[mdlug] BIOS viruses ? Oh my!

[Raymond McLaughlin]

MDLUGers:

I came across this on another list, and thought it extra-ordinary enough
to pass all here. This concludes a thread



> On Thu, 2008-03-06 at 15:36 -0500, Raymond McLaughlin wrote:
>> > john-thomas richards wrote:
>>> > > On Tue, Nov 20, 2007 at 03:18:01PM -0500, john-thomas richards wrote:
>>>> > >> I am helping a friend with his non-profit's computer (he runs an inner-city
>>> > > [snip]
>>> > > 
>>> > > After pouring much time into this, it has been determined that this
>>> > > (and the other two) motherboard has a very special and very specific
>>> > > failure that keeps it from booting a GUI.  (Mad props to Greg F. for
>>> > > all his help.  He is a Very. Smart. Guy.  Thank you!)  So my friend
>>> > > with the non-profit ministry has some nice hardware but no
>>> > > motherboards.  He was recently offered some more computers by another
>>> > > donor so I thought, hey, why not make a nice server out of the
>>> > > hardware?  To cut this short, dual-Pentium III motherboards are a rare
>>> > > find these days (nada on eBay).  Any of you guys have one (I have the
>>> > > processors  :-)  for sale?
>> > 
>> > Please forgive me if you've already "been there and done that", but have
>> > you tried installing Linux on these things? I know you need Windows
>> > eventually, but if you can get a light enough weight Linux up and into
>> > graphical mode, a VMWare Player session could provide you with the
>> > Windows functionality you need. Pentium IIIs are kind of at the low end
>> > of what will run XP in a VM. But, as I said, a light weight (i.e. low
>> > resource demanding) Linux should be able to leave plenty for office work
>> >  in an XP VM. In this case more RAM is really better than a second CPU.
>> > Pentium IIIs start at (I think) 500MHz. I hope you  have at least 750's.
> 
> Just to let everyone know... I have a beaten these machines from nearly
> every way possible.
> 
> The only thing that works is a Linux Distro that DOES NOT change the
> Video Mode... and then only until a reboot and only until it sets
> "console fonts". Only the older installs got to a point of login. but
> eventually DPMS blanking would lock it up.
> 
> For the record, here are the things I did:
>       * updated the BIOS, which brought back most functionality for a
>         while, until a hard lock froze everything up... which turned out
>         to be DPMS screen blanking
>       * Tried an 800MHz PentiumIII Coppermine processor, a 1GHz
>         PentiumIII processor, a 1.13GHz PentiumIII processor
>       * Completely different RAM, motherboard capable of 2 sticks,
>         everywhere from 32MB to 1GB, different speeds
>       * Hard Drives in sizes from 2GB through 120GB, ATA-3 through ATA-6
>       * 4 CD-Drives, 2 DVD drives
>       * Video cards: Matrox AGP and PCI cards, ATI Rage 128 through
>         Radeon 7500, nVidia nv8 through nv27 chipsets, S3 cards, Diamond
>         PCI and others
>       * New NICs: about 15 different 3Com cards, 10 different Intel E100
>         cards, numerous D-Link, many different other chipsets as well.
>       * three different power supplies.
> 
> And here are the things I ran to see what I could find:
> 
>       * KNOPPIX in text mode
>       * LIVE-CDs out the wazoo
>       * 5 different rescue CDs and the myriad of diags they had, any
>         that change the Video mode locked hard.
>       * 7 different Distros of Linux and BSDs and a myrid of versions:
>               * Debian v2.0 through current SID
>               * Redhat V4.0 through v9.0
>               * CentOS v2.1 through v5.1
>               * Turbolinux Only one version...
>               * Slackware Pro(1996) through 11
>               * FreeBSD 3.5, 4.11, 5.5, 6.3 but not 7.
>               * NetBSD 1.4.3, 1.5.3, 1.6.2, 2.1, 3.1
> 
> 
> Now, my feeling here is that these machine when running Windows came
> across a site that was probably compromised and the compromiser had it
> in for any IBM hardware. Created a BIOS hack and got it to load via
> Active-Hex via Infernal Exploiter or Lookout... voila, unfixable
> machine.
> 
> Since these machine were probably in used one after another as they
> failed... all going to the same place, well they all broke the same way.
> 
> Side story:
> I had an experience one time with some serious IBM Servers with a 5
> channel IBM-ServeRAID card in it. IBM replaced the drives, the DASD, the
> cage backplanes the processors the memory, pretty much everything except
> the RAID Controller.
> 
> IBM eventually replaced the whole machine with a newer faster machine.
> Five weeks later they finally got back to me, stating that they finally
> changed out the $7K RAID controller, there was a Firmware Virus in it.
> It was very specific. And the way the thing got on there was when the
> original image of Windows on the machine hadn't been updated and when to
> some type of a spoof "IBM" site (of which there were many at the time)
> and it installed an update using IE v4. something.
> 
> Summary:
> So... I do know that many people have a serious attitude towards IBM. so
> it is possible these Netvistas fall into that category, they were
> work-horses for MANY companies, which ticked many people off. And
> there-in I believe is what happened.
> 
> Now these machine are well made, look decent, are quiet enough and
> easily dealt with. except the motherboard is very specifically borkened.
> 
> Sooo... there you go.
> -- greg at gregfolkert.net PGP key 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0 Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2
> 
> 
> 
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug