spyware in bios mobo

[Speelgoedmannetje]

A while ago, I re-installed Windows on a friend's computer (an old P3).
When it was done (a clean install of Win98) it launched a to me unknown program called 'PhoenixNET'. This program could only be clicked away with ctrl-del. Every time Windows started, this program started and every time it gave error messages.

I surfed the net for information to remove this program but nothing!
I only read that it was built-in in the BIOS and that it was spyware (a 'service' from Phoenix).

And I couldn't find ANYTHING referring to it in the BIOS setup.

Eventually, I could click it a bit away (now it runs on the background).

so... if you need to buy a new PC mobo, you're warned.

[hnl_dk]

Have you tried updating the BIOS ... Maybe PheonixNET is not included in the newer PheonixBIOS, or there might be an AwardBIOS for the motherboard...

What motheroard is it?

[Speelgoedmannetje]

:-) Of course I considered it, but I couldn't find an appropriate BIOS.

It seemed to be completely abandoned.

[hnl_dk]

Speelgoedmannetje wrote:
:-) Of course I considered it, but I couldn't find an appropriate BIOS.

It seemed to be completely abandoned.

Do you know the name of the motherboard? I could try to look at it ...

[Speelgoedmannetje]

:-( *sigh* not atm, not exactly

but where would you look for it if I may ask? :-) (so I can look for it when I am there, behind the particular computer)

[whabang]

Check THIS discussion. It should provide some useful info.

[odin]

I used to see a Phoenix blurb whenever my computer started, untill I updated the flashrom and every trace seems to have vanished now.

[Speelgoedmannetje]

@Whabang
yeah, I've been across this several times, but couldn't find something usefull in it.
They suggest you uninstall the program, but it can't be uninstalled because there is no uninstall option. (not even in the add/remove programs, nor in TweakUI)

but, ah well, thnx in advance anyway, here, one for you :pint:

[hnl_dk]

Speelgoedmannetje wrote:
:-( *sigh* not atm, not exactly

but where would you look for it if I may ask? :-) (so I can look for it when I am there, behind the particular computer)

Depends on the motherboard

[whabang]

Try to use msconfig to remove it from the windows startup, and then remove the offending files from the hard drive.

[DanDude]

Another reason why I hate PCs...BIOS-spyware!

HA!
 :lol:

[Speelgoedmannetje]

[Cyberus]

Speelgoedmannetje wrote:

whabang wrote:
Try to use msconfig to remove it from the windows startup, and then remove the offending files from the hard drive.

Thanks for the tip :pint:

@hnl_dk, thanks for the offer :pint:

and thanks for making me want a beer :pint: :-)

[Speelgoedmannetje]

Cyberus wrote:

Speelgoedmannetje wrote:

whabang wrote:
Try to use msconfig to remove it from the windows startup, and then remove the offending files from the hard drive.

Thanks for the tip :pint:

@hnl_dk, thanks for the offer :pint:

and thanks for making me want a beer :pint: :-)

Not a cuppa tea? Tis time for it I see.
Naah, beer is for the late evening (except if you're on vacation or so)

@DanDude
I KNOW I KNOW I KNOW. :lol: :-x

[Glaucus]

Hmmm....  Just remember that msconfig is a debuging tool and should not be used as a permanent solution.

First off, in whabang's link it seems that the PheonixNet "feature" can be disabled via BIOS option. There may also be a jumper to do so if it's an older motherboard.

Second, ZoneAlarm is your friend. ZA not only traps incoming Internet requests, but outgoing ones as well. You can simply disallow PheonixNET's Internet traffic all together.

Third, install SysInternals TCPView which will give you a list of all Internet connections, including the application they're associated with and the destination IP.

Fourth, install and run HijackThis. This will give you a good idea as to what "extra" software is launched at startup. If you've installed lost of some legit software already then the listing it generates may be long. If it's a fresh Win98 install, it should be fairly sparse. At any rate, click on the "Save Log", and save it to a text file somewhere, then copy it and paste it here in this thread and we can help you find what the offending program is.

Fifth, use SysInternal's AutoRuns to track down and disable any spyware. This is the way it should be done and not through msconfig. You may end up editing the registry, but AutoRuns will take you to the place where you need to make the edit.

Sixth, install Lavasoft's Ad-Aware (and get the LSP plugin as well).

I think all the above should make your setup pretty spy-ware resistant for some time.  :-)

  - Mike