Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Need help on FakeReal, TDSS (atapi.sys infection)

  • Please log in to reply
No replies to this topic

#1 BarefootCPS


  • Members
  • 1 posts
  • Local time:07:04 PM

Posted 26 April 2010 - 07:53 PM

After what was likely an unwise click in Google Chrome, I got what I believe is the FakeReal (ave.exe) giving me phony Windows security alerts, browser redirects, etc.. I also had several processes called szj.exe, I believe. I killed as many suspicious processes as I could find, got rid of new startup entries with msconfig. I ran a FakeReal registry fix and ran an AVG scan, which seemed to get rid of the szj stuff. But ave.exe kept coming back via hijacked browsers. Ran HJT, MBAM, which seemed to identify and clean additional malware, but, again, ave.exe keeps coming back when I use any browser (IE, Firefox, or Chrome). Things seem pretty quiet as long as I stay away from those three, but I know it's still in there. TDSSKiller says it found TDSS rootkit in atapi.sys, but it does not seem to be taking care of it after repeated attempts.

I have spent 15-20 hours on this so far, and I'm looking for a compelling reason to keep going, versus backing up my data and formatting the hard drive.

Any suggestions?

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users