Bios malware infecting cmd.exe?

Troubles began with an infection by the Online Games Password Stealer and SysVenfaKU.  I could not remove them because they kept repropagating out, so I deleted partition and reinstalled XP and fully updated from Windows Update.  I updated bios by flashing.

Windows boots, but I am seeing a cmd.exe window open on bootup and don't know where it's coming from.  It should not be there at all.  And the dos prompt in this window looks odd.  I get a blinking cursor followed by a period (to the right).  The period cannot be deleted.

This reminds me of a symptom of a very old virus, maybe the NIMDA virus that was hitting IIS servers.

Does this ring a bell with anyone?

Can anyone explain the odd dos prompt cusror/period?
grj2000Asked:
Who is Participating?
 
and235100Connect With a Mentor Commented:
Check out the startup locations given here:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Miscellaneous/WindowsProgramStartupLocations.html

If you do a clean boot (http://support.microsoft.com/kb/310353), does the cmd window appear.

Sometimes a format does not remove a virus on a hard disk.
If viral activity is suspected - run a full DBAN pass over your hard disk (this will remove ALL data on your disk):
http://dban.sourceforge.net/ 
Then - reinstall Windows.

Bios viruses have all but died out - I have not seen an infection in years.
0
 
orangutangCommented:
0
 
rpggamergirlCommented:
Hijackthis scan and showing us the logfile as orangutang had suggested is a very good start for our diagnosis.

It's also possible that this is an MBR virus or a rootkit, there has been reported cases recently for these.
IF it's an MBR virus/rootkit, then running the Recovery Console and running the Fixmbr command should fix it.

If it's not an MBR virus or rootkit, then it should show up in the logs(if not in hijackthis, in some other logs like a Combofix log).
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
scrathcyboyConnect With a Mentor Commented:
when you say, you deleted the parition, did you first remove ALL partitions from the hard drive?  You see, XP does not clean the boot sector either, and that is probably where the virus is residing.  If you are not too far ahead of your new install, this methodology will GUARANTEE that the disk is totally cleansed --

Go to a different system, go to www.bootdisk.com/bootdisk -- download their WIN98SE boot disk, you will also need FDISK and format for 98 Se to go on the boot disk.  You must be certain this system is free of any viruses.  Cut the boot disk to floppy, att FDISK.exe and format.com to it.  OPen the tab to write protect it.

Now go to your infected PC with boot disk in hand, boot from write protected floppy, run FDISK, and remove all partitions on your hard disk.  Now reboot to floppy, run this command --

FDISK /MBR

then load FDISK again from the A: prompt.  Now make as many partitions of 120GB or less to use up all space on the drive -- choose Y for large disk and format them FAT32.  When you format the partitions, make sure you use the command --

Format C: /s   -- to put the system files on the C drive.

This will guarantee a cleansed disk.
0
 
and235100Commented:
The alternative, one step option is as I stated earlier - use DBAN to completely wipe the disk...
0
 
grj2000Author Commented:
this vexing problem actually took a combination of the 2 techniques to resolve.  so thank you both, and235100 & scrathcyboy, for your knowledgeable assistance.
0
 
rpggamergirlCommented:
Can you please post the exact solution, or at least what was done to resolve it, it's always helpful to future FAQ searchers.
0
All Courses

From novice to tech pro — start learning today.