Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virustotal says my atapi.sys has a rootkit


  • Please log in to reply
2 replies to this topic

#1 joseibarra

joseibarra

  • Members
  • 1,185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:04:08 PM

Posted 09 August 2010 - 08:13 AM

I have no viruses on my system and have all the latest updates :thumbsup:

Looking at a problem for somebody else, I used www.virustotal.com to scan my atapi.sys file (so I could make some instructions) and it reports:

eSafe 7.0.17.0 2010.08.08 Win32.Rootkit

I used virusscan.jotti.org and it reports the file is clean.

I run MBAM and SAS regularly and they don't see it.

I expanded a fresh atapi.sys from my XP Pro SP3 slipstreamed installation CD to a temp folder and used both WWW sites to scan the "new" file and got the same results.

I don't have a particular issue on my system (trying to help someone else) but was wondering if there is an explanation for this or some other way to check my atapi.sys for this alleged Win32.Rootkit. I know it could be a "false positive" (like with my broken arm).

I recall when KB977165 came out on 02/09/2010 and that BSOD issue came up and it turned out to be related to atapi.sys and I did not have the BSOD problem, but remember back then I scanned mine anyway and got the same result from virustotal (but paid it no mind).

I am not worried about it yet, but now am curious about it.

Thanks for ideas!

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:01:08 PM

Posted 09 August 2010 - 10:36 AM

I would suggest posting a topic in the Am I Infected forum. These people deal with this type of problem daily and are quite good at sorting them out.

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:02:08 PM

Posted 09 August 2010 - 10:48 AM

Topic moved to AII.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users