Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Paper Tape
Posts: 3
Registered: ‎01-09-2012
Location: Canada
Message 1 of 7 (1,069 Views)

Why no BIOS?

I have a lenovo G550 and know that my BIOS is infected. I require the original BIOS that came with the laptop (I know the risks about flashing my BIOS). I haven't been able to find anything OEM other than updates, and had a talk with a representative that ended up telling me that my only option was to send the laptop in to be flashed for me - not feasible in my current situation.

 

Any help would be greatly appreciated.

Posts: 2,526
Topics: 20
Kudos: 436
Solutions: 202
Registered: ‎12-01-2007
Location: US
Message 2 of 7 (1,056 Views)

Re: Why no BIOS?

[ Edited ]

Hello,

 

I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than  it is because one has not been released.

 

As for the infection, can you tell us more about it, such as what your anti-malware software detected it as?  Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)

  Deutsche Community   Comunidad en Español Русскоязычное Сообщество Communidade Portugues
Posts: 1,467
Registered: ‎05-01-2010
Location: US
Message 3 of 7 (1,032 Views)

Re: Why no BIOS?

As goretsky requested, please tell us more.

Following that if you or goretsky feels that you need additional assistance, I suggest posting in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the cleanup. Help is free, but you will need to register there. Posting instructions are at the top of the forum. Please include "[Attn: K27]" in the title of your topic.

 











English    Deutsche     Español     Português     Русскоязычное

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Paper Tape
Posts: 3
Registered: ‎01-09-2012
Location: Canada
Message 4 of 7 (1,009 Views)

Re: Why no BIOS?

[ Edited ]

goretsky wrote:

Hello,

 

I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than  it is because one has not been released.

 

As for the infection, can you tell us more about it, such as what your anti-malware software detected it as?  Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.

 

Regards,

 

Aryeh Goretsky

 


 Well I know I'm infected because after formatting (I use ubuntu), I scanned through my kernel logs and found that there were some packets being sent from ring0 to a foreign IP. There happened to be an http server running at the IP and simply sent "lol". I really just want to flash my bios, do a zero-fill and be done with it, but... I guess that's not possible.

 

As for lenovo making no effort to release my particular bios.. (and throwing lenovo products at me .. out of the box [some popup application running on intervals]).. I don't see myself buying a lenovo again... but I digress.

 

Are there any suitable tools/resources that I could use to "repair" my BIOS?

Paper Tape
Posts: 3
Registered: ‎01-09-2012
Location: Canada
Message 5 of 7 (1,003 Views)

Re: Why no BIOS?


Bugbatter wrote:

As goretsky requested, please tell us more.

Following that if you or goretsky feels that you need additional assistance, I suggest posting in the Malware Removal Forum at SpywareHammer and have the staff trained in malware removal walk you through the cleanup. Help is free, but you will need to register there. Posting instructions are at the top of the forum. Please include "[Attn: K27]" in the title of your topic.

 



Yes, thank you, I will do that.

Posts: 2,526
Topics: 20
Kudos: 436
Solutions: 202
Registered: ‎12-01-2007
Location: US
Message 6 of 7 (959 Views)

Re: Why no BIOS?

[ Edited ]

Hello,

 

I'll let the Ubuntu rootkit experts handle this from here, but a few things I am personally curious about:

 

  1. Was the notebook ever infected with malware prior to installing Ubuntu?
  2. Was the hard disk drive wiped (zero-filled) before Ubuntu was installed?
  3. Did you check the reputation/known activities of the host/IP address the computer was connecting to?  In other words, was it known to be a malicious site (part of a botnet C&Cinfrastructure, drop zone for stolen information, and so forth)?
  4. Did you try running the pcap/logs/other data you collected through DShield or Snort to see if there were any correlations to known attack patterns or payloads?
  5. Have you tried booting the computer from an antivirus vendor's LiveCD to see if that found anything in the boot record or the file system?

It might be useful to dump the BIOS and have that ready to provide the person who will be assisting you.  If your notebook has a BIOS by Phoenix than Phoenix's Winflash utility would be what you use, for Award BIOSes, the appropriate Awdflash utility and so forth.

 

Please come back after you have resolved the issue to let us know how things worked out.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)

  Deutsche Community   Comunidad en Español Русскоязычное Сообщество Communidade Portugues
Broadband 3G
Posts: 999
Registered: ‎01-06-2011
Location: Sacramento, CA
Message 7 of 7 (860 Views)

Re: Why no BIOS?


customer424242 wrote:

goretsky wrote:

Hello,

 

I am not familiar with Lenovo G550 series, but I am guessing that if a BIOS update is not available than  it is because one has not been released.

 

As for the infection, can you tell us more about it, such as what your anti-malware software detected it as?  Perhaps someone can recommend some steps to help you remove it or get some additional assistance in diagnosing the problem.

 

Regards,

 

Aryeh Goretsky

 


 Well I know I'm infected because after formatting (I use ubuntu), I scanned through my kernel logs and found that there were some packets being sent from ring0 to a foreign IP. There happened to be an http server running at the IP and simply sent "lol". I really just want to flash my bios, do a zero-fill and be done with it, but... I guess that's not possible.



None of which indicates an infected BIOS. How do you know that your souce media is not infected with a rootkit? It happens.

Top Kudoed Authors
User Kudos Count
1
1