I have a virus on my labptop, Insprion 600m, Windows XP. I don't know which one, however. When I tried to scan it using my Macafee software, it did not detect any problems. My Macafee has since then expired but I still knew something was wrong..
The Symptoms are as follows:
-Losing Control of the touchpad, touch pad freezes up, all whole both of programs open and close on their own, cannnot connect to the internet.
Sooooo, it attempts to fix it, I call Dell Technicians in the hardware department (yes, I realize what a mistake that was now) and they told me I could do a system reinstallation. I opted for this as the other option was to pay $300 to have their software people look at it. Yeah, right... So we did a system reinstallation and almost instantly I KNEW it did NOT get rid of the virus. What's worse is that they ASSURED me that system reinstallation would get rid of ANY issues I had (is this usually true or are they truly totally idiots).
So Now, my computer is naked and I am ALSO have trouble re-installing some my drivers, like my network drivers (I have the driver CD but it just doesn't seem to process). This could be becasue of the virus, but I"m not sure.
I have recnet run a scan through CUREIT and it said it detected a virus by the name of "oeapi.vbs" (anyone know this?) and had deleted it. At least that what it said. I also did a hijack scan which I pasted below.
the reason I am writing this is because...
1) I want to know if oeapi.vbs is a real virus and did CUREIT get rid of it
2) Want to be clear that if this IS a virus and was deleted, wasn't I suppose to turn off something system restore option to ensure it got deleted permanantly?
3) Does my HIJACK log (below) read okay?
4) Was Dell stupid when they told me a reinstallation would get rid of all viruses?
5) Should I try reformatting AND reinstallation together to ensure that I got rid of the virus (someone told me I should try that).
Please let me know, I appreciate anyone/everyones help! I'm so lost / confused/ exhausted!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:47 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Documents and Settings\Renese\Desktop\cureit.exe
C:\DOCUME~1\Renese\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\Renese\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe