wright@cs.uiuc.edu (David Wright) (01/18/91)
My apologies if this group is not appropriate, but I would like to solicit advice on a problem that may be a malicious attack: I am looking at a friend's PS/2 Model 70 that he reports has had problems including problems reading diskettes that appear to be fine in another machine (a laptop that I am keeping carefully isolated). Since the PS/2 has been exposed to physical, unmonitored access by outsiders, I suspect that the machine may have been tampered with. The SCAN program reports no viruses in the system, but the INFOPLUS program (on the CMOS page) reports that the CMOS checksum is incorrect; other anomalies on this page include a ridiculous system date and no hard disk reported. However, the system does boot off of the hard disk, and the DOS date command reports the correct date. My friend reports some unusual behavior reading and writing the hard disk, but I have been reluctant to test the system further. I seem to remember hearing of the possibility of altering the CMOS as a form of computer attack. Could someone enlighten me on this subject briefly, or alternately, point me to a reference? I have general technical background in PCs, but will need specific info on how to approach this problem. Any help would be greatly appreciated. - -David Wright wright@cs.uiuc.edu