Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Remote disinfect

  • Please log in to reply
No replies to this topic

#1 MrPaulCaruso


  • Members
  • 3 posts
  • Local time:08:29 PM

Posted 18 January 2010 - 01:52 PM

Win XP Home, svc pack 2
Firefox browser
Norton 360

I've been infected with the (Google) search redirect virus twice in the past three weeks. I've tried any number of fixes listed in these pages, all to no avail. Most require downloading and running multiple programs - in some cases as many as 10 - and posting logs from all manner of system readers. As you know, this is very time consuming and, when it doesn't work, very frustrating indeed. (I've never had this much trouble cleaning a virus before.)

I'm not savvy enough to think that I've invented some new fix, but the only thing that has worked for me is to disinfect remotely. In addition to the havoc wreaked by the virus, it appears to have the ability to hide and protect itself from detection while the system is in operation, and it prevents operation in Safe Mode. Here's what I did, with the aid of a(n inexpensive) USB external drive adapter:

Shut down my computer and disconnected the power line; opened it up and unplugged the IDE connector and power line from the hard drive; connected the drive adapter to the hard drive; connected the adapter to my laptop and scanned for viruses with, in my case, Microsoft Security Essentials. This worked perfectly both times. What I found was something called "Alureon.F" which, as far as I can tell, resided in my atapi.sys file. After disinfecting the file my system works fine, showing no symptoms of infection.

Anyway, here are my questions:

First - Is this in fact a valid fix? What I mean is, the scan disinfects the atapi.sys file but no registry changes are made. Am I Ok in this regard?

Second - Would simply replacing the infected atapi.sys file with a "clean" version work as a fix on an operating machine?

Thanks for your feedback.

BTW: apart from an introduction this is my first post ever to such a forum, so please excuse me if I'm in the wrong place. Thanks again.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users