Hello,

I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than  it is because one has not been released.

As for the infection, can you tell us more about it, such as what your anti-malware software detected it as?  Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.

Regards,

Aryeh Goretsky

---

I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 Yoga • P50 (20EN-*) • S230u (3347-4HU) • T23 (2648-LU7) • T42 (2378-R4U) • T43p (2678-H7U) • T61p (6459-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • X220 (4286-CTO) • X250 (20CM-*) • Yoga 370

 Deutsche Community  Comunidad en Español  Русскоязычное Сообщество  Communidade Portugues

As goretsky requested, please tell us more.

Following that if you or goretsky feels that you need additional assistance, I suggest posting in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the cleanup. Help is free, but you will need to register there. Posting instructions are at the top of the forum. Please include "[Attn: K27]" in the title of your topic.

---

goretsky wrote:

Hello,

 

I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than  it is because one has not been released.

 

As for the infection, can you tell us more about it, such as what your anti-malware software detected it as?  Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.

 

Regards,

 

Aryeh Goretsky

 

---

 Well I know I'm infected because after formatting (I use ubuntu), I scanned through my kernel logs and found that there were some packets being sent from ring0 to a foreign IP. There happened to be an http server running at the IP and simply sent "lol". I really just want to flash my bios, do a zero-fill and be done with it, but... I guess that's not possible.

 

As for lenovo making no effort to release my particular bios.. (and throwing lenovo products at me .. out of the box [some popup application running on intervals]).. I don't see myself buying a lenovo again... but I digress.

 

Are there any suitable tools/resources that I could use to "repair" my BIOS?

---

Bugbatter wrote:

As goretsky requested, please tell us more.

Following that if you or goretsky feels that you need additional assistance, I suggest posting in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the cleanup. Help is free, but you will need to register there. Posting instructions are at the top of the forum. Please include "[Attn: K27]" in the title of your topic.

 

---

Yes, thank you, I will do that.

Hello,

I'll let the Ubuntu rootkit experts handle this from here, but a few things I am personally curious about:

1. Was the notebook ever infected with malware prior to installing Ubuntu?
2. Was the hard disk drive wiped (zero-filled) before Ubuntu was installed?
3. Did you check the reputation/known activities of the host/IP address the computer was connecting to?  In other words, was it known to be a malicious site (part of a botnet C&Cinfrastructure, drop zone for stolen information, and so forth)?
4. Did you try running the pcap/logs/other data you collected through DShield or Snort to see if there were any correlations to known attack patterns or payloads?
5. Have you tried booting the computer from an antivirus vendor's LiveCD to see if that found anything in the boot record or the file system?

It might be useful to dump the BIOS and have that ready to provide the person who will be assisting you.  If your notebook has a BIOS by Phoenix than Phoenix's Winflash utility would be what you use, for Award BIOSes, the appropriate Awdflash utility and so forth.

Please come back after you have resolved the issue to let us know how things worked out.

Regards,

Aryeh Goretsky

---

I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 Yoga • P50 (20EN-*) • S230u (3347-4HU) • T23 (2648-LU7) • T42 (2378-R4U) • T43p (2678-H7U) • T61p (6459-CTO) • W510 (4318-CTO) • W530 (2441-4R3) • W530 (2441-4R3) • X100e (3508-CTO) • X120e (0596-CTO) • X220 (4286-CTO) • X250 (20CM-*) • Yoga 370

 Deutsche Community  Comunidad en Español  Русскоязычное Сообщество  Communidade Portugues

---

customer424242 wrote:

---

goretsky wrote:

Hello,

 

I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than  it is because one has not been released.

 

As for the infection, can you tell us more about it, such as what your anti-malware software detected it as?  Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.

 

Regards,

 

Aryeh Goretsky

 

---

 Well I know I'm infected because after formatting (I use ubuntu), I scanned through my kernel logs and found that there were some packets being sent from ring0 to a foreign IP. There happened to be an http server running at the IP and simply sent "lol". I really just want to flash my bios, do a zero-fill and be done with it, but... I guess that's not possible.

---

None of which indicates an infected BIOS. How do you know that your souce media is not infected with a rootkit? It happens.