[OPLINTECH] Potential Computer Vandalism

Wed Nov 20 10:49:31 EST 2013

We had a BIOS virus here a few years ago.  It rendered the system useless.
 Well, unless you LIKE pop-ups and such.  I was told by a few virus
scanning companies that BIOS viruses are so rare that they are considered
nonexistent. Really? Either they exist rarely, or not at all. Anyway, our
ultimate solution, in this case, was a new motherboard. The BIOS virus
disabled all bootable media except the original HD so re-flashing the BIOS
was out. We think it was "installed" as part of some video utility or a
website pop-up

  Not exactly on point, but I thought worth mentioning.

[image: v-card QR scan code]
*Bill Hardison*
Computer Services Coordinator
Northwest Regional Library System (NORWELD)
419-352-2903
*Yahoo IM - TechnobraryGeek*

*You rush a miracle man, you get rotten miracles.*
Miracle Max: The Princess Bride (1987)

*This message and any response to it may constitute a public record and
thusmay be publicly available to anyone who requests it.*

On Wed, Nov 20, 2013 at 10:29 AM, Chad Neeper <cneeper at level9networks.com>wrote:

> If the BIOS in your computers has the ability to set a hard drive
> password....and someone has done it, then your hard drive is probably now
> rendered useless without that password. As a matter of course, I ALWAYS
> ensure that the BIOS/CMOS passwords are set so patrons can't get in there
> and wreak havoc!
>
> I've gone a round or two trying to find a way to wipe a password from an
> otherwise perfectly good hard drive. It's particularly difficult and I
> ultimately gave up.
>
> The password stays with the hard drive, so even if you remove the drive
> and connect it to another computer, the drive will identify itself to the
> host operating system, but that's all the further it will go. The password
> is stored on one of the hard drive platters. So to remove the password, you
> have to do a low-level access of the disk and know EXACTLY which bytes to
> locate and interpret or overwrite. It'll be different for each model hard
> drive.
>
> I don't know of any malware that will enable a HD password, although I
> suppose it's probably possible. Most of the malware that encrypts does so
> at the file level, leaving your OS intact. They're trying to extort money
> from you, so it's usually just the data files that get encrypted. Your
> situation definitely sounds more like a pesky patron setting the HD
> password, just like you suspect.
>
> I think your only option here is to ensure that all of your patron
> computers now have their BIOS passwords enabled, replace the locked hard
> drives, and locate your pesky patron if possible and invite him/her into a
> dark alley.
>
> Good luck!
>
>
> ______________________________
> *Chad Neeper*
> Senior Systems Engineer
>
> *Level 9 Networks*
> 740-548-8070 (voice)
> 866-214-6607 (fax)
>
> *Full LAN/WAN consulting services -- Specialized in libraries and schools*
>
>
> On Wed, Nov 20, 2013 at 9:20 AM, Mike Hensel <henselmi at oplin.org> wrote:
>
>> OPLINTech Libraries:
>>
>>
>>
>> I’ve got a situation where one of my patron computers last week booted up
>> with a Security Manager Screen that basically needed a password to boot
>> from the hard drive.  We run DeepFreeze on all of the computers.  I
>> eventually had to get another hard drive sent from Dell.  Last night 5 more
>> computers displayed the same message.  We lock the computers down with
>> policies as well.  I have not seen any virus alerts pop up in Symantec.  We
>> run Symantec Endpoint.  I don’t believe we had the bios locked down so the
>> only thing I can think of is someone logged into the bios and setup an
>> password on access to the HD which is leaving our machines dead.
>>
>>
>>
>> Has anyone run across this scenario and is there any easy fixes besides
>> getting a new hard drive and rebuilding the machine.   I’m trying to
>> determine if it was a local hack (patron at each machine) or virus.
>>
>>
>>
>> Any help would be appreciated.
>>
>>
>>
>> Mike Hensel
>>
>> Director, MLIS
>>
>> London Public Library
>>
>> 20 E. First Street
>>
>> London, OH 43140
>>
>> www.mylondonlibrary.org
>>
>> 740-852-9543
>>
>> Mobile 614-325-1429
>>
>>
>>
>> _______________________________________________
>> OPLINTECH mailing list
>> OPLINTECH at lists.oplin.org
>> http://lists.oplin.org/mailman/listinfo/oplintech
>> Search: http://oplin.org/techsearch
>>
>>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
> Search: http://oplin.org/techsearch
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/d59778b3/attachment-0001.html>