Home > Possible Infection > Possible Infection Of Atapi.sys

Possible Infection Of Atapi.sys

Corrupted by virus, pay attention not to let you antivirus remove it as it will cause a BSOD (horrible blue screen) Jul974 (further information) the virus is win32.cutwail-ad (trj) At the top of the blue screen it says Kernel Data Inpage Error and then below it says atapi.sys Address F749350C base a F7486000, Date Stamp 4802539d. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. Click the Remove button on the right side. this contact form

It was fixed by hitman pro. If that is the case, then it is likely you will need to replace the associated hardware causing the ATAPI.SYS error. Recommendation: Scan your PC for ATAPI.SYS registry corruption Furthermore, there's a possibility that the ATAPI.SYS blue screen error you are experiencing is related to a component of the malicious program itself. Be advised it is an important file--back it up.

If you see a rootkit warning window, click OK.When the scan is finished, click the Save... These sites distribute SYS files that are unapproved by the official ATAPI.SYS file developer, and can often be bundled with virus-infected or other malicious files. Click on the MSDN Disc 5-associated entry. If updates are available, click the Install Updates button.

  1. I'm going to install some of those apps you mentioned and change my passwords now.
  2. MSDN Disc 5), reinstall the program according to the Microsoft instructions. Step 6: Run Windows System File Checker ("sfc /scannow") System File Checker is a handy tool included with
  3. In the Export Range box, be sure that "Selected branch" is selected.
  4. Search Search for: Categories Blue Screen Of Death DLL Error Fixes Driver Downloads Driver Errors EXE Errors Game Errors General Errors General Fixes Internet Errors iOS Mac OCX Errors Product Reviews
  5. This was one of the Top Download Picks of The Washington Post and PCWorld.
  6. The infection is not detected by AVG free, which let it onto my system.

Click OK.A logfile will pop up. The latest known version of ATAPI.SYS is 1.0.0.0, which was produced for Windows. your Desktop). Thank you. March 31, 2009 16:46 Re: Update fails #5 Top jonath Senior Join Date: 31.3.2009 Posts: 32 Sorry for omissions - now collected here I hope.

You can try using System Restore to see if that helps or not and since you can always undo that action... NEVER A OR CHANGE ANY KEY*]"??"=hex:59,a3,8c,da,6f,c4,42,db,c9,52,2c,a9,d8,61,65,09,65,f2,8a,99,eb,92,39,   6e,1f,33,1b,1a,4f,67,f2,1e,2a,05,8d,49,a0,f4,55,b7,2a,cb,34,95,e4,ac,9c,c3,\"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18.[HKEY_USERS\S-1-5-21-3004086298-4210808346-2734785233-1005\Software\SecuROM\License information*]"datasecu"=hex:95,62,55,45,ab,b3,6d,e0,99,31,55,a1,70,d3,e5,24,b4,b4,99,2a,22,   86,00,85,b1,27,ba,98,0d,92,f9,09,d4,e7,67,00,aa,ff,1a,85,45,ce,f9,1c,2b,8d,\"rkeysecu"=hex:82,4d,e7,56,c3,04,97,08,a6,a8,01,09,27,d7,9b,05.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(932)c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dllc:\windows\System32\BCMLogon.dll.Completion time: Richard Reddy can be infected by Backdoor.tidserv!inf Wildfire (further information) Microsoft patch KB977165 or MS10-015 (Feb'10) originally caused BSOD if this file was infected by the Allureon rootkit. Do you have additional information?

How is the Gold Competency Level Attained? Cheers, SweetTech. 0 #25 SweetTech Posted 02 July 2010 - 06:01 PM SweetTech Sir SpamAlot Retired Staff 7,671 posts Since this issue appears to be resolved ... ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. I have gone in with revo uninstaller and removed several programs that were forced on me.

seems OK Daniel It causes a BSOD Matthew Atapi.sys 5.1.2600.1135 Dude Had a series of BSOD (Blue Screen of Death) starring atapi.sys on a PC http://www.file.net/process/atapi.sys.html Can be infected with rootkits. The logs that you post should be pasted directly into the reply. Also tried updating to SP3 and IE8 but the updates failed.

However, ever since the Virus attack the SATA optical drive is not detected by Windows anymore ... weblink View Answer Related Questions Network : Atapi.Sys Rootkit Since November, there seems to be a nasty new rootkit that modifies your Atapi.Sys file.It jacks your web searches. ... Instructions for Windows 8: Hover the cursor in the bottom left of the screen to produce the Start Menu image. Sometimes resolving your blue screen of death problems may be as simple as updating Windows with the latest Service Pack or other patch that Microsoft releases on an ongoing basis.

Because of the time and complexity involved in updating drivers, we highly recommend using a driver update tool such as DriverDoc (Developed by Microsoft Gold Partner) to automate the process. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. It has done this 1 time(s).29-6-2010 15:48:15, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. navigate here Some of the executables in the firewall permissions list don't appear among those in the AVG 8 folder (avgam.exe, avgnsx.exe) Firewall has no provision for 'safe' Internet addresses.

Thanks,tea Please make a donation so I can keep helping people just like you.Every little bit helps! DO NOT hit ENTER yet! I will check back in a couple of days to see if anyone decided to take a look at this problem.SincerelyMichael Gulsby Share this post Link to post Share on other

ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer.

The firewall warns me that I'm then not protected until I restart. Many AVG update problems have been attributed to a corrupted Winsock/TCP-IP stack. Twice I have gotten the screen that asked how I want to start up - the first time I chose Safe Mode (it didn't start all the way but instead I In light of your recent issue, I'm sure you'd like to avoid any future infections.

Most SYS files allow internal PC hardware or attached hardware, such as a printer, to communicate with third-party software programs (eg. Make Internet Explorer more secure Click Start > RunType Inetcpl.cpl & click OKClick on the Security tabClick Reset all zones to default levelMake sure the Internet Zone is selected & Click Windows XPhttp://www.theeldergeek.com/windows_xp_registry.htm Windows 7http://www.theeldergeek.com/windows_7/registry_edits_for_win7.htm Windows Vistahttp://support.microsoft.com/kb/2688326 - LetMeFixItMyselfAlways Step 3: Conduct a Full Malware Scan of Your PC There is a chance that your ATAPI.SYS STOP error could be related to his comment is here Do not start a new topic.

Edited 1 times. Edited by Adaptor, 06 July 2010 - 11:52 AM. 0 #20 SweetTech Posted 02 July 2010 - 04:56 PM SweetTech Sir SpamAlot Retired Staff 7,671 posts How are things running?Scanning with Even better than before these problems started DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Adaptor at 1:00:16,34 on za 03-07-2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1171 [GMT 2:00]AV: AVG Anti-Virus I am running windows xp pro and i have a 32 bit as well.

Please re-enable javascript to access full functionality. To learn more and to read the lawsuit, click here.