I believe atapi.sys is a port controller used for IDE. Perhaps now the virus instructs the driver to open the port for malicious uses (i'm not sure).
The point is, this driver is crucial for XP to operate as it is hard wired into the OS.
To remove the virus, you can't just rewrite the file as windows will not allow it. You need to do this in DOS (outside of windows gui). Also, apparently there are several different versions of this file each pertaining to their own OS variant (service packs etc).
The fact that AVG is not supporting their product regardless of if it's free or not is unacceptable. Their product is published free as a means to boost their product sales through promotion of their name on the internet. The very fact that they are doing this creates a liability that holds them accountable.
My guess is that this virus is critical because removal of it requires extreme measures of replacement of a "critical/system file" in Windows. This implicates AVG and Microsoft.
My concern is that if this is the case, why did AVG free allow this critical system file to be infected in the first? We are trusting these individuals with anti-virus software that should protect our computers, and if their products (promotional regardless) is incapable of doing what it says it should: then the publishers need to make this clear to us and work with us at the same level of trust that we have given them.
If they are unwilling to support their product, then we need to go to a different support level. I am unaware of who I could speak with about this serious problem. I live in Alberta, Canada. If I have a concern at a federal level, I can speak to my MP (Member of Parliament). Is there an organization that is responsible for security/business on the internet? These are the people that we need to make aware of this problem. These are the people that will help us.
If someone can help me with who I can speak to about this problem, then I will write a letter of concern to them.
Split from here: http://www.bleepingcomputer.com/forums/t/296945/another-trojan-horse-rootkit-agentef/ ~ OB
Edited by Orange Blossom, 21 February 2010 - 03:38 PM.