Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Gen 3 rootkit that is using the atapi.sys file?

  • Please log in to reply
1 reply to this topic

#1 colson2


  • Members
  • 2 posts
  • Local time:05:36 PM

Posted 04 December 2009 - 12:27 PM

Hello - have been posting in the Norton forums and it was suggested I try over here. . .this is what the final thoughts were - Gen 3 rootkit that is using the atapi.sys file.

Started last week with super slow performance and lockups, evolved into random pop-ups and redirected links. Now in the last few days when I get on the internet I get a pop up with an error message, Cannot find and then 'http:// (2 lines of crazy nonsensical characters). Make sure the path or internet address is correct.

I have Norton 360 that was installed after I noticed a problem (now I know that won't catch problems!). Have updated and ran in safemode every day since I installed it.

Have also ran and posted HiJackThis, Malwarebytes and GMER for look over, can post those again also have screen shot of error message but I cannot figure out how to post files here, looking . . . thanks in advance for any help!! colson

BC AdBot (Login to Remove)


#2 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:36 PM

Posted 06 December 2009 - 04:48 PM

We start out using slightly different logs Please follow the directions here

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

You will also be instructed to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users