Hardware Thread, fake cmos enter code or all data will be erased issue in Technical; Got a Lenovo T400 today, I think the issue is either
1. The MBR on the hard drive
2. The ...
12th April 2011, 09:20 PM #1
fake cmos enter code or all data will be erased issue
Got a Lenovo T400 today, I think the issue is either
1. The MBR on the hard drive
2. The CMOS has been altered
Everytime you boot without the hard drive you don't seem to get the message but as soon as you have the hard drive in you get a message something to the effect of
Important, if you do not enter the correct code all data will be erased / wiped, to get a valid code please send payment to
Most of the text is in yellow / red and I know is fake
Can't get into safe mode or any where near windows so please dont suggest safe mode etc
Tried to boot the laptop using an XP SP 3 disc and it gets to the part where it states to press any key to boot / install xp.....
so I press any key on the keyboard and then the screen goes blank / black, normally it loads the xp setup with a blue background etc but none of this happens.
I got the bios updater from Lenovos website and that booted fine and updated the bios but the virus or whatever it is , still resides in the cmos / bios.
I did do a quick format on the drive in question ( hard drive that is ) but its still the same so I am guessing this did not touch the MBR of said drive.
Any suggestions on how to clear the cmos safely and get rid of this extra code that is malware / trojan / virus ( should not be there )
I will try and clear the MBR through an active disk or by having it attached externally on my machine and getting to the recovery console on my machine and doing it that way and see if that helps
Anything else I can do or try ??
12th April 2011, 09:30 PM #2
Sounds like it maybe a rootkit virus. Could you try using the ultimate boot cd and adding the latest combofix onto the disk and running that? Combofix has saved me formating machines so many times and seems to be great at rootkit removal.
12th April 2011, 09:39 PM #3
You could try boot a Linux live cd and installing it, it would replace the MBR with an alternate boot loader so if that installs and boots then you know it's something malicious that was in your MBR. If you cannot install it then that would suggest something more serious, i.e. somehow it's got into BIOS but I wouldn't have thought that is likely, particularly if you can re-flash it with no problems.
13th April 2011, 03:05 AM #4
It does sound like a hard drive isolated thing, try it with a different drive to make sure. If it still shows up with a different hard drive installed then it may have compromised the firmware, that is a back to factory repair if a BIOS upgrade does not fix it. There are things that can infect the firmware of the keyboard and so even a BIOS upgrade will not cook them but this is unlikely given the lack of error when you boot with no drive.
I would do a low level format of the HD in question and maybe a boot and nuke wipe an see if the problem persists. If it does try booting with the keyboard detached and using a usb keyboard. The other unlikely scenario is that the hard drive firmware has been compromised, if so it may be worth looking for any HD firmware updates that are avalible in order to reflash the HDs firmware.
I have never personally encountered any viruses that have compromised the system that thoroughly but they do exist at least in highly targeted proof of concept attacks.
13th April 2011, 04:11 AM #5
By LeMarchand in forum Hardware
Last Post: 30th December 2013, 12:16 PM
Last Post: 5th April 2011, 09:55 PM
By russdev in forum General Chat
Last Post: 2nd June 2009, 09:54 PM
By ranj in forum Hardware
Last Post: 6th May 2009, 08:51 PM
By sparkeh in forum School ICT Policies
Last Post: 18th June 2008, 01:22 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)