Rooted, big time with acpi bios kit

H_TeXMeX_H · 02-03-2010, 09:33 AM

If you really think you have a rootkit, try using rkhunter and chkrootkit.

As for a BIOS kit ... they are quite rare, and AFAIK you can only get one by flashing a hacked BIOS ...

Quote:

Originally Posted by compuslave

As for the bios it would only keep some changes, others would revert even if I didn't let the os boot. Some features that were there a year ago, like the acpi stuff, were totally gone. Also while poking around with Hiren's boot cd and Ultimate boot cd one of the bios utilities said I had an active virus in cmos, this happened with both cds. As for the video rom, I just have strong suspicion based on my untrained eye that the video rom was involved somehow. Once I read more about the subject I was convinced. It's in there.

So, how do I save my files?

Which utility said this ? Did it have an option to remove it ? If not, try flashing a new BIOS, a good one.

Video ROM ? what is that ?

Hangdog42 · 02-03-2010, 12:16 PM

Quote:

Originally Posted by compuslave

Anyway, what kinds of things did you want to see?

Take a look at post #2 in this thread. unSpawn asked a couple of basic questions that really need to be answered in detail. The way this forum works is with evidence, not speculation or vague descriptions. What tends to work best is posting records, logs, traffic logs, that sort of stuff. Normally the CERT checklist is a good place to start, but given the amount of time that has elapsed, I suspect it will be of minimal use. H_TexMex_H's suggestions are worth a go as well.

Basically, you need to have some evidence about why this system is different from what a normal system would be.

By the way, did you get your copy of Backtrack3 from a reputable dealer? To be honest, that would be my first investigation. If your copy of Backtrack was cracked, that could explain a fair bit.