Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirecting.


  • Please log in to reply
3 replies to this topic

#1 divinemelody

divinemelody

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 09 May 2010 - 10:50 PM

Hello, I've been having this problem for about a week now where my search engines all redirect to random sites. I did my own research & found out my ataspi.sys is infection with that redirect virus or whatever it is. At least, that's what I believe is the problem since I scanned GMER. [By the way it also says I have some other stuff but I don't know what it is.] Anyways, my question is, how do I remove it without harming my computer? Is there any other way to do it beside having to probably wipe out my computer? Please help!

Thank you for your time.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:31 PM

Posted 09 May 2010 - 10:59 PM

Hello divinemelody and :thumbsup: to BleepingComputer.

Could you please post the GMER log for me to see?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 divinemelody

divinemelody
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:31 PM

Posted 09 May 2010 - 11:18 PM

Sure thing, here it is

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-09 23:15:34
Windows 5.1.2600 Service Pack 3
Running: xwxro8op.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwtyypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xEC4D8ECA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xEC4D8F74]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device -> \Driver\atapi \Device\Harddisk0\DR0 82EE5EE4

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


I can't find the file attachment so here I just posted it like this, I hope it's not hard to read!

Sorry if I don't respond so fast, my computer is lagging.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:31 PM

Posted 10 May 2010 - 12:53 AM

Hi divinemelody

It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The Malware Removal team is very busy, so it could be several days (2-3 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

Edited by Blade Zephon, 10 May 2010 - 01:06 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users