Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem is I don't knwo exactly what my problem is


  • This topic is locked This topic is locked

#1
moneygirl88

moneygirl88

    Member

  • Member
  • PipPip
  • 12 posts
Where do I begin? Okay...

I have a virus on my labptop, Insprion 600m, Windows XP. I don't know which one, however. When I tried to scan it using my Macafee software, it did not detect any problems. My Macafee has since then expired but I still knew something was wrong..

The Symptoms are as follows:
-Losing Control of the touchpad, touch pad freezes up, all whole both of programs open and close on their own, cannnot connect to the internet.

Sooooo, it attempts to fix it, I call Dell Technicians in the hardware department (yes, I realize what a mistake that was now) and they told me I could do a system reinstallation. I opted for this as the other option was to pay $300 to have their software people look at it. Yeah, right... So we did a system reinstallation and almost instantly I KNEW it did NOT get rid of the virus. What's worse is that they ASSURED me that system reinstallation would get rid of ANY issues I had (is this usually true or are they truly totally idiots).

So Now, my computer is naked and I am ALSO have trouble re-installing some my drivers, like my network drivers (I have the driver CD but it just doesn't seem to process). This could be becasue of the virus, but I"m not sure.

I have recnet run a scan through CUREIT and it said it detected a virus by the name of "oeapi.vbs" (anyone know this?) and had deleted it. At least that what it said. I also did a hijack scan which I pasted below.

the reason I am writing this is because...

1) I want to know if oeapi.vbs is a real virus and did CUREIT get rid of it
2) Want to be clear that if this IS a virus and was deleted, wasn't I suppose to turn off something system restore option to ensure it got deleted permanantly?
3) Does my HIJACK log (below) read okay?
4) Was Dell stupid when they told me a reinstallation would get rid of all viruses?
5) Should I try reformatting AND reinstallation together to ensure that I got rid of the virus (someone told me I should try that).

Please let me know, I appreciate anyone/everyones help! I'm so lost / confused/ exhausted!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:47 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Documents and Settings\Renese\Desktop\cureit.exe
C:\DOCUME~1\Renese\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\Renese\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
  • 0

Advertisements


#2
harrythook

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey moneygirl88,
I looked at both of your topics, and I think at this stage you might consider wiping the drive and doing a clean install. Based on the support you recieved and the actions taken so far, it would be prudent to start all over in a totally clean state. It is unfortunate that data is lost in this process, if we had seen your machine before any actions were taken, we might have been able to save some of your information.

I would like you to go back to the original thread you started, and follow the instructions given. I will monitor both threads, and jump in if you ask for more help. This topic will be closed in 10 days.

Good luck, don't worry, help is available :)

Harry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP