Fix Possible Rootkit In The Atapi.sys File Tutorial

Home > Possible Rootkit > Possible Rootkit In The Atapi.sys File

Possible Rootkit In The Atapi.sys File

NOTE: Recent updates to some versions of Windows won't allow this util to backup the registry so ignore any errors you may get and perform the registry backup manually if needed. Even though I could not save the log file after a scan, the scan did produce the following two entries which to my untrained eye look noteworthy:File C:\WINDOWS\system32\DRIVERS\serial.sys suspicious modificationFile C:\WINDOWS\system32\drivers\atapi.sys This is a windows file but can be infected by a Win32 Virus Olmarik.RF AlphaOne Without it windows cannot access the IDE hard drive. Situation is still the same with connection to server failed.

March 31, 2009 16:46 Re: Update fails #11 Top jagger Novice Join Date: 31.3.2009 Posts: 34 check over here

When corrupted, it redirects HTTP traffic at system root level from ‘any’ browser to spam websites seeking traffic attention and redirects search results to websites like http://z7432632.cn KGB-dupe (further Unfortunately, I can't get the Drivers and Utilities disk or the Emergency Boot Disk to work. Book your tickets now and visit Synology. If you by chance know that your atapi.sys is infected, run ComboFix.

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. I found a website with information on it. I'm grateful to you for responding. Share this post Link to post Share on other sites rchusid    New Member Members 7 posts ID: 16   Posted November 11, 2009 I have the same problem.

Corrupted by virus, pay attention not to let you antivirus remove it as it will cause a BSOD (horrible blue screen) Jul974 (further information) the virus is win32.cutwail-ad (trj) That happened several times, after which I rebooted, or tried to. Select "Fix the system registry to that of a previous state" click NextAll of your restore points should be listed, I chose the latest on ( Restore Point 223 (11/10/2009 )) My virus scann and removal software used to remove MSA.exe also killed this file.

as well as three registry entries and a backup file. The driver can be started or stopped from Services in the Control Panel or by other programs. Took the actions suggested by rdsok. But I can do neither, since I can't select any of the options on the disk.

Is there a simple utility I can download which will allow me to fix the registry in a different installation of windows? Share this post Link to post Share on other sites mountaintree16    Forum Deity Honorary Members 7,867 posts Location: USA Interests: Hiking, music, birds, bird watching, walking, reading, animals, fishkeeping, computer regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+| lockerdome Malware analyst @ You cannot just delete it.

  1. As I'm running off of a different installation of Windows simply running regedit won't help to fix the registry which had the keys removed.
  2. Use the 6resmon command to identify the processes that are causing your problem.
  3. Although existing security software on a computer will occasionally report the rootkit, it often goes undetected.
  4. After reading what you've said, I'm beginning to think that it may be a false positive.

click Yes ( default answer is No )A list of files that have been renamed is shown.Click FinishThanks, Dave! https://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/replacing-atapisys-due-to-rootkit-infection/6d43c333-544b-4139-89e1-07f2aa21e1cb?db=5 Seek professional help. So more information would be helpful before I come to a conclusion. Alex F Atapi.sys is shown as specious modification when it is infected MOHANRAJ R gives me a blue screen once a day elvis This file is

Retrieved 2010-02-18. ^ a b c "Microsoft Security Bulletin MS10-015 - Important". http://computersciencehomeworkhelp.net/possible-rootkit/possible-rootkit-or-am-i-just-paranoid.html This opened up a Regedit window.7) I confirmed that the \atapi keys were, in fact, missing. Replace RAM and your laptop will spark right up. BSOD occurs Ned 04-Nov-2009 This file is highly susceptible and could become a venom for spyware and attackers at systems grass root level.

View Answer Related Questions Video Imaging Display : Is It Possible To Use A Tv As A Monitor I was just wondering if it is Possible to buy a LCD gh An established virus program that attaches itself to your system’s C drive is known to cause the atapi.sys error. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? this content I don't know what to do.

I ran a "Full Scan" with Malwarebytes, and it did find some additional infections, but TDSSKiller still indentified a rootkit infection in the atapi.sys file.Confession time: I found a web site It is an essential Windows system file. Tony used for optical drives, ie.

Follow rebooting instructions to rid of the remaining infected entries in your system.

I suspect that, if you have a Boot CD, like Ultimate Boot CD for Windows (or can make one on another machine), you could probably put the registry entries back. I navigated to the \atapi keys that had been deleted on my desktop. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, Some time after TDL-2 became known, emerged version three which was titled TDL-3.[10] This lead eventually to TDL-4.[11] It was often noted by journalists as "indestructible" in 2011, although it is

I had no symptoms that suggested a problem. Later version two appeared known as TDL-2 in early 2009. I'm heartsick. have a peek at these guys I also have another method to get back to the AVG 7.5 and uninstall etc ...

All Rights Reserved. When the scan did run to completion, my computer would hang when I tried to save the log file. I ran TDSSKiller after running ComboFix, and at that time it did indicate that there were no infected objects, but now when I run TDSSKiller it once again indicates that there The replacement included some evil redirections.

Several functions may not work. A few years ago Windows XP crashed and I wound up reinstalling. it's impossible to know what websites are even safe to visit anymore! Share this post Link to post Share on other sites Kahai    New Member Members 11 posts ID: 6   Posted November 11, 2009 I thought I'd add my five cents

Like you, I hope these postings may call attention to the problem and perhaps get one of the experts to help. Is one way of sorting it to connect my pals HD to my PC so that I can see all the files including Windows (XP) and deleting the file from the birdface 12:59 26 Apr 12 Looks like HitmanPro can remove it give that a try. I don't know what to do.

View Answer Related Questions Os : Win7 Bsod On Boot, Crashes At Avgidsxx.Sys, Classpnp.Sys I just upgraded my system from an old Q6600 to i7-2600K, replacing motherboard, CPU, CPU cooler, and I'm grateful to you for responding. OffPot Sometimes it is infected with Packed.Protector.C, in that case you will have to replace it with the original file, for which you will need the Windows Recovery CD. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Please try the request again. I did so. Damon We will see!

The old, unstable version of Windows is still there and I can boot into it. Next select Show Results to see the list of all possible infections that Malwarebytes has detected Select the virus and click the Remove Selected tab. My problem was precisely as yours. View Answer Related Questions Os : Dual Boot Nuked By A Possible Virus The problem is that somehow the whole C:\Boot was deleted, I'm guessing a Virus cleanup gone wrong ...