Possible Rootkit Infection; Atapi.sys?
I suspect that, if you have a Boot CD, like Ultimate Boot CD for Windows (or can make one on another machine), you could probably put the registry entries back. Those are five security violations that could never happen on a secure operating system. I was very surprised, but I have yet to actually take action because I think I just read that atapi.sys might actually a required system file. I still get an occasional BSOD. http://ircdhelp.org/possible-rootkit/possible-rootkit-in-the-atapi-sys-file.php
As after it was finished went to a BLACK screen of death, yes I said black! Permalink Submitted by rainbopotter (not verified) on Thu, 02/18/2010 - 13:52 Completely irritated with the stress caused by Microsoft! I request closing the topic, problem solved. Gmer listed this file as modified and Avast found that it was infected so i deleted it.
There are some (unsupported by Microsoft) ways to put Windows recovery systems on memory cards and USB memory sticks. They just want their computers to work out of the box without much effort. Scan weekly if you have high Internet use. All these people - even at major banks and even at the AV vendors - getting infected with rootkits and trojans and they didn't have a clue.
- This means that a driver has direct access to the internals of the operating system, hardware etc.
- The info could be wrong though, I'm no expert by far.
- Rens Probably short for ATA API or interface for ATA hard drives.
Also, all users should please update Malwarebytes' Anti-Malware's database to resolve this issue for the future. Malwarebytes ' Anti-Malware scans, detects, and removes malware on your computer. It may be what is causing his system to infinite-loop reboot after a nearly complete boot. Therefore, you should check the atapi.sys process on your PC to see if it is a threat.
I have no idea how to resolve this. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. The service has no detailed description. Get More Information Wayne it is sometimes infected with google redirect virus jed It is a legit file that can be infected with viruses.
Can be infected with rootkits. O/S= OEM XP Home Edition + SP2 and updates as of 3May 08.
CD is more foolproof. you can at least get back to "now" if it doesn't work. After cleaning, you will need to disable the System Restore function For Windows XP. It took a while for AV products to find and remove them on a active system.
After I was able to uninstall KB977165, everything returned to normal and I still has a clean machine. check over here Does anyone hear any other bell tolling? Microsoft have their Patch Tuesday and everyone scrambles to get their updates. Second time I ran it everything was fine.
Until that mentality changes, we will continue to have these issues. The problem is people don’t want to be bothered. Alex F Atapi.sys is shown as specious modification when it is infected MOHANRAJ R gives me a blue screen once a day elvis This file is his comment is here I don't know whether he, too, had a warning about atapi.sys.
But he has (and uses) an Apple computer. But don't take the CD out. Wait for a couple of minutes. 9.
I have uninstalled Ashampoo Firewall and switched MS Firewall on and AVG updates without any problem.
O RLY? p.24. Removing the patch should work as well, however either way you're still inected and need to get cleaned. I installed all EXCEPT the KB977165 on 2 WinXP-SP2 machines and rebooted yesterday without problems.
Sigh.You are very welcome. Seek professional help. The latter have coincidentally been identified by the update process (i.e. weblink http://home.comcast.net/~jblizz/Atapi_MD5_Checker.zip Permalink Submitted by tago (not verified) on Fri, 02/12/2010 - 23:51 Be careful about saying "multiple" scans prove that computer is clean.
Microsoft Security Essentials detects it on Windows 7 and seems to disinfect it, but I'm not sure if it really has succeeded. I tried Start Windows Normally, and then I tried Go Back to Last Known Good Configuration, and then I tried Safe Mode. But once this is done and the trojan resides on the local machine, the following happens. 1.