Mebromi BIOS Virus Out in the Wild

I have just recently been a victim of this very sophisticated virus.. People there are ways to prevent this from destroying your BIOS chip, just wish i was aware of what was happening as it was. First symptom you will notice while you still have some control over your computer will be your administrative options being taken away. Such as simply changing your password on your admin account. Once this becomes aware to you, if you are not very computer savvy, shut your computer down, make sure there is no internet access to it and seek help.. Because once it makes its way into your BIOS. Consider your * * ..

Yes, this is indeed the latest threat. Came across one recently and finally solved it;

At first i cleaned a customers laptop from virusses and spyware with all the usual progams (combofix, mbam, roguekiller, otl, KAV resue disk, msert, rootrepeal, gmer, aswmbr, tdsskiller, emsisoft kit, etc), but after 2 reboots the virus had infected autochk.exe again.

I finally got a bit desparate :) and reinstalled Vista through the recovery partition (it's an asus laptop K50IN series). Guess what, 2 reboots and Combofix reported that autochk.exe was infected again!!
The laptop is in a tightly secured LAN and hacks through a $ADMIN share can be excluded.

Now i got even more desparate :)) I ended up deleting all partitions on the disk and did a clean install with my official vista DVD. And again, 2 reboots later the laptop was infected again!
I then repeated this with a brand new harddisk and an install from an official DVD but still the virus came back.

So: Brand new harddisk, official Vista DVD, no usb sticks or whatever in the laptop and still after 2 reboots Combofix reported autochk.exe as infected.

At this point i was left with 2 possible causes; Either Combofix reported a virus incorrectly or the machine was infected through bios. Now i highly trust Combofix and on the other hand a bios virus has last been seen by me back in 1999 (tsjernobyl virus).

So i took out the infected disk, downloaded the latest bios on a clean PC and saved it on a new usb stick. Booted the infected laptop and went into the bios (with F2 key), started the Easy Flash utily from there and flashed the bios. I attached the infected disk as a usb disk to a clean computer and removed all partitions. Next i placed the empty disk into the laptop and reinstalled Vista from DVD.

The laptop has been fully installed now (all updates and software needed) and i've again scanned it with all programs mentioned before. And now it's finally clean and it stays clean, no matter how many reboots :)

My conclusion is that the laptop was indeed infected with a bios virus, in a very very sophisticated way.

Just wanted to share this with you :) cause bios virusses are rare and undetectable themselves. if you want more info feel free to e-mail me.

Jaapm

Thanks for sharing your experience. I'm sure it will be of great help to many users who have to deal with the virus.

"The virus called Mebromi seems to be focused towards Chinese users, especially AMI BIOS" doesn't the virus only target award bios ?

Thanks for pointing that out. It has been corrected.