be assisting you. If your notebook has a BIOS by Phoenix than Phoenix's Winflash utility would be what you use, for Award BIOSes, the appropriate Awdflash utility and so forth.
Please come back after you have resolved the issue to let us know how things worked out.
Regards,
Aryeh Goretsky
02-10-2012 11:01 PM
customer424242 wrote:
goretsky wrote:Hello,
I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than it is because one has not been released.
As for the infection, can you tell us more about it, such as what your anti-malware software detected it as? Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.
Regards,
Aryeh Goretsky
Well I know I'm infected because after formatting (I use ubuntu), I scanned through my kernel logs and found that there were some packets being sent from ring0 to a foreign IP. There happened to be an http server running at the IP and simply sent "lol". I really just want to flash my bios, do a zero-fill and be done with it, but... I guess that's not possible.
None of which indicates an infected BIOS. How do you know that your souce media is not infected with a rootkit? It happens.