A virus attacked my motherboard!

Question

A friend got a virus in her computer, rendering it inoperable. She took it to a shop which told her that the virus had destroyed her CPU and she would have to buy a new motherboard. I am no expert, but I have never heard of that happening -- viruses destroy software and files, but not hardware. Is the shop just trying to sell her a new computer?

-Paul

Answer

This question was answered on April 9, 2004. Much of the information contained herein may have changed since posting.

Without the benefit of actually examining the computer in question, I can't make any determinations about the shop's intent.

In general, the majority of today's worms and viruses attack programs and files (software), but there are a group of them that actually do attempt to do harm to a specific hardware component in your computer.

It is not likely that the actual CPU (Central Processing Unit - Intel or AMD chip) was damaged from a virus but another very vital chip could have been the victim.

One of the core components of a computer is something called the BIOS (Basic Input/Output System) It acts as a go-between for the hardware and the operating system In past years, this chip was called a ROM (Read Only Memory) BIOS that required a complete replacement if an update was needed.

As technology progressed a more flexible version known as a 'Flash BIOS' that could be reprogrammed with a simple software program was introduced This allowed computer manufacturers to update their customers computer hardware code without having to have the machine brought to a service center for replacement

It is what allows older computers to be made aware of new hardware, which potentially extends the life and usability of the system as a whole.

This very helpful feature is the target of worms and viruses that carry a destructive payload that attempts to rewrite the BIOS chip If a Flash BIOS is updated with the wrong code, it can potentially render the motherboard useless.

The first instances of this type of attack were discovered in 1998 when the 'CIH' or 'Chernobyl' virus was discovered in Taiwan.

This worm had a trigger date of April 26th, 1999, which reportedly affected more than a million computers in Korea.

Although this virus is rather old, it is still possible that it is in the wild and could attack a computer that had outdated or no anti-virus protection If the computer in question had anti-virus software that was at least from the late 90's it should have been protected from this particular attack (Norton Anti-Virus had an update for this virus as far back as June of 1998.)

Variants of the original code have been discovered as recently as late 2002, but they all use the same techniques from the original, which means even older anti-virus protection should guard against it.

A quick way to know if the CIH virus or one of its variants is the cause of the problem is to scan the hard drive for viruses in a completely different machine If it attacked the computer's BIOS, it will still be on the hard drive and will likely have infected many files as well.

Another possibility is that someone attempted to do an upgrade of the system without realizing what they were doing (we have seen this on more than one occasion in our shops).

If an intentional upgrade goes bad, it can render the computer unbootable In some cases the BIOS can be 're-flashed' or replaced and in others there is little that can be done to cost effectively resurrect the main board.

The very possibility that a program can attack computer hardware components is just another reason for everyone to avoid e-mail file attachments like the plague!

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on April 9, 2004