Bios malware infecting cmd.exe?

Troubles began with an infection by the Online Games Password Stealer and SysVenfaKU.  I could not remove them because they kept repropagating out, so I deleted partition and reinstalled XP and fully updated from Windows Update.  I updated bios by flashing.

Windows boots, but I am seeing a cmd.exe window open on bootup and don't know where it's coming from.  It should not be there at all.  And the dos prompt in this window looks odd.  I get a blinking cursor followed by a period (to the right).  The period cannot be deleted.

This reminds me of a symptom of a very old virus, maybe the NIMDA virus that was hitting IIS servers.

Does this ring a bell with anyone?

Can anyone explain the odd dos prompt cusror/period?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check out the startup locations given here:

If you do a clean boot (, does the cmd window appear.

Sometimes a format does not remove a virus on a hard disk.
If viral activity is suspected - run a full DBAN pass over your hard disk (this will remove ALL data on your disk): 
Then - reinstall Windows.

Bios viruses have all but died out - I have not seen an infection in years.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hijackthis scan and showing us the logfile as orangutang had suggested is a very good start for our diagnosis.

It's also possible that this is an MBR virus or a rootkit, there has been reported cases recently for these.
IF it's an MBR virus/rootkit, then running the Recovery Console and running the Fixmbr command should fix it.

If it's not an MBR virus or rootkit, then it should show up in the logs(if not in hijackthis, in some other logs like a Combofix log).
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

when you say, you deleted the parition, did you first remove ALL partitions from the hard drive?  You see, XP does not clean the boot sector either, and that is probably where the virus is residing.  If you are not too far ahead of your new install, this methodology will GUARANTEE that the disk is totally cleansed --

Go to a different system, go to -- download their WIN98SE boot disk, you will also need FDISK and format for 98 Se to go on the boot disk.  You must be certain this system is free of any viruses.  Cut the boot disk to floppy, att FDISK.exe and to it.  OPen the tab to write protect it.

Now go to your infected PC with boot disk in hand, boot from write protected floppy, run FDISK, and remove all partitions on your hard disk.  Now reboot to floppy, run this command --


then load FDISK again from the A: prompt.  Now make as many partitions of 120GB or less to use up all space on the drive -- choose Y for large disk and format them FAT32.  When you format the partitions, make sure you use the command --

Format C: /s   -- to put the system files on the C drive.

This will guarantee a cleansed disk.
The alternative, one step option is as I stated earlier - use DBAN to completely wipe the disk...
grj2000Author Commented:
this vexing problem actually took a combination of the 2 techniques to resolve.  so thank you both, and235100 & scrathcyboy, for your knowledgeable assistance.
Can you please post the exact solution, or at least what was done to resolve it, it's always helpful to future FAQ searchers.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocols

From novice to tech pro — start learning today.