Hmm... old-timers virus infecting MBR heh?
Sure, old-timers solutions may work. But what if inside the virus lies its own BIOS? Ops, that´s useless unless you take over the real BIOS. Lets assume that, the virus now took over the BIOS, and can intercept MBR utilities. But wait.
Is it infecting your flash BIOS on your motheboard, or your hard drive MBR?
Most newers PCs have fail-safe flash BIOS, so overclockers can tinker at will. When the flash BIOS gets thrashed with overclocked settings, the mobo will fail to boot, and will read a READ-ONLY-HARD-CODED-BIOS on a chip that is known to work. Then the flash bios is thrashed, and rewritten with the safe BIOS read from the ROM chip. So I understand that if your flash-BIOS is virus-infected, just overclock your settings so it will thrash the flash-BIOS and load a safe one from the ROM. Not neat, but effective. Unless the virus was specifically written to detect this, he will be vaporized, next time the flash bios is wiped.
When hard-drives get infected, you boot from a CD. You won´t even read the infected drive's mbr. Now you can fire up your MBR utilities and wipe all infected MBRs clean! That´s old school solution, and most people in the area know about it, in particular readers of El Reg. Assuming the BIOS is clean, MBR utilities can kick in.
The only kind of virus that could compromise a motherboard permanently is one that resides in the MBR AND the Flash-BIOS, and not just that, it can notice all the motherboard activity, specifically when it is trying to wipe the flash-BIOS because it believes it's been corrupted, (and über-overclocking will do just that). Thats a kind of knowledge specific to each motherboard, right?
Could a tiny virus block a flash-bios wipe in any model of motherboard? Wouldn´t that require intimate knowledge of every kind of ROM chip and motherboard architecture in the market?
Remember, modern motherboards DO HAVE 2 LOADED BIOS. One resides in the flash memory, and there you get your settings saved. The other is located in a ROM chip and cannot be tampered, its only purpose is to replace the flash bios when it gets overclocked to a non-boot condition. Mine does, I overclocked it, it crapped out, the BIOS was made anew from the ROM chip.
I guess there resides the doubts, if any.
I myself ran into a kind of malware that was pretty nasty. It took the shape of a .DLL and a loaded executable. Should you delete the .dll, it would reappear in anyway (the copy on memory could read its presence). If you removed it from memory, the dll would load it again on the next reset or power down. The solution was to remove it from the memory, and pull it out of mains, literally. You were supposed to pull the plug, no reset button or power down button. The virus could intercept the reset button, and the ATX power supply interrupts involved. If it was a notebook, you would have to yank out the battery while it was on!
Now, if I said anything that looks like utter rubbish, please do speak up, correct me. I would love to understand how can a MBR virus load itself into memory and corrupt the BIOS or otherwise, when the hard drive it resides in isn´t booted, and a CD or clean media is booted instead.
Are we assuming here that the flash-bios can be infected, and the virus can avoid being wiped from there?