Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Hacker leaves boot up messed

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Hacker leaves boot up messed

Reply to Message Icon

Name: Phillip Turvey
Date: October 25, 2003 at 06:53:08 Pacific
OS: windows 98
CPU/Ram: p3 800 128 meg
Comment:

A Friend connected on a university network got hacked by a fellow student. The hacker did minimal damage, Just changed a few file permisions, but left an anoying message when the pc boots up. The message takes place before any bios post takes place ie the moment the pc is turned on, much like a manufactures logo picture. I have no idea how to delete this message its more an anoyance thing than anything else.
Im sure its prety simple to remove and if any one has any ideas i would be greatful.



Sponsored Link
Ads by Google

Response Number 1
Name: EC
Date: October 25, 2003 at 07:29:29 Pacific
Reply:

In 98, go into the RUN line and type in msconfig
and then click OK and find the tab at the topt aht says START UP and UNCHECK the one
responsible for the offending message.
Also, llok in WINDOWS folder for START icon and find it there maybe.


0

Response Number 2
Name: JackG
Date: October 25, 2003 at 09:20:00 Pacific
Reply:

Are you sure of the statement "before any bios post takes place", because it is the BIOS POST that turns the hardware on. The machine can do nothing before POST runs. To get into the POST like the hardware vendor's hardware, you would have to modify some part of the systems BIOS POST code. Either modify the system's flash BIOS or the BIOS on the Video or NIC card.

Make sure there is not a diskette or CD-Rom in one of the drives. Then insert a boot diskette and boot from it. If you can boot from the diskette and the message appears before the diskette boots, then check the boot sequence setup in the BIOS CMOS Setup. One trick might be to enable booting from the LAN and have a boot server sending the message. This would not happen if the LAN connection is unplugged. Or if the LAN adapter has a boot ROM socket on it, adding a custom Boot ROM plug in module could cause what you have. But that would require the hacker to open the system and add the module to the NIC card.

If the hacker modified the system's flash BIOS, then you will have to re flash the system BIOS to remove the message.

It is more likely that the disk boot record was modified to display the message. You could use a boot disk for the system to boot it and run the FDISK /mbr command.



0

Response Number 3
Name: phil
Date: October 25, 2003 at 10:58:36 Pacific
Reply:

ok thanks for the replys. i havnt seen the message myself as its someone at a different university i was just asked for help myself.


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More


spybot search & destr... yahoo mail account



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Hacker leaves boot up messed
My laptop will not boot up www.computing.net/answers/security/my-laptop-will-not-boot-up/21214.html

help boot up and all programs slow www.computing.net/answers/security/help-boot-up-and-all-programs-slow/21590.html

W32.Yaha.F@mm virus - can't boot up www.computing.net/answers/security/w32yahafmm-virus-cant-boot-up/2370.html