Video Screencast Help

virus in BIOS

Created: 14 Nov 2008 • Updated: 22 May 2010 | 17 comments

There is a problem with my computer timing...each time i boot my computer the timing sets to september 5 2020.......but even the Bios memory is having similar problem its timing also changes with every  new booting ..even after changing the timing of Bios it changes when restarted


but if we  start directly after pressing restart button timing doesnt change....

that means timing of bios and computer changes while closing windows 


may be it spreads thru infected pendrive

Comments 17 CommentsJump to latest comment

Paul Murgatroyd's picture

its possible.. but there arent many around... have you considered the fact it might just be a dead BIOS battery?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

Knottyropes's picture

All mother boards that I have seen with a dead CMOS/BIOS batteries will change the date to before current date by a few years. Never seen one advance it yet.

Dr. Watson's picture

We all know and remember how nasty h-e-double-hockysticks?stre0539@ was ....


We would also agree that if it were something like h-e-double-hockysticks?stre0539@ we would have been in deep trouble right at the Hardware or the Device functionality level i suppose...


Also writing a virus at the BIOS (firmware level) is a difficult task and dont think some1 would take that pain just to change the BIOS time ;) ;)


So just feel safe ... change the CMOS Battery and enjoy :)



Intel_indian's picture

okay i will check the Bios Battery first ....but i dnt think so coz in that case timing lags behind


but in my case Bios time fixes to 2020 and after booting timing remains between 7:31 to 7:39 only


Dr. Watson's picture

with a CMOS battery issue ... The time would get reset to the defult time which is embedded / hardcoded in the BIOS firmware... no wonder there would be a time difference on a case to case basis...


Now with a DEAD CMOS battery you would NEVER :( find a "TIME LAG"... as the battery is dead and time wont save and would reset itself to the defaults after every refresh....


Now the firmware defaults would vary and should vary on case to case basis ...I believe... :)


By the way Ashu2hot4u sounds like a really ummmmmm email address ;). I like it...

Intel_indian wrote:



Cheeeers :) 


Intel_indian's picture

not working guyss............ changed my bios battery with a similar 2032 battery



help me get rid of this crap ........


 timing still fixes to september 5 2020 7:31 each time i boot in


i changed the time in bios settings which was jan 2003 earlier


but each time i boot timing changes to 2020  huh


hope an early reply

Abhishek Pradhan's picture

Question 1. > How did you infer that there's a virus in the BIOS? Question 2. > If you know that there is a virus in the BIOS, I believe that you might know that SEP / SAV (Symantec Endpoint Protection / Symantec Anti-Virus) works on windows OS platforms, and does not execute off the BIOS, so essentially, there is NO SAV / SEP for the BIOS..... Recommendation - If you are dead sure that there is a Virus in the BIOS, please change the Motherboard / flush the BIOS, and get help from the appropriate forum / experts for the same. Unfortunately, no one here would be able to help you with the BIOS virus, since as per you it's in the BIOS, something that the Motherboard works off, and nothing to do with Windows.

Abhishek Pradhan, PMP, MCT
Blog: | SIG Lead - Pune IT Pro (Microsoft Pune User Group) |

ShadowsPapa's picture


There were back in the 90's a couple of "viruses" that actually targeted VERY specific Korean mfgr BIOS., but those were the only ones that could be impacted because of the code being specific to access each BIOS.

Further, it corrupted, NOT infected. They can't infect the BIOS, but can corrupt them.

And - isn't it just POSSIBLE that the BIOS (more correctly, the CMOS/real-time clock) is messed up and there's NO virus?

Why do people blame a virus every time something gets corrupted or quits working properly? 90+ percent of the time, it's just normal breakage.

IF, and that's a BIG if, something did "get to your BIOS, it's corrupted and will most likely need replaced. SOME BIOS makers do allow a re-write, but usually those are dual-BIOS motherboards.  They will function if the primary BIOS is corrupted or wiped out. Time is kept in CMOS, and isn't a BIOS function.


Anyway, SHOW me a specific virus that exists today that actually "infects" a BIOS and can do so to multiple BIOS, since each has different code required to get into the firmware to re-write it.....

I'm betting this is a MOBO issue and not a "virus". I may be wrong, but that is my professional opinion based on 2.5 decades of working on this stuff.


We've tossed 2 MoBo's here in 4 years due to CMOS becomming corrupted or non-functional. Nothing to do with "infections", they simply quit working properly, quit keeping time. You couldn't set them and make it stick.

Intel_indian's picture

tell ya one more thing 


when I started windows in safe mode .........the timing was correct for 5 seconds almost ...after that time changed to september 5 2020 .. dont u think that it is a virus ???


after boot time scanning i got a trojan Prosti-BT[Trj] in system volume information .after deleting it i m still not able to get rid of this advanced timing..



any guesses........i have the latest version of Norton ,AVG and Avast ....none is detectung my problem


I wanna know one more thing....can we change the bios timing while working on O.S.



ShadowsPapa's picture

Sorry, that doesn't "prove" virus, or anything.

A virus is a PROGRAM. It must RUN. The BIOS can only be corrupted, not infected. You need to understand what a virus is and how it works - it's a program. It must be "run". There is no OS in the virus for it to run. There's no operating system to launch it or interpret the viral code. The only "virus" to successfully ever attack a BIOS was specifc to BIOS brand and series, even to the MOBO, and did NOT infect, it CORRUPTED.

It may still well be a HARDWARE issue!

Again, I've tossed my share of motherboards due to bad CMOS (the REAL location of the time setting) or bad BIOS - but it was corruption or hardware failure. I've never, in over 2 decades, personally ever seen a BIOS "trashed" by a virus.

NO ANTIVIRUS can detect a virus in the BIOS because there is no virus that can be in the BIOS and virus checkers can't look in the BIOS.  You will never find an a-v product that will scan your BIOS.

A virus that would corrupt or impact the BIOS in any fashion would HAVE to have originated from a FILE on the HARD DRIVE or other "drive" (USB stick, CD, floppy, etc.)

Said virus would also need to know the exact sequence needed to impact the firmware of your particular BIOS. Each requires different code to affect re-writing of the BIOS instruction set. Not all BIOS can be updated, those that can require a specific sequence of events to allow it to be open to re-writing.

The odds that your computer BIOS was impacted by a virus is VERY slim indeed. And then, it would NOT be an INFECTION, it would be corruption, meaning the BIOS is TOAST.

The clock is the clock, it's not the BIOS.

You can indeed set and change the TIME or DATE of the computer through software. Most OSs have that ability, and you can do it through assembler for that matter.

Intel_indian's picture

guys guys guys just tell me one thing which thing is changing my time ........i wanna kill that one

ShadowsPapa's picture

We've tried. It is most likely a HARDWARE issue.

However, you can count out the OS by doing the following simple and FREE test:

Boot from a DOS-type CD or Floppy and see what happens to the time (you can use DOS date and time commands to check and set the date and time via DOS)


Boot from a FREE UBUNTU Linux CD (you can download Ubuntu Linux for FREE, burn a bootable CD, boot from that CD and see how the computer behaves)


You can get FREE Linux and DOS bootable CD images from the Internet.


If it STILL changes date/time, then you have a computer problem - period. And you will need to fix or replace it, as it's not a VIRUS that can be removed.


Sorry, but computers sometimes BREAK. Things go BAD. IT happens, it's normal. Software can become corrupt all on its own with NO help from a virus.

This may be that case - you MAY not be able to fix it, but you won't know until or unless you boot from some other OS other than the Windoze that's on that computer.

reza akhlaghy's picture



Just a question, if you change time in BIOS and stay for a while in BIOS, does the time change also?


If not it must be something that will be activated on system boot and has nothing to do with BIOS, I suspect that you have a time sync source (such as windows domain controller or Novell server) which its time is incorrect.

Intel_indian's picture

well i wud like to explain again ......

 1.>>>whenver i boot my pc timing changes to sept 2020 7:31

 2.>>> when i change the timings in BIOS still after booting time changes to sept 2020

 3.>>> if i restart my computer the timing of BIOS wont change

 4.>>> if i strart computer from restart using restart button timing will get changed ...

some times i found it to be 2019 ......




and i HATE this

Intel_indian's picture

and of course booting in new session(I mean not using restart button as said in point 2 of previous post) s time changes both in BIOS as well as in windows ...


But yes when i started my pc in safe mode(with manually corrected timing in BIOS) i saw the correct timing for 5 seconds in windows after that it changed to wrong timing of 2020

Abhishek Pradhan's picture

This thread is going waaay off the beaten tarck.


Please consider calling Microsoft Support, for your OS issues. All that you've said till now points to an issue with your OS, which is developed and provided by Microsoft and NOT Symantec.


Also, please consider formatting your system and do a clean install of the OS, and not a repair or parallel install.


Since this issue points to everything BUT anything wrong with SEP, I'll be requesting the Moderators to lock this thread.


Thank you all for your insights and posts for this thread.



Message Edited by Abhishek Pradhan on 11-26-2008 06:52 PM

Abhishek Pradhan, PMP, MCT
Blog: | SIG Lead - Pune IT Pro (Microsoft Pune User Group) |