Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi.sys Rootkit infection


  • This topic is locked This topic is locked
5 replies to this topic

#1 padlocke09

padlocke09

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 22 January 2010 - 02:23 PM

i:\windows\system32\drivers\atapi.sys is, according to AVG free infected by a rootkit. Preliminary searches told me that the best result was gotten from combofix. I downloaded and followed the instructions and now have a log from combofix to come to you with. Combofix makes a note of atapi.sys at least once, so I guess that's it agreeing with AVG. I'm not sure how to proceed. I found another thread a while back noting one person's suggestion for how to handle an infected atapi.sys, which ended in the user who had the infected file not being able to access his computer. So, rather than risk making a mistake, I thought I'd post here.


A new scan with AVG shows that the file is still infected with Trojan Horse- Rootkit.Pakes.U

Edited by padlocke09, 22 January 2010 - 03:11 PM.


BC AdBot (Login to Remove)

 


#2 padlocke09

padlocke09
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 22 January 2010 - 03:11 PM

Okay, I was brand new to the site when I posted here, but I get that people don't want logs posted, so I've removed it, in hopes that someone can help me. Sorry. I'll try to be quicker on the rules next time :-)

Edited by padlocke09, 22 January 2010 - 03:12 PM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,866 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:10 PM

Posted 22 January 2010 - 03:16 PM

A rootkit is a malware problem...this is the XP forum.

The knowledge to deal with malware situations such as yours appears to be...lies at BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

I had already previously made an internal suggestion that this thread be moved to that forum...if you decide to just go there and initiate a new topic, following the administrative procedures posted there...let us know and I'll correct my suggestion.

Louis

#4 padlocke09

padlocke09
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:10 PM

Posted 22 January 2010 - 03:19 PM

I apologize and I will indeed make a post there following all guidelines. Thank you for your time.

#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,866 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:10 PM

Posted 22 January 2010 - 05:15 PM

Thank you :thumbsup:, I will now amend my internal suggestion.

Louis

#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:10 PM

Posted 22 January 2010 - 06:40 PM

Topic properly posted in the AII forum. To avoid confusion this topic closed.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users