Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Vista Defender, blocked windows update

  • Please log in to reply
1 reply to this topic

#1 outofideas327


  • Members
  • 2 posts
  • Local time:05:34 PM

Posted 14 April 2010 - 08:26 PM

I have recently been trying to remove the vista defender with malware bytes with no luck. I also can not install, download, or access anything to do with Windows updates. Also my search's are redirected. On top of that my usb keyboard will no longer function on this machine (tested on other machines). The keyboard works on the welcome screen after removing the Rogue virus with malwarebytes but immediately stops working shortly after I log on. It seems that all these problems are related.

Any ideas?

Windows Vista
Malware Bytes run completed

BC AdBot (Login to Remove)


#2 outofideas327

  • Topic Starter

  • Members
  • 2 posts
  • Local time:05:34 PM

Posted 14 April 2010 - 10:21 PM

If this helps, I ran a GMER scan and have a suspicious atapi.sys file:

GMER - http://www.gmer.net
Rootkit quick scan 2010-04-14 22:38:43
Windows 6.0.6001 Service Pack 1
Running: 53g6qmw6.exe; Driver: C:\Users\Chris\AppData\Local\Temp\pwldapob.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 852421F8
Device \FileSystem\fastfat \Fat 876691F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 870A5AC8

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users