Home > Possible Rootkit > Possible Rootkit In The Atapi.sys File

Possible Rootkit In The Atapi.sys File

It did so. I definitely value all the pictures, files, etc. Read http://forums.avg.com/ww.avg-free-forum?sec=thread&act=show&id=371, provide all of the information mentioned in that post so that we may help you properly. This allows you to repair the operating system without losing data. Check This Out

My problem was precisely as yours. I suspect that, if you have a Boot CD, like Ultimate Boot CD for Windows (or can make one on another machine), you could probably put the registry entries back. I don't know whether he, too, had a warning about atapi.sys. To my astonishment, I was told I had a rootkit at C:\WINDOWS\system32\drivers\atapi.sys. check my blog

I did so. Then a Malwarebytes box appeared saying something else was trying to do something, so I clicked on Quarantine. The atapi.sys file is a trustworthy file from Microsoft.

  • Will have a look at Hitman!
  • Brandon (I.T.) (further information) It can be a TDSS pragama rootkit test After scan with ESET NOD32 Antivirus everything is OK.
  • Thanks a lot!Is there a Pointsec plugin for UBCB4Win?
  • The system returned: (22) Invalid argument The remote host or network may be down.
  • I mean...
  • Reuters.
  • I could not even perform a normal shutdown; I would need to power-off my computer and restart it.
  • Regedit will save these keys and their subvalues as ".reg" files.6) I put these files on a jumpdrive and plugged it into my desktop.
  • I selected a restore point and that brought everything back to normal.
  • regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+| lockerdome Malware analyst @

A unique security risk rating indicates the likelihood of the process being potential spyware, malware or a Trojan. Share this post Link to post Share on other sites eseb666    New Member Members 3 posts ID: 3   Posted November 11, 2009 This evening, I ran my usual quick Like you, I hope these postings may call attention to the problem and perhaps get one of the experts to help. Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the 7DISM.exe /Online /Cleanup-image /Restorehealth command.

It was a very smooth process.2) I started my poor desktop computer and went into BIOS by pressing DEL immediately. Click here to Register a free account now! My virus scann and removal software used to remove MSA.exe also killed this file. additional hints Ubuntu : MRTG Updated Config file and need to restart Virus : Got infected by hao123 OS : Windows 7 BSOD after 1.5 years, can't boot OS : Windows 7 system

That happened several times, after which I rebooted, or tried to. A "Quick Scan" with Malwarebytes did a pretty good job of removing this program from the computer, although I still see directories and shortcuts for it on my computer, and when Share this post Link to post Share on other sites Kahai    New Member Members 11 posts ID: 6   Posted November 11, 2009 I thought I'd add my five cents Ashampoo is the better of the two you listed so that is what I'd suggest you use unless you don't like it for some reason.

Always remember to perform periodic backups, or at least to set restore points. https://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/replacing-atapisys-due-to-rootkit-infection/6d43c333-544b-4139-89e1-07f2aa21e1cb?db=5 To help you analyze the atapi.sys process on your computer, the following programs have proven to be helpful: ASecurity Task Manager displays all running Windows tasks, including embedded hidden processes, such I had no symptoms that suggested a problem. Archived from the original on 21 November 2010.

Windows XP fully updated Using AVG 8 Free version 8.0.100 Database 269.23.7/1410 2 Mb Broadband connection via cable from virginmedia.com in UK Windows XP firewall off. his comment is here Unfortunately, whatever I did when I told Malwarebytes to remove the supposed malware and then quarantine the additional malware it claimed was trying to start has really totally disabled my computer. From there, in the UBCD OS, I chose Start>Program Files>Registry Editors>Regedit (remote). on my computer, so I know how you feel.

I also posted a developer mode scan in the above thread.I believe it to be a false positive. Wait for a couple of minutes. 7. Follow rebooting instructions to rid of the remaining infected entries in your system. this contact form O/S= OEM XP Home Edition + SP2 and updates as of 3May 08.

March 31, 2009 16:46 Re: Update fails #19 Top jennie Senior Join Date:

When corrupted, it redirects HTTP traffic at system root level from ‘any’ browser to spam websites seeking traffic attention and redirects search results to websites like http://z7432632.cn KGB-dupe (further I don't know whether he, too, had a warning about atapi.sys. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

We recommend SecurityTaskManager for verifying your computer's security.

I'm not able to boot the computer. I tend to act on an impulse when I find something on my computer and usually want to quarantine or delete infections right away, especially if I see a rootkit warning Many AVG update problems have been attributed to a corrupted Winsock/TCP-IP stack. I did notice the disclaimer about running it only at the request of an expert in malware removal, but I went ahead and ran it anyway. (It was only after finding

What do you know about atapi.sys: How would you rate it: < Please select > important for Windows or an installed application (++) seems to be needed (+) neither dangerous nor I'm not sure that I have a Windows CD, nor how I might go about using it if I do. Like you, I hope these postings may call attention to the problem and perhaps get one of the experts to help. http://scvanet.org/possible-rootkit/possible-rootkit-not-exactly-sure-atm.html now what should i do to completely remove the Virus ...

Anyway, I'll be looking at this thread to see if I should leave these files alone or not. I'm heartsick. Retrieved 16 March 2016. ^ "Operation Ghost Click". Some help would be nice.

Three registry entries were also involved. Thanks in advance.About half an hour ago Malwarebytes finished scanning and on my computer it also found a rootkit located at C:\WINDOWS\system32\drivers\atapi.sys... Your computer would be much better off without many of these ‘junk’ files.  These files serve only to pile up and consume valuable space, which slows the speed of your computer.  News.cnet.com.

Share this post Link to post Share on other sites Swandog46    Elite Member Moderators 956 posts ID: 12   Posted November 11, 2009 Please take no action on the file, Even better would be the ability to create an image NOW. Three registry entries were also involved. I'm working on this, and I'll report back on it.

Richard Reddy can be infected by Backdoor.tidserv!inf Wildfire (further information) Microsoft patch KB977165 or MS10-015 (Feb'10) originally caused BSOD if this file was infected by the Allureon rootkit. The infection is not detected by AVG free, which let it onto my system. I was prompted to select from the User names on my system; I chose Administrator. In fact, my computer seemed to become unresponsive after running GMER.