Q: A friend got a virus in her computer, rendering it inoperable. She took it to a shop, which told her that the virus had destroyed her CPU and she would have to buy a new motherboard.
I am no expert, but I have never heard of that happening — viruses destroy software and files, but not hardware. Is the shop just trying to sell her a new computer? — Paul
A: Without examining the computer in question, I can’t make any determinations about the shop’s intent.
In general, the majority of today’s worms and viruses attack programs and files (software), but there are a group of them that actually do attempt to harm a specific hardware component.
It is not likely that the actual CPU (central processing unit — Intel or AMD chip) was damaged from a virus, but another vital chip may have been the victim.
One of the core components of a computer is something called the BIOS (Basic Input/Output System). It acts as a go-between for the hardware and the operating system. In past years, this chip was called a ROM (Read Only Memory) BIOS that required a complete replacement if an update was needed.
As technology progressed, a more flexible version known as a Flash BIOS that could be reprogrammed with a simple software program was introduced. This allowed computer manufacturers to update their customers’ computer hardware code without the machine being brought to a service center for replacement.
This allows older computers to be made aware of new hardware, which potentially extends the life and usability of the system as a whole.
This helpful feature is the target of worms and viruses that carry a destructive payload that attempts to rewrite the BIOS chip. If a Flash BIOS is updated with the wrong code, it can potentially render the motherboard useless.
The first instances of this type of attack were discovered in 1998 when the "CIH" or "Chernobyl" virus was discovered in Taiwan.
This worm had a trigger date of April 26, 1999, which reportedly affected more than a million computers in Korea.
Although this virus is rather old, it is still possible that it is in the wild and could attack a computer that had outdated or no virus protection. If the computer in question had anti-virus software that was at least from the late ’90s, it should have been protected from this particular attack. (Norton Anti-Virus had an update for this virus as far back as June 1998.)
Variants of the original code have been discovered as recently as late 2002, but they all use the same techniques as the original, which means even older virus protection should guard against it.
A quick way to know if the CIH virus or one of its variants is the cause of the problem is to scan the hard drive for viruses in a completely different machine. If it attacked the computer’s BIOS, it will still be on the hard drive and will likely have infected many files as well.
Another possibility is that someone attempted to do an upgrade of the system without realizing what they were doing. We have seen this on more than one occasion in our shops.
If an intentional upgrade goes bad, it can render the computer unbootable. In some cases the BIOS can be "reflashed" or replaced. In others, little can be done to resurrect the main board cost-effectively.
The possibility that a program can attack computer hardware components is just another reason for everyone to avoid e-mail file attachments like the plague!
- Ken Colburn is president of Data Doctors Computer Services and Data Doctors Franchise Systems and host of the "Computer Corner" radio show at noon on Saturdays noon on KTAR (620 AM). Readers can send questions to email@example.com.