1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Someone locked you out of your BIOS, never ferr.

Discussion in 'Notebooks' started by mm, Oct 9, 2010.

  1. mm

    mm Flightless Bird

    I think a virus put a BIOS password in my friend's HP Mini 1000
    netbook. I know I didn't do it, and I know it had malware. I've read
    online several other stories from those who never set a password and
    are still stuck with one.

    I read about one repair shop that wanted 325 dollars to unlock the
    BIOS.

    Another website wanted $50,

    But Dogbert has programs to do it for free!

    For HP, Dell, Fujitsu, Samsung, Compaq, and all that use Phoenix
    bioses.

    Check it out.

    http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html

    Let's hear it for Dogbert! [enormous applause]

    I don't know if he says it, but the hash number to convert shows up
    after you enter the wrong password three times in a row.

    (add more newsgroups, had to split into 2 or more posts)
    microsoft.public.windowsxp.general,alt.comp.os.windows-xp,comp.sys.hp.misc,comp.sys.hp.hardware,
    comp.sys.laptops,alt.comp.virus,alt.comp.anti-virus

    And he gives his source code too. Actually everything is in the 3
    lines after the comments. Here they are for an HP netbook, for
    example, but you have to look at the page too:

    def decode(code):
    table = {'1': '3', '0': '1', '3': 'F', '2': '7', '5': 'Q',
    '4': 'V', '7': 'X', '6': 'G', '9': 'O', '8': 'U', 'a': 'C', 'c': 'E',
    'b': 'P', 'e': 'M', 'd': 'T', 'g': 'H', 'f': '8', 'i': 'Y', 'h': 'Z',
    'k': 'S', 'j': 'W', 'm': '4', 'l': 'K', 'o': 'J', 'n': '9', 'q': '5',
    'p': '2', 's': 'N', 'r': 'B', 'u': 'L', 't': 'A', 'w': 'D', 'v': '6',
    'y': 'I', 'x': '4', 'z': '0'}

    That is:
    '1': '3',
    '0': '1',
    '3': 'F',
    '2': '7',
    '5': 'Q',
    '4': 'V',
    '7': 'X',
    '6': 'G',
    '9': 'O',
    '8': 'U',
    'a': 'C',
    'c': 'E',
    'b': 'P',
    'e': 'M',
    'd': 'T',
    'g': 'H',
    'f': '8',
    'i': 'Y',
    'h': 'Z',
    'k': 'S',
    'j': 'W',
    'm': '4',
    'l': 'K',
    'o': 'J',
    'n': '9',
    'q': '5',
    'p': '2',
    's': 'N',
    'r': 'B',
    'u': 'L',
    't': 'A',
    'w': 'D',
    'v': '6',
    'y': 'I',
    'x': '4',
    'z': '0'

    Which for some reason is 18 pairs of numbers or letters and what
    character they should be converted to, each pair in reverse order from
    the normal order of numbers or letters. As in a, c, b, d, f, e.... Do
    you know why he did it that way? Anyhow, logically, if not
    programically, it is the same as what follows so you don't even need
    the program to do a mere 10 characters. Don't forget, this one is
    just HP netbooks.

    0: 1,
    1: 3,
    2: 7,
    3: F,
    4: V,
    5: Q,
    6: G,
    7: X,
    8: U,
    9: O,
    a: C,
    b: P,
    c: E,
    d: T,
    e: M,
    f: 8,
    g: H,
    h: Z,
    i: Y,
    j: W,
    k: S,
    l: K,
    m: 4,
    n: 9,
    o: J,
    p: 2,
    q: 5,
    r: B,
    s: N,
    t: A,
    u: L,
    v: 6,
    w: D,
    x: 4,
    y: I,
    z: 0

    Come to think of it, if the encoding is just simple replacement of one
    character with another, it would be easy in most cases to figure out
    the code. Just get a simlar computer, set a password for the BIOS
    using no character more than once, refuse to put the right password in
    until you get the hash code at the end, and record the mapping. Do it
    again with different passwords until you get all 36 characters. But
    Dogbert has done this for you for many many computers. Let's hear it
    for Dogbert! [thunderous applause]


    Yes, I'm sure the malware did it, maybe to keep a user from changing
    the boot order so that booting from the USB came first. Fortunately,
    I had changed it already (although the virus seems to have changed it
    back.) and also fortunately this HP unit has a separate, afaik
    non-password-protectable screen that allows a one-shot change in boot
    order.
     
  2. David H. Lipman

    David H. Lipman Flightless Bird

    From: "mm" <NOPSAMmm2005@bigfoot.com>

    | I think a virus put a BIOS password in my friend's HP Mini 1000
    | netbook. I know I didn't do it, and I know it had malware. I've read
    | online several other stories from those who never set a password and
    | are still stuck with one.

    < snip >

    You've been making quite a few posts but it is time for you to realize that all viruses
    are malware but not all malware are viruses. There are but a handful of true viruses and
    dozens of worms but the vast majority are classified as some form of trojan.

    Malware will not password the BIOS. It is an illogical payload. The malicious actor who
    wrote the malware gains no benefit for himself nor a given cause or objective. It doesn't
    help in the malware's self preservation nor can it have an effect on the OS of the
    platform. In fact a BIOS password is OS independent.

    It is like all the crap I find on my user's desktops and notebooks. When confronted they
    almost always say they didn't put it there. OK, sometimes a toolbar or other software is
    packaged with an update and I'll forgive them. But often I find "stuff" that got there
    because it was deliberately installed. They put it there but won't take responsibility
    for the action.

    Someone set the BIOS password and it wasn't malware.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
  3. Peter Foldes

    Peter Foldes Flightless Bird

  4. Peter Foldes

    Peter Foldes Flightless Bird

    Forgot to mention. You also multiposted this aside from all the ones you crossposted
    to.

    --
    Peter
    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    http://www.microsoft.com/protect
     
  5. mm

    mm Flightless Bird

    On Sat, 9 Oct 2010 23:14:19 -0400, "Peter Foldes" <okf22@hotmail.com>
    wrote:

    >mm
    >
    >And you have multiposted this to a few other groups.


    Yes, I have.
    >
    >Kindly read the following
    >
    >http://www.blakjak.demon.co.uk/mul_crss.htm


    Okay. I don't see how this applies to my post.

    "Cross-posting is often wrong, because people tend to cross-post to
    unsuitable groups.", but I didn't. Every group I chose had an
    interest in this. Yes, the BIOS is unrelated to the operating system,
    but everyone in those groups has to worry about his BIOS once in a
    while. The people in the XP groups have helped me a lot and this was a
    chance for me to help them.

    "Multi-posting is a waste of bandwidth, money, and people's time, with
    no advantages whatever, and should never be indulged in. "

    That refers to muli-posting when cross-posting would have been
    possible. But it wasn't fully possible here.

    I split the groups into 2 sections because my news reader wouldn't let
    me send to so many at one time. I wasn't asking for help; I wasn't
    getting anything out of this for myself. I was telling people about a
    valuable service that could save them 50 or 325 dollars, and still
    allow them access to their BIOS for free, if they forgot their
    password or someone or thing put one on without telling them. If they
    recognize the subject line, they don't have to read it more than once,
    or even once. I think people would rather get this twice than not at
    all.
     
  6. FromTheRafters

    FromTheRafters Flightless Bird

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:i8r4bv01a5r@news7.newsguy.com...
    > From: "mm" <NOPSAMmm2005@bigfoot.com>
    >
    > | I think a virus put a BIOS password in my friend's HP Mini 1000
    > | netbook. I know I didn't do it, and I know it had malware. I've
    > read
    > | online several other stories from those who never set a password and
    > | are still stuck with one.
    >
    > < snip >
    >
    > You've been making quite a few posts but it is time for you to realize
    > that all viruses
    > are malware but not all malware are viruses. There are but a handful
    > of true viruses and
    > dozens of worms but the vast majority are classified as some form of
    > trojan.
    >
    > Malware will not password the BIOS. It is an illogical payload. The
    > malicious actor who
    > wrote the malware gains no benefit for himself nor a given cause or
    > objective. It doesn't
    > help in the malware's self preservation nor can it have an effect on
    > the OS of the
    > platform. In fact a BIOS password is OS independent.


    It seems to me that there *would* be a slight advantage to making it
    hard for the average victim (user) to access a way to clean boot an
    infected machine. Besides, a payload doesn't *have* to be beneficial to
    *anyone* (CIH's BIOS corruption for instance).

    It's not likely that any specific mobile code malware would do this
    considering all of the differences in settings that would be encountered
    as it spread. Plus, it is trivial to set it back the way it should be by
    dis-validating the checksum via the port access (or removing the
    battery) - this usually results in the BIOS routine calling up the CMOS
    Setup program for you.

    I can envision malware with a targeted payload (specific BIOS being used
    by the intended victim) where this could be done, but it would be easily
    enough undone so as to make it not worthwhile. It reminds me again of my
    appending @autoexec to my uncle's autoexec.bat file, it makes it
    difficult to boot, but not insurmountable, to fix.
     
  7. David H. Lipman

    David H. Lipman Flightless Bird

    From: "FromTheRafters" <erratic@nomail.afraid.org>

    | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    | news:i8r4bv01a5r@news7.newsguy.com...
    >> From: "mm" <NOPSAMmm2005@bigfoot.com>


    >> | I think a virus put a BIOS password in my friend's HP Mini 1000
    >> | netbook. I know I didn't do it, and I know it had malware. I've
    >> read
    >> | online several other stories from those who never set a password and
    >> | are still stuck with one.


    >> < snip >


    >> You've been making quite a few posts but it is time for you to realize
    >> that all viruses
    >> are malware but not all malware are viruses. There are but a handful
    >> of true viruses and
    >> dozens of worms but the vast majority are classified as some form of
    >> trojan.


    >> Malware will not password the BIOS. It is an illogical payload. The
    >> malicious actor who
    >> wrote the malware gains no benefit for himself nor a given cause or
    >> objective. It doesn't
    >> help in the malware's self preservation nor can it have an effect on
    >> the OS of the
    >> platform. In fact a BIOS password is OS independent.


    | It seems to me that there *would* be a slight advantage to making it
    | hard for the average victim (user) to access a way to clean boot an
    | infected machine. Besides, a payload doesn't *have* to be beneficial to
    | *anyone* (CIH's BIOS corruption for instance).

    | It's not likely that any specific mobile code malware would do this
    | considering all of the differences in settings that would be encountered
    | as it spread. Plus, it is trivial to set it back the way it should be by
    | dis-validating the checksum via the port access (or removing the
    | battery) - this usually results in the BIOS routine calling up the CMOS
    | Setup program for you.

    | I can envision malware with a targeted payload (specific BIOS being used
    | by the intended victim) where this could be done, but it would be easily
    | enough undone so as to make it not worthwhile. It reminds me again of my
    | appending @autoexec to my uncle's autoexec.bat file, it makes it
    | difficult to boot, but not insurmountable, to fix.



    Assuming malware did indeed password protect the BIOS entres, are you saying it would be
    an advantage to the malware that you couldn't, for example, change the Boot Order ?



    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
  8. FromTheRafters

    FromTheRafters Flightless Bird

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:i8se420tnm@news6.newsguy.com...
    > From: "FromTheRafters" <erratic@nomail.afraid.org>
    >
    > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > | news:i8r4bv01a5r@news7.newsguy.com...
    >>> From: "mm" <NOPSAMmm2005@bigfoot.com>

    >
    >>> | I think a virus put a BIOS password in my friend's HP Mini 1000
    >>> | netbook. I know I didn't do it, and I know it had malware. I've
    >>> read
    >>> | online several other stories from those who never set a password
    >>> and
    >>> | are still stuck with one.

    >
    >>> < snip >

    >
    >>> You've been making quite a few posts but it is time for you to
    >>> realize
    >>> that all viruses
    >>> are malware but not all malware are viruses. There are but a
    >>> handful
    >>> of true viruses and
    >>> dozens of worms but the vast majority are classified as some form of
    >>> trojan.

    >
    >>> Malware will not password the BIOS. It is an illogical payload.
    >>> The
    >>> malicious actor who
    >>> wrote the malware gains no benefit for himself nor a given cause or
    >>> objective. It doesn't
    >>> help in the malware's self preservation nor can it have an effect on
    >>> the OS of the
    >>> platform. In fact a BIOS password is OS independent.

    >
    > | It seems to me that there *would* be a slight advantage to making it
    > | hard for the average victim (user) to access a way to clean boot an
    > | infected machine. Besides, a payload doesn't *have* to be beneficial
    > to
    > | *anyone* (CIH's BIOS corruption for instance).
    >
    > | It's not likely that any specific mobile code malware would do this
    > | considering all of the differences in settings that would be
    > encountered
    > | as it spread. Plus, it is trivial to set it back the way it should
    > be by
    > | dis-validating the checksum via the port access (or removing the
    > | battery) - this usually results in the BIOS routine calling up the
    > CMOS
    > | Setup program for you.
    >
    > | I can envision malware with a targeted payload (specific BIOS being
    > used
    > | by the intended victim) where this could be done, but it would be
    > easily
    > | enough undone so as to make it not worthwhile. It reminds me again
    > of my
    > | appending @autoexec to my uncle's autoexec.bat file, it makes it
    > | difficult to boot, but not insurmountable, to fix.
    >
    >
    >
    > Assuming malware did indeed password protect the BIOS entres, are you
    > saying it would be
    > an advantage to the malware that you couldn't, for example, change the
    > Boot Order ?


    It might necessitate needing to slave the drive to a surrogate, if you
    cannot boot from floppy, cd, or usb device. This, of course, assumes
    that the malware could have changed settings such as the boot order, or
    somehow otherwise made the floppy, cd, or usb device unusable for
    booting. This just seems like an extension to the disabling of safe-mode
    or corruption of restore points.

    Not much a of an incentive there for malware writers to bother with it
    though, I'll admit.
     
  9. FromTheRafters

    FromTheRafters Flightless Bird

    "mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    news:ll32b6dbjasv168jvt2rnniucmc1mgvkv2@4ax.com...

    [...]

    > Yes, I'm sure the malware did it, maybe to keep a user from changing
    > the boot order so that booting from the USB came first.


    What malware did this?
     
  10. David H. Lipman

    David H. Lipman Flightless Bird

    From: "FromTheRafters" <erratic@nomail.afraid.org>

    | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    | news:i8se420tnm@news6.newsguy.com...
    >> From: "FromTheRafters" <erratic@nomail.afraid.org>


    >> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    >> | news:i8r4bv01a5r@news7.newsguy.com...
    >>>> From: "mm" <NOPSAMmm2005@bigfoot.com>


    >>>> | I think a virus put a BIOS password in my friend's HP Mini 1000
    >>>> | netbook. I know I didn't do it, and I know it had malware. I've
    >>>> read
    >>>> | online several other stories from those who never set a password
    >>>> and
    >>>> | are still stuck with one.


    >>>> < snip >


    >>>> You've been making quite a few posts but it is time for you to
    >>>> realize
    >>>> that all viruses
    >>>> are malware but not all malware are viruses. There are but a
    >>>> handful
    >>>> of true viruses and
    >>>> dozens of worms but the vast majority are classified as some form of
    >>>> trojan.


    >>>> Malware will not password the BIOS. It is an illogical payload.
    >>>> The
    >>>> malicious actor who
    >>>> wrote the malware gains no benefit for himself nor a given cause or
    >>>> objective. It doesn't
    >>>> help in the malware's self preservation nor can it have an effect on
    >>>> the OS of the
    >>>> platform. In fact a BIOS password is OS independent.


    >> | It seems to me that there *would* be a slight advantage to making it
    >> | hard for the average victim (user) to access a way to clean boot an
    >> | infected machine. Besides, a payload doesn't *have* to be beneficial
    >> to
    >> | *anyone* (CIH's BIOS corruption for instance).


    >> | It's not likely that any specific mobile code malware would do this
    >> | considering all of the differences in settings that would be
    >> encountered
    >> | as it spread. Plus, it is trivial to set it back the way it should
    >> be by
    >> | dis-validating the checksum via the port access (or removing the
    >> | battery) - this usually results in the BIOS routine calling up the
    >> CMOS
    >> | Setup program for you.


    >> | I can envision malware with a targeted payload (specific BIOS being
    >> used
    >> | by the intended victim) where this could be done, but it would be
    >> easily
    >> | enough undone so as to make it not worthwhile. It reminds me again
    >> of my
    >> | appending @autoexec to my uncle's autoexec.bat file, it makes it
    >> | difficult to boot, but not insurmountable, to fix.




    >> Assuming malware did indeed password protect the BIOS entres, are you
    >> saying it would be
    >> an advantage to the malware that you couldn't, for example, change the
    >> Boot Order ?


    | It might necessitate needing to slave the drive to a surrogate, if you
    | cannot boot from floppy, cd, or usb device. This, of course, assumes
    | that the malware could have changed settings such as the boot order, or
    | somehow otherwise made the floppy, cd, or usb device unusable for
    | booting. This just seems like an extension to the disabling of safe-mode
    | or corruption of restore points.

    | Not much a of an incentive there for malware writers to bother with it
    | though, I'll admit.

    No but it is a VALID point. Thank you.



    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
  11. Dave Cohen

    Dave Cohen Flightless Bird

    On 10/10/2010 10:09 AM, FromTheRafters wrote:
    > "mm"<NOPSAMmm2005@bigfoot.com> wrote in message
    > news:ll32b6dbjasv168jvt2rnniucmc1mgvkv2@4ax.com...
    >
    > [...]
    >
    >> Yes, I'm sure the malware did it, maybe to keep a user from changing
    >> the boot order so that booting from the USB came first.

    >
    > What malware did this?
    >
    >

    Is that a serious question?
     
  12. FromTheRafters

    FromTheRafters Flightless Bird

    "Dave Cohen" <user@example.net> wrote in message
    news:i8skh2$los$1@news.eternal-september.org...
    > On 10/10/2010 10:09 AM, FromTheRafters wrote:
    >> "mm"<NOPSAMmm2005@bigfoot.com> wrote in message
    >> news:ll32b6dbjasv168jvt2rnniucmc1mgvkv2@4ax.com...
    >>
    >> [...]
    >>
    >>> Yes, I'm sure the malware did it, maybe to keep a user from changing
    >>> the boot order so that booting from the USB came first.

    >>
    >> What malware did this?
    >>
    >>

    > Is that a serious question?


    Yes, if the OP is sure, then there should be more information.
     
  13. mm

    mm Flightless Bird

    On Sun, 10 Oct 2010 11:13:03 -0400, "FromTheRafters"
    <erratic@nomail.afraid.org> wrote:

    >"Dave Cohen" <user@example.net> wrote in message
    >news:i8skh2$los$1@news.eternal-september.org...
    >> On 10/10/2010 10:09 AM, FromTheRafters wrote:
    >>> "mm"<NOPSAMmm2005@bigfoot.com> wrote in message
    >>> news:ll32b6dbjasv168jvt2rnniucmc1mgvkv2@4ax.com...
    >>>
    >>> [...]
    >>>
    >>>> Yes, I'm sure the malware did it, maybe to keep a user from changing
    >>>> the boot order so that booting from the USB came first.
    >>>
    >>> What malware did this?
    >>>
    >>>

    >> Is that a serious question?

    >
    >Yes, if the OP is sure, then there should be more information.


    I wanted to give a longer answer -- well, it came out pretty long
    after all -- but in short, I was handed a netbook because it wouldn't
    boot, malware was suspected, and just looking around, I checked out
    the BIOS and I had no trouble and no need for a password getting into
    it.

    I checked out the computer with AVG from a flashdrive and it had at
    least one virus. It ran again after AVG removed that, but 10 minutes
    later, I got one of those screens saying there was a virus, which was
    displayed by malware present on the computer, and whether it made
    things worse or not, I fell for it and clicked on something, and then
    it wouldnt' boot. I used 6 different Boot Rescue anti-virus CD's and
    each time I would have to press F9 to get it to boot from the CD.

    Once in the dim light with the small print on the F-keys, I missed F9
    and hit F10, which goes into the BIOS, and it displayed a simple black
    screen with What is your CURRENT password? Guessing didn't work. I
    tried F10 a few more times with the same result.

    Googling, I found other examples of people who never set a BIOS
    password but who go the same message I did.


    I never set a password -- there is no reason I would do that, I don't
    do that, and there is no way I would forget doing that if I did it.
    The password was some strange set of 10 letters and numbers that would
    be impossible for me to remember, and whenever I do set a password,
    which is only when an ISP or a website requires one, I use one that is
    easy to remember.

    No password was required 3 or 4 days earlier, I was the only one who
    touched the computer during all that time, and it was required 3 or 4
    days after it wasn't. I conclude with a very high level of confidence
    that the malware changed things and made the password required.


    If malware can do all the other things it does, entering a number in
    the password storage area doesn't seem much harder.

    After 3 failed attempts to enter a password, most computer brands will
    display a number, a hash number, which it turns out is directly
    related to the password, and this HP did that. The programs at the web
    page I gave decoded the hash number, and it worked the first time.

    http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html

    The rest of the computer is working fine now too.
     
  14. FromTheRafters

    FromTheRafters Flightless Bird

    "mm" <NOPSAMmm2005@bigfoot.com> wrote in message
    news:uv09b6dmkvoh93l8h2m2s8l0rolpvpv1ms@4ax.com...
    > On Sun, 10 Oct 2010 11:13:03 -0400, "FromTheRafters"
    > <erratic@nomail.afraid.org> wrote:
    >
    >>"Dave Cohen" <user@example.net> wrote in message
    >>news:i8skh2$los$1@news.eternal-september.org...
    >>> On 10/10/2010 10:09 AM, FromTheRafters wrote:
    >>>> "mm"<NOPSAMmm2005@bigfoot.com> wrote in message
    >>>> news:ll32b6dbjasv168jvt2rnniucmc1mgvkv2@4ax.com...
    >>>>
    >>>> [...]
    >>>>
    >>>>> Yes, I'm sure the malware did it, maybe to keep a user from
    >>>>> changing
    >>>>> the boot order so that booting from the USB came first.
    >>>>
    >>>> What malware did this?
    >>>>
    >>>>
    >>> Is that a serious question?

    >>
    >>Yes, if the OP is sure, then there should be more information.

    >
    > I wanted to give a longer answer -- well, it came out pretty long
    > after all -- but in short, I was handed a netbook because it wouldn't
    > boot, malware was suspected, and just looking around, I checked out
    > the BIOS and I had no trouble and no need for a password getting into
    > it.
    >
    > I checked out the computer with AVG from a flashdrive and it had at
    > least one virus. It ran again after AVG removed that, but 10 minutes
    > later, I got one of those screens saying there was a virus, which was
    > displayed by malware present on the computer, and whether it made
    > things worse or not, I fell for it and clicked on something, and then
    > it wouldnt' boot. I used 6 different Boot Rescue anti-virus CD's and
    > each time I would have to press F9 to get it to boot from the CD.
    >
    > Once in the dim light with the small print on the F-keys, I missed F9
    > and hit F10, which goes into the BIOS, and it displayed a simple black
    > screen with What is your CURRENT password? Guessing didn't work. I
    > tried F10 a few more times with the same result.


    It is possible that *this* was the problem.

    ....and it's CMOS not BIOS ... if your BIOS is passworded, you can't
    boot.

    > Googling, I found other examples of people who never set a BIOS
    > password but who go the same message I did.


    ....and they probably all screamed "virus" even though it might have been
    simple corruption or a weak CMOS battery.

    > I never set a password -- there is no reason I would do that, I don't
    > do that, and there is no way I would forget doing that if I did it.


    > The password was some strange set of 10 letters and numbers that would
    > be impossible for me to remember, and whenever I do set a password,
    > which is only when an ISP or a website requires one, I use one that is
    > easy to remember.


    When a password recovery program gives you a password that works, it
    doesn't necessarily mean that it is *the* password entered by the user.
    Generally, it is an *equivalent* password arrived at by running an
    algorithm against the password hash value.

    This means that when you set it to "Fluffy", another *equivalent*
    password might be æas¶o½¿

    > No password was required 3 or 4 days earlier, I was the only one who
    > touched the computer during all that time, and it was required 3 or 4
    > days after it wasn't. I conclude with a very high level of confidence
    > that the malware changed things and made the password required.


    Okay.

    > If malware can do all the other things it does, entering a number in
    > the password storage area doesn't seem much harder.


    No, in fact it would be easy enough. It's just that nobody seems to be
    aware of any malware programs that do so. Probably because it would be
    viewed as a waste of effort for so little gain by the malware writers.

    > After 3 failed attempts to enter a password, most computer brands will
    > display a number, a hash number, which it turns out is directly
    > related to the password,


    Hashes are usually compression algorithms, a smaller representation of
    data that is *nearly* as unique as the data it represents. IOW the hash
    is directly related to the password, but it may be directly related to
    other possible passwords as well.

    > and this HP did that. The programs at the web
    > page I gave decoded the hash number, and it worked the first time.
    >
    > http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html
    >
    > The rest of the computer is working fine now too.


    What hash value do you get when the password is blank, and you try the
    wrong password three times?

    Just curious,
     

Share This Page