USB Virus/Worm in both Windows 7 and Linux?

Thank you Sandy.  

My BIOS is definitely replaced by something else.  Sophos is the only one that showed me a clue.  I suspected my logitech unifying wireless usb receiver as being a conduit for flashing my BIOS.  I posted the question on the Logitech forum.  It was deleted, so I called them and got the answer I expected.  Impossible.

And in doing my research, I learned that people are adamant that BIOS viruses are "too hard to do".  People also used to think it was too hard to fly and that the world was flat.  The following description of troubles is only included just in case someone else in the Googleverse needs to know that they are not alone.

In any case, I fear nobody can help me in 2011.  There is one way to find out if the mouse usb wireless receiver stored a BIOS virus, and how to block it, and that is by examining the part.  I'm searching for a BIOS verification tool.  Actually, that's a waste of time because it's obviously corrupt after seeing my F12 option disable itself, and then I F9'd to reset default, the Gateway loader screen wouldn't show up on boot.  In case anybody else has these problems in the future, I found out by accident that disconnecting power didn't help, but pulling the hard drive and re-seating it brought back my load screen and I was able to F2 to the BIOS.  Not that it matters, :smileyvery-happy:

It's pretty amazing.  On top of being the world's best hide and seek player, it changes my BIOS settings, made my usb ports disappear, denied access to My Documents, changed my power saver module so I couldn't adjust anything - It also repeatedly changes my firewall settings and homegroup and various services to allow Remote Assistance, then disabled and denied my access to firewall after I changed the settings back a few times, erased my firefox history for the first day it appeared, I assume it has all my personal data including b'day and can steal my identity, and so on....  Can it be one malware program doing this?  Maybe it opened a door to allow more of it's helper programs to get on board. None of which can be detected at the moment.  Either the scanners stall or don't run at all, or they show nothing malicious.

Oh, and I didn't mention that it learns.  When I try to visit an online antivirus site, it blocks it the second time in IE.  (It keeps setting IE as default browser.)   I was only able to DBAN once and it failed on subsequent attempts.  The same thing happened to a lot of AV software that ran only once.  Before loading the operating systems, I booted with gparted and reformatted partitions to a different size and type numerous times.  I saw evidence of a malicious presence on  Windows XP, Windows 7, Windows 8 Developer Preview, and Ubuntu Linux 11.04.

It appears that the Bullguard firewall is working against intrusions!  (Their antivirus scan shows no clues, either.) When the virus first appeared it corrupted and disabled my Comodo firewall, turned off my Threatfire, and didn't show up during Microsoft Security Essentials scan.  I later found out it turns off Windows Defender and Windows Firewall in Windows 8...

I'm tired and it's been a hassle, but since I am not the only one who always used to leave my USB wireless receiver in place during boot, I'd like for us to know if it's really corrupted, and not just a suspicion.  No scanner for that yet.

Thanks for listening.  Chkdsk says everything is gravy, but maybe it lies to me. I hope to only have to flash my BIOS once.  Let's see what happens.

I'm sorry about putting those details here, but maybe somebody searching will find your site.  I was tired and cranky when I wrote it, and I forgot where I was.  I'm putting off flashing the BIOS until after I go deeper with Sophos, since it was a starting point.  First thing tomorrow morning.

The browser on the infected computer wouldn't let me download from the Sophos website.  I performed a recovery and turned the machine off because I have some other things to do that are more important.

Last night, the people behind this malware found a new way to break through my firewall.  On the log, I noticed that the IP address for my Nettalk Duo (connected to my router) was requesting inbound connection numerous times.  The firewall did block it from entering the computer, but this was frightening to me.  Justifiably so, because later I was on that VOIP phone with a friend and I heard a female computer voice say, "This call is being recorded."  Neither my friend nor I was responsible.  That was nice of the bad guys to let me know that they were infecting every kind of device on my network.

How ironic that some many years ago I attended a control systems seminar where the speaker said that he and his group were trying to convince the phone companies that their phone systems could be taken down by viruses.  They explained that it would be the most devastating of all  terrorist attacks because if phone service is down everywhere, and there are bombings happening, our emergency services would be stuck with walkie talkies, and no one can call for help.  I wonder if his group made progress.

I will make more attempts to download the Sophos software as soon as I get free time.  But if you want to take all my networked devices to a research lab, that would be super.  hint hint

I had no idea these kind of viruses could infect Linux systems too. It sounds like your going to have to wipe your system clean again, what a total bummer. I had something like this happen too, good luck on getting it all fixed.