Wow. I've done a bunch of Googling, and still can't figure this out. Was hoping to get some feedback from the braintrust here on IM.

So, my brother got some kind of virus - he thinks he got it from something on Digg. Anyway, the thing jacked up his computer something fierce. Within 2-3 minutes of booting it up, it's essentially FUBAR. Pop-ups, alerts that a trojan is running rampant through his system, the whole nine. He was beyond wanting to try and fix the virus - we planned on just nuking the hard drive and starting with a fresh install.

So I go into the BIOS, switch the boot order so that the CD/DVD drive boots first, throw in the XP Recovery Disk - and turn the computer on. I get nothing but a blinking cursor. (Hitting buttons and waiting for something to happen... and nothing.)

After trying that 3-4 times, we tried to go the other way, and boot Windows in safe mode. Trying to boot into safe mode, tapping F8... and doing that gets me the same blinking cursor. Can't even get to the menu where it asks me if I want to boot in safe mode, last known successful config, nothing. Just that damn blank screen with that damn blinking cursor.

Everything I've tried has failed - if anyone has some other things I could try, I'd be beyond grateful for the help.

UPDATE: Ended up being able to get into safe mode by updating boot.ini via msconfig. It's now in the middle of a command line scan with the antivirus. The only thing I'm noticing is that there are quite a few files popping up as, "File Locked - Not tested." Not sure if that's normal, but we've decided to let the scan do its thing and come back to it in the morning.

I'm sure someone else will probably have a better option, but you could pull his HDD out and set it up as a slave on another computer, then hit it with the usual anti-virus and anti-malware.

I'm sure someone else will probably have a better option, but you could pull his HDD out and set it up as a slave on another computer, then hit it with the usual anti-virus and anti-malware.

Well, it sounds like an aggressive virus. It'll likely spread if you slave it to another comp, but if you have a drive, or can make one, that you don't care about. Either way, I wouldn't trust an antivirus program to take it out. Format or clean it manually if you can. Find out what it is first, it's got to have at least one exec running that you can find and search. You'll likely have a long road of random generated redundancy ini's, other system files, reg keys, and whatever else. If you're lucky, you can get far enough on the first boot to stop it from auto running, that'll make it easier to clean it. If there's nothing that needs rescuing, format it and count yourself lucky.

Edit: Once you find a piece, trace it using Hijackthis or the Decker system analyzer. Those might provide a good starting off point as well. You'll probably need killbox to take out the blocked files. Remember, get as far as you can on the first boot, if you reboot to clean blocked files and you miss some, you'll likely start from step 1 again. Not 100% that it has that much staying power, but that's been my experience with ones so adapt at blocking you out.

If you want to post a hijackthis log, I'll look over it. Either way, getting hijackthis on and running might be more effort than its worth :P

If you're aiming to copy or backup his files, a Linux LiveCD will allow you to copy files while being protected. (just don't forget to treat any files from his PC as if they're all infected, he'll need anti-virus before using any of his old files again)

As for the blinky-cursor problem, is the computer running in SATA AHCI mode?

"File locked - not tested" means he's likely had a rootkit installed by the virus. I recommend a complete nuke. :/

Slave the hdd on an machine with NOD32 already installed and updated. Scan and clean the drive three tines. Then run Windows repair on it inside the original box.

I'd pull out the battery on your Mobo, and reset the BIOS values, and then adjust boot order to CD/DVD. As others have suggested, slaving it under another system and clearing it is also wise.

Once clean, retrieve files, and nuke the site from orbit. It's the only way to be reasonably sure of no bad sequels; but it's not a guarantee.

Don't forget to login to the cleaning machines as a non administrator and UAC activated. Or use a spare hdd, install Ubuntu, Install ClamAV, slave windows Hdd and clean it up.

That is one hell of a virus.

BURN IT!!!! BURN IT ALL DOWN!!!! CLEANSING FIRE IS THE ONLY WAY!!!!

Or fix it like you did. Sounds like you got it handled, I just want to see a burning computer right now, for some strange reason...

Thanks for all the suggestions thus far. I haven't gotten to do anything more with my bro's compy at this point, as I've been working pretty much nonstop for the past couple days. I'll be taking these to heart and doing what I can - and then checking in with results.

I kinda feel bad for the kid. He just bought the computer a couple months ago... he just needs to be smarter about his websurfing. I mean, in the short time (2.5 months) he's had his computer he's had his WoW account phished, and now this. I need to teach the kid how to stay the fuck away from (and identify) malicious bullshit.

Thanks for all the suggestions thus far. I haven't gotten to do anything more with my bro's compy at this point, as I've been working pretty much nonstop for the past couple days. I'll be taking these to heart and doing what I can - and then checking in with results.

I kinda feel bad for the kid. He just bought the computer a couple months ago... he just needs to be smarter about his websurfing. I mean, in the short time (2.5 months) he's had his computer he's had his WoW account phished, and now this. I need to teach the kid how to stay the fuck away from (and identify) malicious bullshit.
Takes my brother all of 2 weeks to completely douse his computer in internet horse shit. I wish he was smarter than that, but sometimes people can't tell dangerous porn from not dangerous porn.

Takes my brother all of 2 weeks to completely douse his computer in internet horse shit. I wish he was smarter than that, but sometimes people can't tell dangerous porn from not dangerous porn.

My brother's problem is the shit that promises him free shit. He falls prey to the "3x XP weekend!" and "Free week of WoW!" way, WAY too easily.

Linux Live CD or maybe a UBCD. You could also try grabbing SmitfaudFix, Combofix, & SDFix, booting into Safe Mode (if possible), installing/using them in the above order. They might clean up some. Otherwise, I like what others suggested. Pull out the drive and clean it on another machine.

Wait, you mentioned nuking the hard drive, and nobody mentioned that it must be done from orbit, since that is the only way to be sure? Sigh. Disappointment.

Your brother and my mom are like that. I was over visiting a week or two ago and I hear my mom, from her laptop, go, "Hey Bill (my dad), we just got an e-mail saying that our payment didn't go through. I guess we need to fix it. It says it's from the Electronic Funds Transfer Department."

I set her straight, but I was really shocked that a frequent surfer like my mom almost fell for it. It made me wonder what she clicks on when I am not there.

You don't want to think about what she clicks. Because then you will want to install Net Nanny or some other PITA software to over protect her.

So... after doing a few more command line scans and getting nowhere, I'm still stuck. My brother informs me that opening the case isn't an option - he bought his PC from a place called CyberPower, and apparently opening the case voids his warranty. Normally, he wouldn't care, but he's read that the parts on CyberPower PCs have a tendency to break down.

It's a catch-22... just waiting for him to make his choice. Obviously, if his PC is so virused out that he can't do anything, that warranty doesn't really mean much.

It's kind of frustrating to deal with. I'm almost ready to just tell him to find someone else to help him out. (And to be fair, past this point finding another more knowledgeable person might be a better path to take anyhow.)

Wait, you mentioned nuking the hard drive, and nobody mentioned that it must be done from orbit, since that is the only way to be sure? Sigh. Disappointment.
Once clean, retrieve files, and nuke the site from orbit. It's the only way to be reasonably sure of no bad sequels; but it's not a guarantee.
...at least your disappointment was only passing

Fun problem resolution time!

Turns out that even though I was trying to use the exact same XP install disc (a legit one, mind you) that I did the first time we installed it on his fresh system, it was the disc that was the problem.

Ended up buying him an early Festivus gift of Windows 7 - popped that in and it booted from disc no problem. Didn't have to void his warranty by cracking the case, nuked the hard drive, and you'll be damn sure the first thing we did after 7 was done installing is get some decent anti-virus on that shit.

Since we didn't pull the HDD and nuke from orbit, I know that there's a slight chance of a problem showing back up - as far as we can tell for now though, we're in the clear. Thanks for the help, everyone. Seriously. It's nice to know I can turn to you guys in a time of need. :)

Pseudo, please install ADBlock Plus on his computer, that way you seriously reduce his chances of clicking on this garbage. I always install it on any computer inept person's computer as a preventative measure.