I don't think that this is what you have Fred but if you come to suspect it, he took extensive notes that I can get you.

I can't remember what utility he was using to list BIOS versions but I'll ask tonight and here is what I do remember he said.

He thinks it is something called "Mebromi" although I am probably spelling that wrong. It only supposedly effects BIOS versions created by Award. This makes sense, I guess, as you would have to code your package very specifically to the BIOS code you are targetting. His MB is a Phoenix Technologies so if you have a Phoenix MB with Award BIOS, you might check closer. His video card is onboard on the MB and it appears that is the video BIOS files it seemed to modify. Who knows, it may be infecting the main BIOS as well but it seems to match. Dunno, just going by what he tells me. I refuse to get sucked into troubleshooting this with him as he is extremely obsessive and I suspect this will engulf him for years if he can't fix it. He is already hanging out in the scariest of newsgroups trying to find an SME to help him.

It seems to instantly rewrite the master boot record and then hides downloaders and stuff all over the place. Removal tools tend to just make his drives unbootable and he has to load an OS from a protected USB and reformat then reinstall an OS which instantly gets re-infected.

Until a tool is created that successfully patches his BIOS back to normal, he is screwed. One benefit I suppose, he is learning a lot about the deep intricacies of Linux as he is mainly using that as his safe boot tool from USB.

With great power comes Awesome irresponsibility.