[mdlug] BIOS viruses ? Oh my!
Raymond McLaughlin
driveray at ameritech.net
Wed Mar 19 03:14:20 EDT 2008
MDLUGers:
I came across this on another list, and thought it extra-ordinary enough
to pass all here. This concludes a thread
> On Thu, 2008-03-06 at 15:36 -0500, Raymond McLaughlin wrote:
>> > john-thomas richards wrote:
>>> > > On Tue, Nov 20, 2007 at 03:18:01PM -0500, john-thomas richards wrote:
>>>> > >> I am helping a friend with his non-profit's computer (he runs an inner-city
>>> > > [snip]
>>> > >
>>> > > After pouring much time into this, it has been determined that this
>>> > > (and the other two) motherboard has a very special and very specific
>>> > > failure that keeps it from booting a GUI. (Mad props to Greg F. for
>>> > > all his help. He is a Very. Smart. Guy. Thank you!) So my friend
>>> > > with the non-profit ministry has some nice hardware but no
>>> > > motherboards. He was recently offered some more computers by another
>>> > > donor so I thought, hey, why not make a nice server out of the
>>> > > hardware? To cut this short, dual-Pentium III motherboards are a rare
>>> > > find these days (nada on eBay). Any of you guys have one (I have the
>>> > > processors :-) for sale?
>> >
>> > Please forgive me if you've already "been there and done that", but have
>> > you tried installing Linux on these things? I know you need Windows
>> > eventually, but if you can get a light enough weight Linux up and into
>> > graphical mode, a VMWare Player session could provide you with the
>> > Windows functionality you need. Pentium IIIs are kind of at the low end
>> > of what will run XP in a VM. But, as I said, a light weight (i.e. low
>> > resource demanding) Linux should be able to leave plenty for office work
>> > in an XP VM. In this case more RAM is really better than a second CPU.
>> > Pentium IIIs start at (I think) 500MHz. I hope you have at least 750's.
>
> Just to let everyone know... I have a beaten these machines from nearly
> every way possible.
>
> The only thing that works is a Linux Distro that DOES NOT change the
> Video Mode... and then only until a reboot and only until it sets
> "console fonts". Only the older installs got to a point of login. but
> eventually DPMS blanking would lock it up.
>
> For the record, here are the things I did:
> * updated the BIOS, which brought back most functionality for a
> while, until a hard lock froze everything up... which turned out
> to be DPMS screen blanking
> * Tried an 800MHz PentiumIII Coppermine processor, a 1GHz
> PentiumIII processor, a 1.13GHz PentiumIII processor
> * Completely different RAM, motherboard capable of 2 sticks,
> everywhere from 32MB to 1GB, different speeds
> * Hard Drives in sizes from 2GB through 120GB, ATA-3 through ATA-6
> * 4 CD-Drives, 2 DVD drives
> * Video cards: Matrox AGP and PCI cards, ATI Rage 128 through
> Radeon 7500, nVidia nv8 through nv27 chipsets, S3 cards, Diamond
> PCI and others
> * New NICs: about 15 different 3Com cards, 10 different Intel E100
> cards, numerous D-Link, many different other chipsets as well.
> * three different power supplies.
>
> And here are the things I ran to see what I could find:
>
> * KNOPPIX in text mode
> * LIVE-CDs out the wazoo
> * 5 different rescue CDs and the myriad of diags they had, any
> that change the Video mode locked hard.
> * 7 different Distros of Linux and BSDs and a myrid of versions:
> * Debian v2.0 through current SID
> * Redhat V4.0 through v9.0
> * CentOS v2.1 through v5.1
> * Turbolinux Only one version...
> * Slackware Pro(1996) through 11
> * FreeBSD 3.5, 4.11, 5.5, 6.3 but not 7.
> * NetBSD 1.4.3, 1.5.3, 1.6.2, 2.1, 3.1
>
>
> Now, my feeling here is that these machine when running Windows came
> across a site that was probably compromised and the compromiser had it
> in for any IBM hardware. Created a BIOS hack and got it to load via
> Active-Hex via Infernal Exploiter or Lookout... voila, unfixable
> machine.
>
> Since these machine were probably in used one after another as they
> failed... all going to the same place, well they all broke the same way.
>
> Side story:
> I had an experience one time with some serious IBM Servers with a 5
> channel IBM-ServeRAID card in it. IBM replaced the drives, the DASD, the
> cage backplanes the processors the memory, pretty much everything except
> the RAID Controller.
>
> IBM eventually replaced the whole machine with a newer faster machine.
> Five weeks later they finally got back to me, stating that they finally
> changed out the $7K RAID controller, there was a Firmware Virus in it.
> It was very specific. And the way the thing got on there was when the
> original image of Windows on the machine hadn't been updated and when to
> some type of a spoof "IBM" site (of which there were many at the time)
> and it installed an update using IE v4. something.
>
> Summary:
> So... I do know that many people have a serious attitude towards IBM. so
> it is possible these Netvistas fall into that category, they were
> work-horses for MANY companies, which ticked many people off. And
> there-in I believe is what happened.
>
> Now these machine are well made, look decent, are quiet enough and
> easily dealt with. except the motherboard is very specifically borkened.
>
> Sooo... there you go.
> -- greg at gregfolkert.net PGP key 1024D/B524687C 2003-08-05 Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0 Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2
>
>
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
More information about the mdlug
mailing list