Mysterious "unkillable" computer virus

[Still Waters]

Somewhere in a Russian computer lab lurks a computer virus so deadly, so indestructible that it can spread even when machines are disconnected from Wi-Fi - or power cables.

A researcher and his team have battled the infection for three years - and seen it infect Macs and PCs, and return even once machines have been wiped.

http://uk.news.yahoo...72.html#fvk5OMu

[Taun]

I really don't see how a virus - which is really just a bit of code - can do anything if there is no power to the computer it is in (or going to)...

[kannin]

I really don't see how a virus - which is really just a bit of code - can do anything if there is no power to the computer it is in (or going to)...

i agree with taun, the systems would need to be running for it to do anything, how would it spread with out a net connection? cant be done remotley due to no net connection this sounds extreamly strange to me

[libstaK]

I can see how it would be possible the microphone on our computers would have to store and convert the sounds it receives in some manner - a specific soundwave could read as a specific "code" when received and the code would then be in your PC .... improbable but not impossible.

Having said that, the link has all the makings of a poorly scripted rumour.

Edited November 7, 2013 by libstaK

[George Ford]

Wow, this is not really even news it's just hearsay and rumors and magic apparently.

[Ashotep]

This isn't the first time I have heard about infecting a computer through sound. Doesn't really surprise me, one nation could do lots of damage to another like this or shut down the internet at least for a while.

http://www.cbsnews.com/8301-505124_162-57610391/hacked-from-china-is-your-kettle-spying-on-you/

[kannin]

i believe the sound thing, just think its unlikley

[Merc14]

I had a person's infected laptop I was trying to clean. Now, I clean probably 200 a year and sometimes they need to just be wiped and started over, which is what I did with this machine only to have the "malware" reappear. Tried several different things until eventually I replaced the memory and hard drive with new stuff and installed Windows 8 preview from a clean thumbdrive. Worked for 3-4 minutes and then the "malware" reappeared. I did this again on different and same thing. Note that when scanned nothing showed up as being malware (after initial infection was cleaned) so the only thing I could think of was that the CMOS chip had become corrupted or infected with some unknown malware. I had never seen anything like this and haven't since.

[Frank Merton]

How did the malware manifest itself?

[The Exorcist]

I had a person's infected laptop I was trying to clean. Now, I clean probably 200 a year and sometimes they need to just be wiped and started over, which is what I did with this machine only to have the "malware" reappear. Tried several different things until eventually I replaced the memory and hard drive with new stuff and installed Windows 8 preview from a clean thumbdrive. Worked for 3-4 minutes and then the "malware" reappeared. I did this again on different and same thing. Note that when scanned nothing showed up as being malware (after initial infection was cleaned) so the only thing I could think of was that the CMOS chip had become corrupted or infected with some unknown malware. I had never seen anything like this and haven't since.

That is really incredible. I have over 10 years experience in fixing computers and have heard from friends of friends of this type of thing, but never directly from someone who has come across this type of malware.

[Orcseeker]

The US military has developed or developing means of hacking into wired networks remotely.

Because certain cables release electromagnetic pulses, you can intercept it with special gear. But being remotely, you'd need some pretty high tech and very strong receiver or some sort. (at least that's all I can think about how they could pull something off like that)

Could it be via sound or through such pulses of energy?

Edited November 7, 2013 by Orcseeker

[Orcseeker]

I had a person's infected laptop I was trying to clean. Now, I clean probably 200 a year and sometimes they need to just be wiped and started over, which is what I did with this machine only to have the "malware" reappear. Tried several different things until eventually I replaced the memory and hard drive with new stuff and installed Windows 8 preview from a clean thumbdrive. Worked for 3-4 minutes and then the "malware" reappeared. I did this again on different and same thing. Note that when scanned nothing showed up as being malware (after initial infection was cleaned) so the only thing I could think of was that the CMOS chip had become corrupted or infected with some unknown malware. I had never seen anything like this and haven't since.

Amazing stuff. What did it do?

[Merc14]

That is really incredible. I have over 10 years experience in fixing computers and have heard from friends of friends of this type of thing, but never directly from someone who has come across this type of malware.

I'm torn between malware on the CMOS or a corrupted CMOS. Maybe the various Trojans I removed earlier had corrupted the CMOS in some way?

It manifested itself by opening 100's and 100's of browser windows. They all went to the designated homepage so it wasn't a hijacker per-se and I can see know reason for it other than rendering the machine unusable. I had previously pulled the drive and gotten all of his files off and they showed clear of infection with nothing destroyed.

System was a midrange HP laptop running Windows 7. I told him to send it back to HP and see if they could figure it out but never heard back from the guy.

Edited November 7, 2013 by Merc14

[pallidin]

I have also worked on "persistant infection" computers, even after a HD wipe.

There are several issue here:

1) The HD wipe is done by a poor program, unable to do a "military-grade" wipe.

2) Infected archive-install CD's, DVD's, or external HD's.

3) The motherboard Flash ROM might be infected.

4) The video card's Flash Rom might be infected. (This is very hard to deal with)

5) The router's Flash Rom might be infected. ( a factory default "hard-reset" will correct that, but then one has to put in all the IP info... oh well...)

6) 2-5 can easily re-introduce the virus even after a HD military-grade wipe and reformat.(if 2-5 is not dealt with)

Edited November 7, 2013 by pallidin

[Agent0range]

High pitched frequencies have been used for a very long time in networking. I didn't open the link, but if it is talking about the BadBIOS virus, that is most likely untrue. Only one security specialist has "seen" the virus. Othe rsecurity specialists have been unable to replicate anything he was saying happened, and are beginning to discount it as paranoia.

[Merc14]

I have also worked on "persistant infection" computers, even after a HD wipe.

There are several issue here:

1) The HD wipe is done by a poor program, unable to do a "military-grade" wipe.

Concur, that is why I installed a new Hard Drive when I installed Windows 8 preview from a thumbdrive.

2) Infected archive-install CD's, DVD's, or external HD's.

I used two different thumbdrives to install Windows 8 preview downloaded from MS. Believ me, I tried to eliminate as many variables as possible just for my own knowledge.

3) The motherboard Flash ROM might be infected.

My guess but so freakin' rare! Could the other infections I cleaned have corrupted the CMOS chip?

4) The video card's Flash Rom might be infected. (This is very hard to deal with)

I think it was integrated graphics but this is not something I looked at. Wish I had asked so I could see if the laptop had discrete graphics. Didn't know this one so thanks.

5) The router's Flash Rom might be infected. ( a factory default "hard-reset" will correct that, but then one has to put in all the IP info... oh well...)

Have seen this so installed on a different router at a different place. Same results.

6) 2-5 can easily re-introduce the virus even after a HD military-grade wipe and reformat.(if 2-5 is not dealt with)

Wipes are unreliable at best IMHO unless you run the multiple wipes like you said, which takes forever. I've wiped drives and used software to see the old files. Better to destroy the drive if the info is that sensitive.

[RaptorBites]

Unkillable virus you say?

Nothing that a bit of thermite, sledge hammer work, explosives, and a nice bottle of scotch to test that theory.

[DKO]

Anybody remember Stuxnet from a few years ago?

[JesseCuster]

I had a person's infected laptop I was trying to clean. Now, I clean probably 200 a year and sometimes they need to just be wiped and started over, which is what I did with this machine only to have the "malware" reappear. Tried several different things until eventually I replaced the memory and hard drive with new stuff and installed Windows 8 preview from a clean thumbdrive. Worked for 3-4 minutes and then the "malware" reappeared. I did this again on different and same thing. Note that when scanned nothing showed up as being malware (after initial infection was cleaned) so the only thing I could think of was that the CMOS chip had become corrupted or infected with some unknown malware. I had never seen anything like this and haven't since.

I remember reading about malware that could reprogram the firmware on PCs so that it could either reinstall or redownload itself after a complete wipe and resintall but I can't remember of there was anything to it or just a rumour. It was a few years ago.

[JesseCuster]

Wipes are unreliable at best IMHO unless you run the multiple wipes like you said, which takes forever. I've wiped drives and used software to see the old files. Better to destroy the drive if the info is that sensitive.

Wipes are also unreliable when the cause of malware is the person using the computer who can't be reasoned with.

Not much point in doing a wipe and reinstall when they're going to go back to the old behaviour that got them infected in the first place regardless of what you tell them.

"I know you told me not reinstall Limewire but I can get free music off it!"

"But that Russian pr0n website ad was offering me a free iPad, how was I supposed to refuse an offer like that or know the .exe it downloaded and which I immediately clicked on and installed would cause harm?"

"Well he said he was from Microsoft and that I had a virus and I needed to login into a website and give him control of my PC so he could verify the virus, so I went ahead and gave him my credit card details to buy an anti-virus he could use to fix my problem..."

Edited November 8, 2013 by JesseCuster

[Merc14]

I remember reading about malware that could reprogram the firmware on PCs so that it could either reinstall or redownload itself after a complete wipe and resintall but I can't remember of there was anything to it or just a rumour. It was a few years ago.

I remember that one as well and I there have been some discovered but it seems like it is a very rare thing so I am hesitant to say that is what happened. http://www.webroot.com/blog/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/

Wipes are also unreliable when the cause of malware is the person using the computer who can't be reasoned with.

Not much point in doing a wipe and reinstall when they're going to go back to the old behaviour that got them infected in the first place regardless of what you tell them.

"I know you told me not reinstall Limewire but I can get free music off it!"

"But that Russian pr0n website ad was offering me a free iPad, how was I supposed to refuse an offer like that or know the .exe it downloaded and which I immediately clicked on and installed would cause harm?"

"Well he said he was from Microsoft and that I had a virus and I needed to login into a website and give him control of my PC so he could verify the virus, so I went ahead and gave him my credit card details to buy an anti-virus he could use to fix my problem..."

I agree completely and they are usually the folks that will go for the free security suite which is fine for a normal user but when you are traveling into the jungle you should carry a real gun. I have cleaned the same guys computer three times, costing him a few hundred dollars, yet he won't drop $60 on a year of Kaspersky Internet Security or similar. Teenagers are by far the worst as they go right for the free stuff all the time and download malware by the MB. "My bro said the site was safe." Of course the bro's computer is full of trojans as well.