Possible Rootkit In The Atapi.sys File
It did so. I definitely value all the pictures, files, etc. Read http://forums.avg.com/ww.avg-free-forum?sec=thread&act=show&id=371, provide all of the information mentioned in that post so that we may help you properly. This allows you to repair the operating system without losing data. Check This Out
My problem was precisely as yours. I suspect that, if you have a Boot CD, like Ultimate Boot CD for Windows (or can make one on another machine), you could probably put the registry entries back. I don't know whether he, too, had a warning about atapi.sys. To my astonishment, I was told I had a rootkit at C:\WINDOWS\system32\drivers\atapi.sys. check my blog
I did so. Then a Malwarebytes box appeared saying something else was trying to do something, so I clicked on Quarantine. The atapi.sys file is a trustworthy file from Microsoft.
- Will have a look at Hitman!
- Brandon (I.T.) (further information) It can be a TDSS pragama rootkit test After scan with ESET NOD32 Antivirus everything is OK.
- Thanks a lot!Is there a Pointsec plugin for UBCB4Win?
- The system returned: (22) Invalid argument The remote host or network may be down.
- I mean...
- I could not even perform a normal shutdown; I would need to power-off my computer and restart it.
- Regedit will save these keys and their subvalues as ".reg" files.6) I put these files on a jumpdrive and plugged it into my desktop.
- I selected a restore point and that brought everything back to normal.
- regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+| lockerdome Malware analyst @
A unique security risk rating indicates the likelihood of the process being potential spyware, malware or a Trojan. Share this post Link to post Share on other sites eseb666 New Member Members 3 posts ID: 3 Posted November 11, 2009 This evening, I ran my usual quick Like you, I hope these postings may call attention to the problem and perhaps get one of the experts to help. Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the 7DISM.exe /Online /Cleanup-image /Restorehealth command.
It was a very smooth process.2) I started my poor desktop computer and went into BIOS by pressing DEL immediately. Click here to Register a free account now! My virus scann and removal software used to remove MSA.exe also killed this file. additional hints Ubuntu : MRTG Updated Config file and need to restart Virus : Got infected by hao123 OS : Windows 7 BSOD after 1.5 years, can't boot OS : Windows 7 system
That happened several times, after which I rebooted, or tried to. A "Quick Scan" with Malwarebytes did a pretty good job of removing this program from the computer, although I still see directories and shortcuts for it on my computer, and when Share this post Link to post Share on other sites Kahai New Member Members 11 posts ID: 6 Posted November 11, 2009 I thought I'd add my five cents Ashampoo is the better of the two you listed so that is what I'd suggest you use unless you don't like it for some reason.
Always remember to perform periodic backups, or at least to set restore points. https://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/replacing-atapisys-due-to-rootkit-infection/6d43c333-544b-4139-89e1-07f2aa21e1cb?db=5 To help you analyze the atapi.sys process on your computer, the following programs have proven to be helpful: ASecurity Task Manager displays all running Windows tasks, including embedded hidden processes, such I had no symptoms that suggested a problem. Archived from the original on 21 November 2010.
Windows XP fully updated Using AVG 8 Free version 8.0.100 Database 269.23.7/1410 2 Mb Broadband connection via cable from virginmedia.com in UK Windows XP firewall off. his comment is here Unfortunately, whatever I did when I told Malwarebytes to remove the supposed malware and then quarantine the additional malware it claimed was trying to start has really totally disabled my computer. From there, in the UBCD OS, I chose Start>Program Files>Registry Editors>Regedit (remote). on my computer, so I know how you feel.
I also posted a developer mode scan in the above thread.I believe it to be a false positive. Wait for a couple of minutes. 7. Follow rebooting instructions to rid of the remaining infected entries in your system. this contact form O/S= OEM XP Home Edition + SP2 and updates as of 3May 08.