F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Legal Notices
Contact Us

F-Secure Virus Descriptions : Raadioga





NAME:Raadioga
ALIAS:Nilz, BIOS Password
SIZE:1000
ORIGIN:Estonia

This is a simple virus infecting EXE files.

Raadioga is a slow polymorphic virus. It changes it's own code very slowly. This makes it difficult to detect.

Raadioga activates on the 10th of March. At this time it enables the CMOS password. If there was a password set previously, it will be enabled. If there was no password, the "default" password is enabled. Some other viruses (like Cruel and Lego) do the same.

Here are some default BIOS passwords you might want to try:

AMI (American Megatrends) BIOSes: 

        AMI
        ami
        AMI_SW
        AMI?SW
        AMI?PW
        A.M.I.
        oder
        PASSWORD

Award BIOSes: 

        589589
        589721
        AWARD
        Award
        J262
        J256
        AWARD SW
        AWARD_SW
        AWARD?SW
        AWARD_PW
        q_l27&z
        ALFAROME
        BIOSTAR
        BIOSSTAR

Phoenix BIOSes: 

        PHOENIX
        phoenix
        BIOS
        CMOS

Also try these: 

        setup
        LKWPETER
        BIOSTAR
        Syxz
        Wodj
        SER
        SKY_FOX
        aLLy
        awkward
        HLT

On some machines you can clear out the full CMOS - however, this will force you to enter hard drive and other information back manually.

Some IBM Aptivas will clear the CMOS if you press both mouse buttons during the boot process. Some Toshiba's laptops can bypass the BIOS password if you press the left shift button on the keyboard while booting. With AMI BIOS, v1.19 and older, the CMOS is cleared by holding the END key while booting.

Note to users with localized keyboards: When the password is entered, the keyboard is in US mode. This means that special characters have to be entered from the keys where they would be on a US keyboard: for example, underscore ("_") is created by pressing shift and the-button-next-to-zero.

If you find the right password, enter CMOS setup and disable password protection immediatly. If you can't find the right password, consult your hardware or motherboard manual for information on how to reset CMOS data (you will also loose other CMOS settings if you do this).

Raadioga displays this text when activating: 

        HAIGUSTE RAVI KONTROLLITUD VAIKUSE PIMEDUSE JA RAADIOGA

Roughly, that means: "The cure proven with silence darkness and radio".

Raadioga was reported to be in the wild in August 1997.

[Analysis: Peter Szor & Mikko Hypponen, F-Secure, 1997]