[moneygirl88]

Where do I begin? Okay...

I have a virus on my labptop, Insprion 600m, Windows XP. I don't know which one, however. When I tried to scan it using my Macafee software, it did not detect any problems. My Macafee has since then expired but I still knew something was wrong..

The Symptoms are as follows:
-Losing Control of the touchpad, touch pad freezes up, all whole both of programs open and close on their own, cannnot connect to the internet.

Sooooo, it attempts to fix it, I call Dell Technicians in the hardware department (yes, I realize what a mistake that was now) and they told me I could do a system reinstallation. I opted for this as the other option was to pay $300 to have their software people look at it. Yeah, right... So we did a system reinstallation and almost instantly I KNEW it did NOT get rid of the virus. What's worse is that they ASSURED me that system reinstallation would get rid of ANY issues I had (is this usually true or are they truly totally idiots).

So Now, my computer is naked and I am ALSO have trouble re-installing some my drivers, like my network drivers (I have the driver CD but it just doesn't seem to process). This could be becasue of the virus, but I"m not sure.

I have recnet run a scan through CUREIT and it said it detected a virus by the name of "oeapi.vbs" (anyone know this?) and had deleted it. At least that what it said. I also did a hijack scan which I pasted below.

the reason I am writing this is because...

1) I want to know if oeapi.vbs is a real virus and did CUREIT get rid of it
2) Want to be clear that if this IS a virus and was deleted, wasn't I suppose to turn off something system restore option to ensure it got deleted permanantly?
3) Does my HIJACK log (below) read okay?
4) Was Dell stupid when they told me a reinstallation would get rid of all viruses?
5) Should I try reformatting AND reinstallation together to ensure that I got rid of the virus (someone told me I should try that).

Please let me know, I appreciate anyone/everyones help! I'm so lost / confused/ exhausted!!

 HiJackThis_log.txt   1.8KB   127 downloads
--
End of file - 1874 bytes

Edited by wannabe1, 23 February 2008 - 07:04 PM.

[Advertisements]

Hi:

Please go to the Malware section of this forum and follow the instructions at the top. Especially the Click Here link. That will give you several steps that will help you clean up most of all problems by yourself. If at the end of the cleanup process you are still having difficulty, and you may not be, then post a hijackthis log in THAT forum.

Please be patient as the "Malware Forum" is a very busy place and a two or three day wait is not unusual.

If you are still having problems after getting a clean bill of health from the Malware Section, please return to this thread. Please do not post a HiJackThis log in this thread unless asked to do so and then only as an attachment. To attach log, when requested, either change the .log extension to .txt, or put the log into a compressed (zipped) folder.

Please post back if your problem has been solved.

Ron

[Major Payne]

Hi:

Please go to the Malware section of this forum and follow the instructions at the top. Especially the Click Here link. That will give you several steps that will help you clean up most of all problems by yourself. If at the end of the cleanup process you are still having difficulty, and you may not be, then post a hijackthis log in THAT forum.

Please be patient as the "Malware Forum" is a very busy place and a two or three day wait is not unusual.

If you are still having problems after getting a clean bill of health from the Malware Section, please return to this thread. Please do not post a HiJackThis log in this thread unless asked to do so and then only as an attachment. To attach log, when requested, either change the .log extension to .txt, or put the log into a compressed (zipped) folder.

Please post back if your problem has been solved.

Ron

[Ztruker]

If you did a full system restore, then your problem is not virus related. The Dell full restore wipes the hard drive completely then reinstalls XP. There is no way a virus can survive that.

If you did a Repair Install, where all your personal data was left intact, then yes, the virus (if there is one) is most likely still there and active and the Malware forum is the place to be.

[moneygirl88]

it was definitely full restore becasue I lost everything, lol. I just ran a virus scan though after it and did find something on my computer (oeapit.vbs) so it didn't get rid of everything. In any case, I still think my real problem is still somewhere in the computer, virus or not. I will be reposting this problem in malware location where they said I should and try to get help there. I appreciate your help!

[Ztruker]

moneygirl88, I guarantee if the drive was formatted then everything was gone. What is probably happening is you are being reinfected once the install is complete.

Do you have any anti-virus software installed? Is the Windows Firewall (or some other) running?

The malware forum is the right place for now, though I did not find any info on oeapit.vbs that you mentioned.

Good luck!

[Major Payne]

If you did a full system restore, then your problem is not virus related. The Dell full restore wipes the hard drive completely then reinstalls XP. There is no way a virus can survive that.

If you did a Repair Install, where all your personal data was left intact, then yes, the virus (if there is one) is most likely still there and active and the Malware forum is the place to be.

Doing only a Restore from the manufacturer's disc doesn't catch any root-kits in the boot sector as the HD is not formatted in a normal manner for the Recovery disc to work.

Only doing a real and full re-install will more than likely wipe all viruses out except possibly for some root-kits.

Ron

[Ztruker]

Good point Ron, thanks. moneygirl88, my apologies.

[harrythook]

I think an overwrite is required before the re-install, if a bad root'ie is in there

Just a suggestion

H

[Major Payne]

I think an overwrite is required before the re-install, if a bad root'ie is in there

Just a suggestion

H

Me too. Although the malware guys ought to look at it first before doing it.

Ron

Edited by Major Payne, 23 February 2008 - 07:59 PM.

[Ztruker]

I was looking for a disk wipe program that I remember reading about before and just found it. It's called DBAN (Darik's Boot and Nuke). It's a SourceForge project and all I've heard about it is good.

Get it here: http://dban.sourceforge.net/

Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
GEEP Logo

DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.

It's available for diskette or CD/DVD.

[harrythook]

Just a note:
oeapi.vbs
Indicates that there is a problem, if flagged by a scanner. Usually coupled with other malware, and the .vbs has a great pic in it (NOT FOR CHILDREN!)

Since the machine was already partially nuked, I think a wipe and reload is in order.

If it's ok I'll send the user back here

Harry

[Ztruker]

Harry, was there any indication of a root kit that requires a complete wipe of the drive (like DBAN) or will a format during the install be sufficient?

[harrythook]

Hey Ztruker,
I replied to your note
My preference in a situation like this is to ensure that there is no lingering proplem, so I overwrite the entire drive.
Be sure to include in your instruction that a valid OS disk is needed, A/V's need to be re-installed, ect.
I will watch this, and I think you will do OK helping out here

Harry

[Ztruker]

Got a response from Harry via PM and he thinks a wipe then reinstall is in order.

First, physically disconnect from the Internet unless your XP Install CD is at the SP2 level, otherwise you stand a chance of being reinfected before you get a firewall installed.

Do the following:

• If your XP CD is at the SP1 level, download SP2 here and put it on a CD: http://www.microsoft...;displaylang=en
• Download DBAN from here: (diskette or CD iso version, your choice): http://dban.sourceforge.net/
• Boot the CD or diskette and follow instructions. The DBAN web site also has directions and pictures on how to use it.
• Boot your XP CD and start the install. The Microsoft Windows installer will automatically create a partition and file system during installation.
• Immediately install SP2 if it's not on your install CD.
• This would be a good time to install your Anti-virus software as well, though the firewall is more important at this point.

Now plug back into the Internet and install all the Windows Updates.

This would be a great time to open System Restore, delete all existing restore points and create a new one.

• Click on Start, Run, Accessories, System Tools and finally System Restore.
• Click on System Restore Settings on the left.
• Check Turn off System Restore on all drives then click Apply. That deletes all existing restore points.
• Uncheck Turn off System Restore on all drives then click Apply. That will create a new restore point.

This is also an excellent time to setup a good backup strategy. A good sized hard drive in an external USB 2.0 enclosure would be perfect. Then you can buy software like Acronis True Image, Norton Ghost or use freeware like DriveImage XML (this is what I use) to backup the entire hard drive. This makes future recovery a piece of cake.

Take a full backup now, before installing any applications. Install all your apps then take another backup. Keep the backup current when ever you make any significant changes and you'll never be at the mercy of malware or hardware failure again. Recovery will be only an hour or so away.

Food for thought: If your CD is at the SP1 level, you can create a new XP CD slipstreamed with SP2 then use it to install with. If you're interested, here are some directions:

The simplest way to create a Bootable Windows XP Pro or Home Installation CD Slipstreamed with SP2 is to use Autostreamer. You point to your XP Pro/Home CD, the SP2 Service Pack .exe file, give it a path to write the .iso file to and off it goes. In 5 or 10 minutes you have a .iso file that you can burn to CD with almost any CD burner program you want to use. I used Roxio 7. There is a good freeware burner called DeepBurner which will do this also.

Here is the link to Autostreamer:
http://www.softpedia...ostreamer.shtml

You can download the SP2 .exe here:
http://www.microsoft...;displaylang=en

[moneygirl88]

Wow, that' s a lot of inforamtion, lol. I greatly appreciate your help thought! Let me just make sure I understand what it is you want me to do:

-So first, I should download this DBAN software onto either a disk or USB? (I chose USB as the computer I am on, does not allow for burning).
-Then, 2, do a full reinstallation again using my XP Service Pack 2 Installation CD (I have SP 2 so no worries on that!)?
-3rd, add back all my drivers, utlity and apps (not sure which ones to download so I may need some assistance on that, but I will try and call Dell first once I get there).
-and then so, this should help get rid of any/all problems on my PC?

If I have that right then what I did is I have saved the DBAN software on my USB. The directions say that you have to boot the software before you stars Windows XP which I believe I can do by pressing F12 when I start my computer (right?). Here's the problem: When i do this , it's asking for me to choose from the list of where to boot but when I click on "USB Drive", I get some funky error and it won't open. Am I doing this wrong? Will it just not work? I can try to download the DBAN software again, tomorrow on a computer that DOES allow be to burn it on a CD, but I just want to make sure my thinking is right here. Am I going about this the right way or can I just log on to my computer as normal and then run the DBAN?

Again, I appreciate all your help and look forward to your response!