Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirected - Solved by ComboFix


  • Please log in to reply
1 reply to this topic

#1 Rich Pasco

Rich Pasco

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Location:San Jose CA & Land O Lakes FL
  • Local time:04:28 AM

Posted 21 January 2010 - 11:31 PM

Today I too fell victim to the common malware which hijacks Firefox so that clicking on Google search results leads to a page of advertising instead of the intended target. Following the instructions here I was able to use Combofix to remove the infection. I am very grateful. However, I do have a question about a message in the results log. It read,
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
My question is, exactly what is meant by the phrase "Kitty ate it :p" in this context? From where did Combofix get the uncorrupted version of atapi.sys? or does this mean that Combofix was able to un-patch the file on my system so as to remove the malicious code?

- Rich

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 22 January 2010 - 10:50 AM

It means CF found an infected atapi.sys and restored a good copy it found in another location on your system such as c:\windows\ServicePackFiles\i386\ or c:\windows\system32\dllcache.

Kitty ate it was the developer's way of adding humor to the infected file going bye, bye.

Although your issue has been resolved, it is not a safe practice to be following specific instructions provided to someone else especially if they were given in the HijackThis forum. Those instructions were most likely given under the guidance of a trained staff helper to fix that particular member's problems, NOT YOURS after careful evaluation of the malware involved. Before taking any action, the helper must investigate the nature of the infection and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system.

If you need assistance in the future, it's best that you tell us what specific issues YOU are having rather than point to someone else. That's what this forum is for so feel free to start your own topic anytime and someone will assist you with your issues specifically.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users