Computing.Net > Forums > Security and Virus > Hacker leaves boot up messed

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Hacker leaves boot up messed

Reply to Message Icon
Original Message
Name: Phillip Turvey
Date: October 25, 2003 at 06:53:08 Pacific
Subject: Hacker leaves boot up messed
OS: windows 98
CPU/Ram: p3 800 128 meg
Comment:

A Friend connected on a university network got hacked by a fellow student. The hacker did minimal damage, Just changed a few file permisions, but left an anoying message when the pc boots up. The message takes place before any bios post takes place ie the moment the pc is turned on, much like a manufactures logo picture. I have no idea how to delete this message its more an anoyance thing than anything else.
Im sure its prety simple to remove and if any one has any ideas i would be greatful.


Report Offensive Message For Removal


Response Number 1
Name: EC
Date: October 25, 2003 at 07:29:29 Pacific
Reply: (edit)

In 98, go into the RUN line and type in msconfig
and then click OK and find the tab at the topt aht says START UP and UNCHECK the one
responsible for the offending message.
Also, llok in WINDOWS folder for START icon and find it there maybe.


Report Offensive Follow Up For Removal

Response Number 2
Name: JackG
Date: October 25, 2003 at 09:20:00 Pacific
Reply: (edit)

Are you sure of the statement "before any bios post takes place", because it is the BIOS POST that turns the hardware on. The machine can do nothing before POST runs. To get into the POST like the hardware vendor's hardware, you would have to modify some part of the systems BIOS POST code. Either modify the system's flash BIOS or the BIOS on the Video or NIC card.

Make sure there is not a diskette or CD-Rom in one of the drives. Then insert a boot diskette and boot from it. If you can boot from the diskette and the message appears before the diskette boots, then check the boot sequence setup in the BIOS CMOS Setup. One trick might be to enable booting from the LAN and have a boot server sending the message. This would not happen if the LAN connection is unplugged. Or if the LAN adapter has a boot ROM socket on it, adding a custom Boot ROM plug in module could cause what you have. But that would require the hacker to open the system and add the module to the NIC card.

If the hacker modified the system's flash BIOS, then you will have to re flash the system BIOS to remove the message.

It is more likely that the disk boot record was modified to display the message. You could use a boot disk for the system to boot it and run the FDISK /mbr command.



Report Offensive Follow Up For Removal

Response Number 3
Name: phil
Date: October 25, 2003 at 10:58:36 Pacific
Reply: (edit)

ok thanks for the replys. i havnt seen the message myself as its someone at a different university i was just asked for help myself.


Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Hacker leaves boot up messed

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Have you ever used OpenOffice?

Yes, as my main suite.
Yes, occationally.
Yes, but only once.
No, never.


View Results

Poll Finishes In 5 Days.
Discuss in The Lounge


.dll files NOT found in Google ??

Old (~P1) Case LED Screen - setting

Better Motherboard

Please help, new build wont turn on

CD Rom, mouse & keyboard not workin

All Posts Awaiting Replies