Posted 12 April 2010 - 03:54 PM
For all the time I've had a computer, through reading up on sites like this, I've always been able to clear out any viruses on my own, at least from what I can tell, mainly because I've been stubborn, not because I have any computer mastery. I'm at my wits end on this one and am admitting defeat.
As far as I know it started with the XP security center virus, which I've gotten a number of times. I think that I've successfully removed it each time.
Anyhoo, then I got the search engine redirect virus/rootkit.
I've used MalwareBytes, AVG, MS Security Essentials, HiJackThis,Spybot Search&Destroy, Super Anti-Spyware, Hitman Pro 3.5. They've all come up with nothing even though I still have had the redirect happen. More recently I used TDSSKiller.exe with GMER, esage rootkit.exe, combofix.exe, and signed up for a 30 day trial of Kaspersky. All these seem to catch the fact that I have the rootkit, specifically rootkit.win32.TDSS.d according to Kaspersky, but are unable to remove it. Also, according to TDSSkiller and GMER the problem is atapi.sys.
I used a goored cleaner which seemed to work for a minute or two, but eventually the redirect happens again.
I have manually deleted all copies of atapi.sys other than the one in windows\system32\drivers and expanded and copied the original from my XP disc, but it seems that the rootkit virus either re-infects it or is hiding somewhere else because the re-direct seems to come back.
I have windows XP on a Dell 9100. (Dual boot Ubuntu also which I'm beginning to prefer after this episode). I've seen a lot of this rootkit on these boards lately, but thought I might as well jump on the bandwagon.
I can post logs (combofix etc), as asked.
All help greatly appreciated,