Hi, I am really hoping that someone is able to help me here...consider it an interesting project of sorts. So, my BIOS on my Lenovo was hacked, or more apppropriately, modified remotely without permission. The System BIOS and Video BIOS (VBIOS) are both shadowed, and on every power on there are tables and hashes that are checked for any modifications. If changes are found, the configuration is set back to what someone else wants them to be. I also noticed that the Pre Execution Environment (PXE) has been configured with a host, which I am not able to view or change. My BIOS was modified before I had set a User and Supervisor and HDD password, so.....I need help to know what to do. When running Wireshark, I notice my Ethernet controller is commuicating to unknown Servers using neat little protocols, and the end result is my Windows system being silently added to a workgroup on a domain somewhere. This also ends up spreading like a worm to my other network attached devices, regardless of operating system or machine type. The Internet of Things indeed! I have effectively fixed all of my devices, but the Lenovo remains tricky.
Here is information that I have gathered:
Lenovo Thinkpad W510, Machine Type Model 4389W7A
BIOS Version 1.33 (6NET73WW)
Embedded Controller Version 1.16
PxE Network Boot: Intel Boot Agent GE version 1.3.51
Pheonix SecureCore NB, Build 089, wfm 2.0, PxE 2.1