Malware set a bios password -- Now what?

Ok I was in bios checked disks and then was going to use the recovery console on a Lenovo Y510 with Vista but I first decided to backup the few files on the computer to a flash drive. Finish the backup , reboot and try to get the options again for putting it back to factory state and I am now asked for a bios password.  I have done one to two hundred of these things and I am absolutely positive I did not accidentally set one.

Compounding the problem I am not even able to run .exe's from the desktop.  I am asked -- "What program do you want to use to open this program."

The bios has hard drive selected as first boot option so I can't use a disk to clean it up and safe mode is infected as well.

Where would you go from here ?
Sean MeyerAsked:
Who is Participating?
rpggamergirlConnect With a Mentor Commented:
Does Windows still loads? Do you have access to the desktop?
If so, then run these tools to fix the .exe file association, then run RKill and MalwareBytes.

Vista .exe files association fix.

Or use Kaspersky's CleanAutoRun to restore .exe file association.

Or you could Download exeHelper to your desktop.
Double-click on to run the fix.
A black window should pop up, press any key to close once the fix is completed.

Once exe files asso, is fixed... run renamed RKill and MalwareBytes.
1.  Download the renamed RKill (run it but do not reboot... then run MalwareBytes straightafter.

2.  MalwareBytes
You have just remove the battery, if it's a notebook you can remove the battery and the transformer and hold the power button 30 secs (this not always work with all computer)
when I say the battery it's the CMOS battery on the mainboard
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

shjacks55Connect With a Mentor Commented:
See manual at (Lenovo support is down, they removed password questions from support fomums anyway). Read section on passwords.  Note the support for HDD encryption. Call Lenovo support and hope they like your story, the standard based HD encryption may not recover.

"Expert": motherboards built in the last ten years store legacy "cmos" ram data in flash, esp in bios chip. The battery is exclusively for the clock. See . Read the Lenovo lip service to security in the manual. Compaq has required unsoldering and replacing the BIOS chip to clear password since the 90's.

Other options. It will help to know the BIOS brand. Get the Lenovo hardware manual, open up the laptop and remove the hard drive. You said bios is HD first, not HD only.
1. Remove your laptop's HD (instructions in Lenovo hardware manual). Get an SATA to USB adapter from local computer shop or Amazon, about $10. Plug into USB of different computer then make sure it is visible (not encrypted by virus)(disable legacy support so you won't scramble this computer with the virus). If visible (not encrypted) then run A-V or other cleaner program.
2. With HD removed from Laptop: Make bootable flash drive, DOS WinPE. Include type software. If HD was encrypted  If HD was not encrypted, can use Debug in DOS to poke values over password storage area for that BIOS type or, less reliable, poke random values into CMOS until cmos integrity error where bios overwrite cmos with default values. Debug procedure and useless "backdoor" passwords at
3.  From Lenovo support link; your laptop has no floppy, however flash updates may be possible through bootable USB flash drive (or USB JTAG option, etc.) make sure you choose clear ESCD option when you update the BIOS, that will clear cmos.  There is often a key press combination that will allow boot to last good bios setup (saves ambitious over clockers). The key press option to boot from the previous bios before you flashed it certainly won't work if you hadn't upgraded the bios.

Sean MeyerAuthor Commented:

Michael -- that is old information.  As shjacks55 pointed out any new hardware does not have the battery limitations.  

shjacks55 -  They did not like my story and all I was able to accomplish with the different software was to wipe the bios clock and now it is even more annoying in that it makes me hit F2 on boot and enter three times to attempt a password and F2 again to enter the OS.  Not a huge problem but the system clock will not stay set when adjusted within windows.  And because of this windows updates will not happen until you set the clock.

rpggamergirl - Thank you for the solution of just fixing the problem.  The system threw me for a loop when it reset the BIOS password.  Computer is in working condition and will be sent to Lenovo for Bios reset.  
Sean MeyerAuthor Commented:
shjacks55 -- I did not try the Debug in DOS as I did not want to brick the system.  Have you tried this yourself before ?
The Bios Companion I've uploaded includes "password checking option" page 138 ff which includes the debug code, the data in CMOS Ram area has a checksum. If the checksum fails the bios rebuilds it as if it was a brand new computer. The "CMOS" emulation will not be harmed by debug since most information stored there (except the password) is trivial, like 5 1/4 inch floppy drive information.

Dell/Intel's made some newer boards that turn off the fan and the CPU overheats, but debug has nothing to with that: those boards were "born that way".
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.