Home > Possible Rootkit > Possible Rootkit In The Atapi.sys File

Possible Rootkit In The Atapi.sys File

Share this post Link to post Share on other sites Misuzu Kamio    New Member Members 3 posts ID: 2   Posted November 11, 2009 This evening, I ran my usual Colin (further information) search engine redirection Shishir virus if wrong size and current date related to pcsecurity hoax program Dave Hill My Norton Classified this file There is one twist on this. Some of the executables in the firewall permissions list don't appear among those in the AVG 8 folder (avgam.exe, avgnsx.exe) Firewall has no provision for 'safe' Internet addresses. navigate here

The second problem was that Internet Explorer windows with ad sites started popping-up without any action on my part. Bob was my uncle! I tried Start Windows Normally, and then I tried Go Back to Last Known Good Configuration, and then I tried Safe Mode. Plus, if you delete it, it just comes back. http://www.bleepingcomputer.com/forums/t/316486/possible-rootkit-in-the-atapisys-file/

Financial Post. 2011-07-20. Retrieved 19 August 2015. ^ Allureon/win32, Microsoft, March 2007 ^ "Google warns of massive malware outbreak". Then a Malwarebytes box appeared saying something else was trying to do something, so I clicked on Quarantine.

All rights reserved. Microsoft PartnerSilver Application Development file.net Deutsch Home Files Software News Contact What is atapi? The firewall warns me that I'm then not protected until I restart. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Microsoft. 2010-03-17.

I don't know whether he, too, had a warning about atapi.sys. I had no symptoms that suggested a problem. http:/emove-malware.com/malware/malware-warningsasty-new-rootkit-patches-Atapi.Sys/ ... http://www.file.net/process/atapi.sys.html I don't know whether he, too, had a warning about atapi.sys.

To my astonishment, I was told I had a rootkit at C:\WINDOWS\system32\drivers\atapi.sys. If not please perform the following steps below so we can have a look at the current condition of your machine. View Answer Related Questions Os : Atapi.Sys It repairs a corrupt Atapi.Sys file and then automatically restarts ... HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi (Rootkit) -> No action taken.

It is an essential Windows system file. https://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/replacing-atapisys-due-to-rootkit-infection/6d43c333-544b-4139-89e1-07f2aa21e1cb?db=5 Microsoft Security Essentials detects it on Windows 7 and seems to disinfect it, but I'm not sure if it really has succeeded. Select "Fix the system registry to that of a previous state" click NextAll of your restore points should be listed, I chose the latest on ( Restore Point 223 (11/10/2009 )) Click Here To Download A Free Scan

Important update!

Will report back when done. check over here I'm not sure that I have a Windows CD, nor how I might go about using it if I do. Share this post Link to post Share on other sites hutch13    New Member Members 5 posts ID: 14   Posted November 11, 2009 I just updated my database from 3143 Share this post Link to post Share on other sites roddy32    New Member Experts 46 posts Location: Kansas, USA Interests: Nascar and Red Sox baseball ID: 8   Posted November

  • Can be corrupted by a rootkit.
  • Is one way of sorting it to connect my pals HD to my PC so that I can see all the files including Windows (XP) and deleting the file from the
  • I apologize for not being able to provide a more accurate version of the message, but at the time I wanted to shutdown my computer immediately and disconnected it from the
  • Even though I could not save the log file after a scan, the scan did produce the following two entries which to my untrained eye look noteworthy:File C:\WINDOWS\system32\DRIVERS\serial.sys suspicious modificationFile C:\WINDOWS\system32\drivers\atapi.sys
  • Thanks a lot!
  • Therefore the technical security rating is 13% dangerous, however you should also read the user reviews.
  • Some help would be nice.
  • To fix these types of problems, download the util mentioned below.
  • This is a windows file but can be infected by a Win32 Virus Olmarik.RF AlphaOne Without it windows cannot access the IDE hard drive.

I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. many times i've inserted no Virus pendrive but it shows "same Virus" in those pendrives also. ... Nothing worked. his comment is here plenty out there just search for ATAPI and u will find tons of info.

Run a free scan to check for atapi drivers in need of updating Atapi.sys file information The process known as IDE/ATAPI Port Driver or Standard IDE/ESDI Hard Disk Controller or ATAPI seems OK Daniel It causes a BSOD Matthew Atapi.sys 5.1.2600.1135 Dude Had a series of BSOD (Blue Screen of Death) starring atapi.sys on a PC http:/emove-malware.com/malware/malware-news/Atapi.Sys-rootkit-is-everywhere/ ...

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Share this post Link to post Share on other sites rchusid    New Member Members 7 posts ID: 16   Posted November 11, 2009 I have the same problem. I'd be most grateful for any help. But I can do neither, since I can't select any of the options on the disk.

John (further information) just cleaned from friend's computer, avast! Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close Alureon has also been known to redirect search engines to commit click fraud. weblink The Register.

I also posted a developer mode scan in the above thread.I believe it to be a false positive. I have no idea how to resolve this. This opened up a Regedit window.7) I confirmed that the \atapi keys were, in fact, missing. No virus where found.Thanks for the update!

What causes The Atapai.sys Error? The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. I don't know what to do.

You can use this cleaner to stop viruses, errors and faults with your system. Click here to Register a free account now! Anyway, I'll be looking at this thread to see if I should leave these files alone or not. Far safer than attaching an infrected HHD to a clean PC.

Unfortunately, my computer could no longer boot up. FBI Website. 9 November 2011. Richard Reddy can be infected by Backdoor.tidserv!inf Wildfire (further information) Microsoft patch KB977165 or MS10-015 (Feb'10) originally caused BSOD if this file was infected by the Allureon rootkit. By using this site, you agree to the Terms of Use and Privacy Policy.

Share this post Link to post Share on other sites dcv    New Member Members 1 post ID: 20   Posted November 11, 2009 I used a different method with the Ashampoo firewall used normally but it makes no difference if switched off. After reading what you've said, I'm beginning to think that it may be a false positive. I'm not able to boot the computer.

Keep your virus checker up to date, and it will identify if this file gets infected (infection can mean just one additional byte added to it).