Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


atapi.sys & adware on my D: recovery drive

  • Please log in to reply
1 reply to this topic

#1 Nieander


  • Members
  • 3 posts
  • Local time:11:54 PM

Posted 05 December 2009 - 10:26 PM

I've been having slowdowns on my computer along with google redirects. I have run scans by Malwarebytes, SUPERANTISPYWARE, and various others. Finally Kapersky found 3 threats: atapi.sys (false positive many say, deleting causes system instability, while others call it a Rootkit.Win32.TDSS.y), and Weatherbug, as far as I know, is not adware, but a regular thing.

Also, not sure if this is because of my ISP, Comcast, but my internet connection has been shifty, just dying on me at random times or becoming very slow.
Running Windows XP SP2

Scan statistics:
Objects scanned: 178579
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 04:56:10

File name / Threat / Threats count
C:\WINDOWS\system32\drivers\atapi.sys Infected: Rootkit.Win32.TDSS.y 1
D:\I386\APPS\APP14527\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP14527\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a

http://remove-malware.com/malware/malware-...ches-atapi-sys/ says "I was still getting all searches in any browser redirected to scam sites. I usually don't like running Combofix on Vista, but I had no choice. Sure enough Combofix detected a rootkit and disinfected it! Again, the rootkit infected the atapi.sys driver which redirected all searches and probably downloaded a few randomly named exe's to the system32 directory."

Sounds about right. I've never used ComboFix before... Advice on usage or not please!

Edited by Nieander, 06 December 2009 - 09:10 PM.

BC AdBot (Login to Remove)


#2 Nieander

  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:54 PM

Posted 06 December 2009 - 09:10 PM

I've also run RootRepeal. It did not detect atapi.sys as a rootkit. Can someoen tell me how many KB their atapi.sys file is? Mine is 96.0. I read somewhere else 94.0kb

Edited by Nieander, 06 December 2009 - 10:53 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users