Blog | G5 Cyber Security

BIOS Spyware: Check & Remove

G5 Cyber Security

TL;DR

This guide helps you check your computer’s BIOS for spyware and provides steps to remove it if found. It covers checking boot order, looking for unusual settings, updating the BIOS, and using anti-malware tools.

Checking Your BIOS for Spyware

  1. Understand the Risk: BIOS spyware is rare but serious. It can persist even after reinstalling your operating system because it lives on a separate chip from your hard drive.
  2. Check Boot Order: A common sign of BIOS tampering is an unexpected change to the boot order.
    • Restart your computer and enter the BIOS setup (usually by pressing Del, F2, F10, or Esc during startup – check your motherboard manual).
    • Navigate to the Boot menu. Look for any devices listed that you didn’t add yourself.
    • If you find something suspicious, remove it from the boot order and save changes.
  3. Examine BIOS Settings: Look for unusual or unexpected settings.
    • Date & Time: Check if the date and time are correct. Incorrect values can indicate tampering.
    • USB Boot: Ensure USB boot is disabled unless you specifically need it. Enabling it unnecessarily creates a potential attack vector.
    • Security Options: Review any security settings (e.g., passwords, Secure Boot). Look for anything that seems out of place or has been changed without your knowledge.
  4. Look for Hidden Partitions: Spyware can sometimes hide on a hidden partition.
    • Open Disk Management (search for ‘Disk Management’ in Windows).
    • Check for any unallocated or small partitions that you don’t recognize. Be very careful before deleting any partitions! Back up your data first.

Removing BIOS Spyware

  1. BIOS Update: Updating your BIOS to the latest version can often remove malware and patch vulnerabilities.
    • Visit your motherboard manufacturer’s website.
    • Download the latest BIOS update for your specific model.
    • Follow the manufacturer’s instructions carefully – a failed BIOS update can brick your motherboard! Typically, this involves putting the file on a USB drive and booting into the BIOS to flash it.
  2. Anti-Malware Scan: Run a full system scan with reputable anti-malware software.
    • Download and install a trusted anti-virus/anti-malware program (e.g., Malwarebytes, Bitdefender).
    • Perform a full system scan in Safe Mode for best results. Restart your computer in Safe Mode before running the scan.
  3. BIOS Reset: If other methods fail, you can try resetting the BIOS to its default settings.
    • Enter the BIOS setup (as described earlier).
    • Look for an option like “Load Default Settings” or “Factory Defaults”.
    • Save changes and exit. This will erase any custom configurations, so you may need to reconfigure your hardware settings afterward.
  4. Professional Help: If you are uncomfortable with these steps or suspect a severe infection, consult a cyber security professional.
Exit mobile version