Ask HN: My laptop has a bios level keylogger my security is at threat help

[dudeofjude]

I have the following laptop - http://www8.hp.com/in/en/ad/ultrabooks/intel.html

I have been encountering suspicious activities and private data getting out.

It has been informed to me that,its either a bios level keylogger or a virus that catches your camera is creating trouble for me.

I searched the net, could not help myself. I formatted the laptop, scanned bios still things are not safe.

Please help!

[SchizoDuckie]

Note: The title of this article is most likely misleading.

Please post some detailed analyiys of what's going on here. What data gets out? What type of suspicious activities?

- Have you tried package-capturing with wireshark on the internet connections your laptop makes?

- Are you sure that there's no other attack point in your network that could be more easily infected than a BIOS?

- Have you checked your phone for instance?

- Have you checked the Master Boot Record of your harddrive?

- Have you checked your router?

- Have you tried unhackme (rootkit scanner) ?

A BIOS is very device specific, which would mean that either somebody finds you very interesting on a level that's NSA-tech worthy, or China hackers just leveled up.

I have a hard time just believing this, and there's a ton of attack angles that would be much more efficient to bug someone.

Also. Since when was hacker news downgraded to a personal helpdesk?

[dudeofjude]

Please post some detailed analyiys of what's going on here. What data gets out? What type of suspicious activities?

    They know my gmail passwords.

- Have you tried package-capturing with wireshark on the internet connections your laptop makes?

    Yes.

- Are you sure that there's no other attack point in your network that could be more easily infected than a BIOS?

    Can be.

- Have you checked your phone for instance?

    Downgraded the phone.

- Have you checked the Master Boot Record of your harddrive?

    Yes.

- Have you checked your router?

    Don't have access.

- Have you tried unhackme (rootkit scanner) ?

    Yes.

A BIOS is very device specific, which would mean that either somebody finds you very interesting on a level that's NSA-tech worthy, or China hackers just leveled up.

I have a hard time just believing this, and there's a ton of attack angles that would be much more efficient to bug someone.

     I am facing it. 

Also. Since when was hacker news downgraded to a personal helpdesk?

    Where else shall I go to resolve the crisis?

[doubt_me]

Tech here:

What did you scan your bios with?

How did you format your laptop?

What system are you running? Windows 8 or 7?

How did you activate your windows OS?

What is the exact model number of your laptop?

answer as much as possible so I can help

[dudeofjude]

avast antivirus.

and http://www.malwarebytes.org/

usb device.

win 8, i had a genuine iso file and keys.

Model - 41113TU Product - C7D86PA#ACJ

[doubt_me]

If you already formatted your laptop those viruses should be gone but if you think you have a rootkit

Scan with this tool called kaspersky anti rootkit TDSSKiller

http://support.kaspersky.com/us/5350#block1

If you find something delete it.

But just to be extra safe re flash your bios/ update it and then scan afterwards to see if anything pops up.

[dudeofjude]

Do you have pointers on flashing the bios.

Had tried that TDSSKiller earlier.

[doubt_me]

Yea you can download it from this link and then follow the instructions

http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?sof...

[dudeofjude]

thanks, worked like a charm.

So having flashed the BIOS and upgrading it, should I be secure that there is no rootkit inside the machine?

[psycho-geek]

Get rid of Windows 8 and the TPM2 crap. Your machine is no longer yours. It is spied upon and owned by Microsoft. They have FULL control over your machine. I have caught Windows 8.1 uploading my data to Microsoft. They encrypt the communications, but I was monitoring Windows and what files it was accessing and what communications it was performing over the Internet. When I blocked the ip addresses, it evaded my blocks by using a different set. All ip addresses were owned by Microsoft.

[dudeofjude]

How were you monitoring communications?

Is it possible for me to monitor any communication that is going at BIOS level?

[psycho-geek]

I used Wireshark (http://www.wireshark.org/). I was actually diagnosing a different issue, until I noticed that my Win8 machine was especially chatty. When I looked more into it, I was horrified as to how much data was being uploaded to Microsoft. I used many different techniques, including Man in the Middle in order to see what info was actually being sent. It was especially creepy to see that the Win8 box took evasive actions as I tried to spy on its communications. I wonder exactly what Microsoft has to hide regarding this communication and has to encrypt it and be evasive.

I am not aware of any easy way of monitoring BIOS level communications. If you are afraid that the BIOS has been compromised by a virus then I would suggest that you update the BIOS with an update from the vendor's web site. Even if it the same version that's installed.

If you are worried that the machine's vendor has somehow added spying routines into the BIOS, then for safety's sake don't use the machine for work, or for any secure info. Use it only play.

[vertr07]

Maybe reflash your bios? Have you considered that it might be your network?

[dudeofjude]

Does reflashing it guarantees removal of keyloggers or laptop camera mismanagement?

[vertr07]

No, but it's better than being paranoid and not doing anything about it.

[dylanhassinger]

get a mac

[dudeofjude]

no money!

[S4M]

install linux then.

[dudeofjude]

BIOS is still there, right?

[fit2rule]

Reflash the BIOS from a different machine, install linux.

[dudeofjude]

any pointers how to go about?