Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Avast Nuked atapi.sys file

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 4 posts
Been trying to solve a virus problem on my own since 12/20/09 & finally got help from your Malware Removal Forum. Was running a fix suggested by Rorschack112 when an Avast warning popped up with:

File: C:\windows\system32\drivers\atapi.sys
malware name: win32:Alureon-EU

Waited till the fix was done & then took the Avast recommendation to move the virus to the vault/chest. Apparently I shouldn't have done that - I just got so excited to finally find something! Now, I can't reboot. None of the options will work. Rorschack112 said to come to this forum to get help & then go back to the malware site. Thank you for any help you can give me. Faith.
  • 0




    motto - Just get-er-done

  • Technician
  • 4,345 posts
Please read this Malwarebytes site on the problem.


Beyond this someone from the malwarebytes forum tried this successfully.

1) I made an Ultimate Boot CD for Windows. You will find downloads and instructions here:


You'll need a Windows CD and the package you download from the UBCD4Win website. If you have a laptop (or a friend's computer), you can do this easily. It was a very smooth process.

2) I started my poor desktop computer and went into BIOS by pressing DEL immediately. I then changed the boot order of the machine so that the DVD/CDROM is the first boot device.

3) I restarted the machine with the UBCD in the drive. This takes some time, but eventually, you will have a Windows OS running entirely from the CD. This will allow you access to your hard drive(s) and other media, like a USB drive.

4) I navigated to the MalwareBytes log files folder, C:\Documents and Settings\*your user name*\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs, and opened the most recent log file using the UBCD text editor. This contained a list of the registry keys deleted.

5) On my laptop, I opened RegEdit by clicking Start>Run and typing regedit. I navigated to the \atapi keys that had been deleted on my desktop. I right clicked on each key and chose "Export," then gave each exported file a descriptive name like "currentcontrolset". Regedit will save these keys and their subvalues as ".reg" files.

6) I put these files on a jumpdrive and plugged it into my desktop. UBCD's OS had no problem reading the drive. From there, in the UBCD OS, I chose Start>Program Files>Registry Editors>Regedit (remote). I was prompted to select from the User names on my system; I chose Administrator. This opened up a Regedit window.

7) I confirmed that the \atapi keys were, in fact, missing. Then, using Regedit's File>Import feature, I imported each of the .reg files on the jumpdrive.

8) I closed the programs and restarted and it started up normally.

I personally do not know if this will work but i put it here because it is from a good info forum.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP