Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Rootkit help! atapi.sys [Solved]


  • This topic is locked This topic is locked

#1
EBess

EBess

    New Member

  • Member
  • Pip
  • 4 posts
Hey there,

So I recently began having some issues with my search engines (Google, Bing), when the links I clicked would redirect me to some spam website.
I didn't think too much of it and tried to run SpyBot and also upgrade my Windows XP.
However, SpyBot did not find any issues and the upgrade could not go on due to an error message that said that "\system32\driver\atapi.sys" was still in use.
Therefore, I began doing some research into the Rootkit issue and how it can be resolved with Avanger or Combo-fix.

To be honest, I'm barely computer literate. Therefore, I would greatly appreciate it if someone of much greater intelligence in this field would help me out.
I read in this forum, along with others, the steps others took (with guidance from experts) that you basically need to replace the file in C:\ using other programs as a method. That is the end to my knowledge.

Please help!
Thanks
  • 0

Advertisement


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download TDSSKiller.zip and unzip it to your Desktop

Run the TDSSKiller and wait until it finishes (should be just a few seconds or below a minute).. Then find the log at your %systemdrive% (drive that contains Windows)

The log shall be named something like this one..

(TDSSKiller.version_date_time_log) for example.. (TDSSKiller.2.1.1_22.12.2009_19.33.44_log)





Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#3
EBess

EBess

    New Member

  • Member
  • Pip
  • 4 posts
Thanks for the quick reply!

So I ran both programs and got the logs.

Attached Files


  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :)
  • 0

#5
EBess

EBess

    New Member

  • Member
  • Pip
  • 4 posts
My computer is running amazing right now.
Thank you, I think you solved the problem.
You guys really know to do and how to do it. That's so refreshing- competence!

:)

Here are the two logs from ESET and Malaware Bytes.


Also, is there anything I can do in the future to prevent this from happening?

Attached Files


  • 0

#6
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#7
EBess

EBess

    New Member

  • Member
  • Pip
  • 4 posts
Thank you so much.
My computer has been running fantastic! No pop-ups, spam, slow connection... it's going great.
Also thank you for the links to the other sites. Great stuff.

I greatly appreciate your help. You are the internet-age Sherlock Holmes.
Keep fighting the good fight!
  • 0

#8
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured