Over 1 million tech questions and answers.

Atapi.sys virus Need solution please

Q: Atapi.sys virus Need solution please

Hi, Im Dan and new to the boards. I decided to sign up to bleepingcomputer, as i see it has a professional set up and the poster's seemed very knowledgable about fixing problems on computers. I have googled the atapi.sys virus numerous times and while i have seen some solutions i thought it would be easier to post my own problem. I use AVG Free Version to scan my computer and this is the only infection that has ever come up: "Virus identified Win32/Patched.CG";"C:\WINDOWS\system32\drivers\atapi.sys";"Object is white-listed (critical/system file that should not be removed)";"12/04/2010, 21:38:38";"file";"C:\WINDOWS\system32\svchost.exe"Looking through the resident shield detection it says that i have had the virus since 22/03/2010. (Todays date being 14/04/2010). At first it didnt seem a problem but since i have noticed that when i play a song off iTunes or play a video from youtube it will be very stuttery. And come to the point were it will either just stall or to stuttery to listen to. I also found when i put my laptop into hibernate a few days ago i was met with a blue screen, plus the general speed of the laptop seems alot slower, (Noticing that the System Idle Process is constantly above 50% CPU, is that a problem?) Ive only ever been able to find the virus on the AVG scanner. Im running Windows Service Pack 2 and a solution to this problem would be very grateful as it is becoming increasingly more frustrating to deal with. RegardsPugilist_CottEDIT: Moved from XP to Am I Infected forum, more appropriate for subject matter ~ Hamluis.

RELEVANCY SCORE 200
Preferred Solution: Atapi.sys virus Need solution please

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Atapi.sys virus Need solution please

*bump*

Read other 1 answers
RELEVANCY SCORE 70

My AVG says that i have a virus in C:\Windows\System32\drivers\atapi.sys
I typed it in google and it downloaded the atapi.sys file.

My question is will this work. I don't want to take a risk of crashing my computer

A:virus atapi.sys. found a solution?

AVG, it has its ups and its downs.

I would upload the file to
http://www.virustotal.com/

And make sure its not a false possitive. Before we start playing doctor in with sys files.

Read other 4 answers
RELEVANCY SCORE 47.6

Hello, My computer keeps restarting, I can't get into in safemode either, So when it restarts is goes to a blue screen and says the atapi.sys. I Can't get into safe mode or regular mode... Please help

A:atapi.sys virus

Hi,Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side befor... Read more

Read other 16 answers
RELEVANCY SCORE 47.6

I've been trying to fix my computer for the past day or so. My Norton Antivirus keeps blocking zl091kha644.com, and it says it deals with atapi.sysDDS (Ver_10-03-17.01) - NTFSx86 Run by Rodman at 9:55:48.59 on Sat 05/15/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1331 [GMT -5:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Rodman\Desk... Read more

A:atapi.sys virus

Sorry, everyone my computer said it wasn't posting, and then it didnt post every thing, and still wont

Read other 2 answers
RELEVANCY SCORE 47.6

Under the add/remove programs tab in my control panel, I have a program at the top titled aaa. When I click on it, the other info fields are bbb and ccc. Attempts to remove it using the add/remove programs options have failed. I'm also receiving warnings from Symantec antivirus that I am infected with a virus named atapi. I am receiving multiple unresponsive script warnings, with http addresses, as well as an unresponsive space bar key, a request by media player to play a file whose extension is unfamiliar, and very slow start-up (takes 30 minutes after the home screen appears before I can pull up any programs). Here are the logs as requested by the standard instructions:

DDS log
DDS (Ver_10-12-12.02) - NTFSx86
Run by William Tatum at 19:16:54.65 on Sun 02/06/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.41 [GMT -5:00]

AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe... Read more

A:Atapi and aaa virus

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 27 answers
RELEVANCY SCORE 47.2

Hello everyone,

I have a Dell laptop Windows XP Home SP3, and was having trouble upgrading AVG anti virus so I uninstalled it and put in Avira. I believe AVG wasn't completely removed and conflicted with Avira and then after running Avira I found network drivers corrupted. I tried to roll back and reinstall drivers in Safe Mode but I got Blue Screen Error:
Driver IRQL not less or equal
0x0D1
atapi.sys

Thanks for your help
DDS (Ver_10-11-09.01) - NTFSx86
Run by Anita Anderson at 17:44:13.82 on Sat 08/06/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1006.689 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.E... Read more

A:Think I am infected with atapi.sys virus

Hi,BitCometAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 27 answers
RELEVANCY SCORE 47.2

I was sent here from the Windows XP forum after a few posts of errors. Heres my Hijackthis log, i just got another system error today, so any help will be greatly appreciated. Thanks!Logfile of HijackThis v1.99.1Scan saved at 8:57:02 AM, on 2/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exeC:\WINDOWS\System32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Intel\W... Read more

A:Atapi.exe Problems, Probably Virus

Hi rytheterp and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware at this time. The log is clean.

I would continue working with the folks in the XP forum to sort this out. A couple of things I would do to verify that the problem isn't related to programs or files is remove all of the music files and see if the problem persists. Then start removing some apps one by one to see what happens. Start with Windows Defender since it's still in beta and pretty bloated yet. Then the Google Desktop because nobody really knows what that thing does. If the problem goes away you have found the culprit.

Something else to let them know. Does the problem happen at any time or just overnight. If overnight (or during long periods of inactivity) does the problem occur when the machine goes into a sleep mode (or standby)? If the problem is not with an application or the files on the machine like they suggested then most likely it is with hardware (heat buildup). It's just hard to say at this point.

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 47.2

Please help! This is taking me forever to get rid of! I am quite sure I have gotten a root kit virus in atapi.sys. If I run GMER, I get an "tvtfjc" in the boot. I have been unable to run COMBOFIX--it comes back with a "VIRUT" warning and deletes itself. I am running Window Vista and can only run in safe mode. Here's the HIJACK log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:24 PM, on 4/17/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/... Read more

A:ATAPI.SYS Rootkit Virus

Read other 8 answers
RELEVANCY SCORE 47.2

i need some help, my avast anti virus kept on detecting a trojan and i haven't successfully delete the virus. when i run a full scan, it kept on cleaning the atapi.sys file. when i browse the internet, the browser kept on directing me to a site.... any suggestion on how to solve this? i heard by using combofix, you can fix this, but you need someone to analyze the log file, is that true?
 

Read other answers
RELEVANCY SCORE 47.2

I scanned my computer using avg and detected atapi.sys,ataport.sys & pci.sys virus. I tried to remove it using avg anti-virus but it doesn't work... Help!!! I'm really having some problems removing this...

Read other answers
RELEVANCY SCORE 46.4

Hi, I hope that you can help me with my virus problem. I started with the ave.exe virus, which was causing a number of fake anti-virus popups. I am also getting re-directed on all my Google searches. My computer has been running a little slow, and I have also have issues with my print server and sound drivers crashing.Here is what I have done so far. I tried following the instructions before posting this topic. DDS ran fine and the logs are included with this message. GMER resulted in a blue screen every time I tried to run it. The initial scan that runs when you first start GMER ran alright (I saved this log and pasted it below). But when I unchecked IAT/EAT, my other drives, and SHOW ALL and ran the scan on GMER, it resulted in a blue screen crash every time I ran it.Before I saw this forum and the associated instructions, I had tried some other solutions that I saw mentioned on other forums. I ran MalwareBytes, which found and removed the ave.virus. I ran SUPERAntiSpyware, which did not find any issues. I tried running SpyBot Search & Destroy, but it caused a blue screen crash both times I tried to run it. I ran ComboFix (again, before I saw the warnings on this forum stating not to run ComboFix) and it found a few infected files and cleaned them. But I was still having Google re-directs. I then ran TDSSKiller, which identified that I had an infected atapi.sys. TDSSKiller claimed that it successfully removed the infected file, but it came back on every ... Read more

A:ave.exe virus, also atapi.sys & Google re-directs

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 69 answers
RELEVANCY SCORE 46.4

I have avast virus scanner and it keeps popping up saying that my Atapi.sys file is infected with a virus no matter what action i tell it to take the warning keeps popping back up.
 

Read other answers
RELEVANCY SCORE 46.4

I'm fixing this dell optiplex gx260 for this small insurance company in my home town. I had previously set it up with avast antivirus software and a comodo firewall. The firewall was causes some freezing so I uninstalled the firewall while the computer was disconnected from the internet. Then the computer said it had some updates to install. SP3 began installing on the computer and when it got near the end Avast said their was a virus detected. it was in C:\windows\system32\drivers\atapi.sys So after trying to delete the file several times I selected do nothing and let the system finish installing the update. After that the computer rebooted and during the windows loading screen the blue screen of death popped and gave me a 0x0000007b (0xF8C0F528, 0xC0000034, 0x00000000, 0x00000000)I tried using my avast bart cd and it removed a few viruses but the computer still won't boot on its own. I also have a copy of Winternals that might help but i don't know how i could use it to get the virus off. Please help, i don't want to wipe the hard drive. I have also tried using the windows xp installation disk to repair the start up files but repair isn't an available option when the disk loads.

A:atapi.sys virus now xp wont boot

Hi, tookiewayne Welcome.Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).Here is what you need to do.Two programs to downloadFirst Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps. SecondDownload OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.When downloaded double click and this will then open ISOBurner to burn the file to CDBoot the Non working computer using the boot CD you just created.In order to do so, the computer must be set to boot from the CD firstNote : For information click hereYour system should now display a REATOGO-X-PE desktop.Double-click on the OTLPE icon.When asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start. Change the following settingsChange Drivers to AllChange Registry to AllUnder the Custom Scan box paste this in/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysA... Read more

Read other 30 answers
RELEVANCY SCORE 46.4

I have had several blue screens for the first time when I was trying to convert video or having one or more browsers up. Also, the computer would not turn off, had to hard boot. The computer was running very slow. I noticed that some of the temporary directories were being filled with some items that put there. For example in C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\ Nothing was detected by Malwarebytes, Norton, or others. The DDS log is posted.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by mjacobs at 22:42:59 on 2011-11-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3711.2443 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:... Read more

A:atapi.sys blue screen virus

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txtPost that log, please. Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Con... Read more

Read other 13 answers
RELEVANCY SCORE 46.4
RELEVANCY SCORE 46.4

Hi folks, it would appear that my sons pc has become infected with some sort of malware that causes any google searches to be redirected to other search engines, or randomly log into other sites via opening another tab in firefox. I am not exactly au fait with computers so with a bit of research i have ended up here with the hope of redemption from this horrible thing. The research i did seemed to point to my atapi.sys file, and indeed i could see it modifying itself time after time, i do have a windows cd and had thought about replacing the files with clean ones from the cd but this is service pack 1 whereas currently running service pack 2 and was unsure whether or not this would be advisable, like i said not au fait so best left. The other thing i might add is that last night AVG went crazy and was pointing to win32/patcher.DO and the avgld86.sys file, not sure whether i did right but i uninstalled AVG and reinstalled fresh and that seems to have allieviated the problem but im now wondering just what else lies waiting. As requested please find the attatched logs, DDS (Ver_10-03-17.01) - NTFSx86 Run by Mainpc at 6:58:37.91 on 26/04/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3069.2048 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\... Read more

A:Google redirect virus (atapi.sys)

Hello saracen1966 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction ca... Read more

Read other 13 answers
RELEVANCY SCORE 46.4

3 days ago I got fooled into clicking on an email from "[email protected]" and a 'click here' inside to see a purported report on a purported failed ACH transfer. Clicking gives no report. Instead, floating my mouse over the 'click here' link shows it redirects, the link shown washttps://mail.cabrillo.edu/Redirect/ACH-WEBSITERSBLOG.INFO/?52599277190456I unconnected from the web and later hibernated the computer (Dell E1505 laptop, WinXP SP3). When I tried to bring it back from hibernation, it gave me a blue screen with text saying something about an error which was not meaningful to me, and at the end mentioned ATAPI was involved. I was forced to do a cold boot, which was successful without apparent problem. On another (unclosed) topic on this issue, I've been led to MBAM and it found 2 trojans which it says were successfully removed. But on mentioning this blue screen ATAPI issue, my other topic helper Boopme told me to do some standard scans and post them on ANOTHER topic and let someone else resolve that aspect before we go back to my original problem. So that's what I'm doing here. I ran DDS, and the screen log is below. I also notice that now I see an hourglass as if the system is busy doing something in the background. It's been there continuously even though DDS finished and also now (at long last - after a ~7 hour scan) GMER is finished. The machine is responsive and the task manager doesn't show anything unusual, and 99% of ... Read more

A:ATAPI virus? continuous hourglass

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other answers
RELEVANCY SCORE 46.4

Hi, I'm having a problem with a google redirect virus that I just cant seem to clean from my computer. It sounds like alot of people are having problems very similar to mine at the moment, so hopefully I can get some much needed support. I have run dozens of scans with a variety of different malware and spyware softwares, but none of them seem to fix the google redirect problem (3 days of non-stop scans and fixes). I tried using tdsskiller which identified the atapi.sys file as a potential rootkit, but it was unable to fix the problem. I would like to try combofix to hopefully resolve this issue, but I read that this was unwise without proper supervision. Attached is a copy of the GMER log file that was produced after I ran a scan. Thanks in advance for your time and help!!!Update: I ran a scan using Dr. Web CureIt (1st time using this software) and it identified several infections and numerous suspicious files. At one point it asked me if I wanted to "move" the files so I clicked "yes to to all". When the scan finished, it said that it had eradicated backdoor.tdss.565 and moved several files. Everything else it identified was left blank under the Actions Taken column. If I select one of these items the option to "cure" is greyed out. Do I need to do more or has Dr. Web all ready quarantined these files??? The Dr. Web log file is attached.

A:Redirect Virus, atapi.sys rootkit

Update: I ran a scan using Dr. Web CureIt (1st time using this software) and it identified several infections and numerous suspicious files. At one point it asked me if I wanted to "move" the files so I clicked "yes to to all". When the scan finished, it said that it had eradicated backdoor.tdss.565 and moved several files. Everything else it identified was left blank under the Actions Taken column. If I select one of these items the option to "cure" is greyed out. Do I need to do more or has Dr. Web all ready quarantined these files??? The Dr. Web log file is attached...

Read other 15 answers
RELEVANCY SCORE 46.4

hello im new to this stuff and im hoping that u can help me too. i was recently infected with three antisecurity viruses i believe antisoft digital protection and xp security. i think i have been able to remove the first to sucessfully notice i said i think . i was also stupid enough to actually purchase a license from one of these idiots. dont worry financial institutions have been notified. i ran something called tdss rootkiller and i recieved a message saying this i had a infection here:c:\windows\system32\drivers\atapi.sys i pressed yes to delete and reboot but its still there and apparently this program cannot remove it. i dont even have any antivirus spyware malware on my system due to the fact that they were uninstalled by my stupidity. well to make a long story short im trying to get a antivirus spyware malware on my sysem but am redirected or recieve a cannot display page message which i assume to be the virus doing what it does so i need help bad since unfortunately i dont have the money to go out and buy a new laptop at this point in time and i really need to use the one i have. i am running windows xp professional (and just recently found out it was the most vulnerable os) NEED HELP REALLY BAD thksMerged topics then posts deleting redundant content. ~ OB

A:redirect virus,atapi.sys rootkit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 46

Hi there,

My laptop with WinXP has Sophos installed.
Friday I recieved a link on my email that I clicked and Sophos said atapi.sys is a virus- No actions. Did a full scan. I have no internet connection. Firefox says www.google.com cannot be found. Same with IE.
I read through some similar posts and ran ComboFix. It still has the same problem.

Could you please help me?

Here is my combofix log:
ComboFix 10-03-13.01 - 212040643 03/13/2010 21:56:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2965 [GMT -5:00]
Running from: d:\documents and settings\212040643\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\212040643\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sophos Client Firewall *enabled* {0786E95E-326A-4524-9691-41EF88FB52EA}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\wltray .exe
d:\documents and settings\212040643\nwiz .exe
d:\documents and settings\212040643\rundll32 .exe
d:\documents and settings\212040643\rundll32.exe
d:\documents and settings\212040643\stsystra .exe

.
(((... Read more

Read other answers
RELEVANCY SCORE 46

Hi everybody.

My AVG Free Edition recently detected a virus that seems like it can't be removed. AVG whitelisted it and every so often, it would pop up. I've seen other people have this problem, but I read that their fixes are specific to their own machines... please help! Thanks for reading this.

Here's my Hijack This report:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:03:10 AM, on 02/19/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Apps\ProcessExplorer\procexp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Sof... Read more

Read other answers
RELEVANCY SCORE 46

Here is the gamer log and the dds logDDSDDS (Ver_10-03-17.01) - NTFSx86 Run by BILL at 17:34:21.60 on Fri 04/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.46 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:&... Read more

A:atapi driver redirect virus problem

Hello Metsfan61, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.We are dealing with a nasty infection it may take multiple posts to rid your machine of this Malware.1.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan... Read more

Read other 3 answers
RELEVANCY SCORE 46

So it seems the only fix for this is to completely recover the system with a disk(forgot the name.) But I don't have a working cd rom drive for the disk...How can I go about deleting this safely and not screw anything up? I've only seen COMBOFIX and I'm rather scared to even touch it even with approval of the techies here, help!EDIT: Moved from XP forum to more appropriate Am I Infected ~ Hamluis.

A:I've got the Atapi.sys virus(google redirect), how do I kill it?

Hi wes225 -What program are you using as an Antivirus - Also do you have Malwarebytes or SUPERAntiSpyware installed - Run your A/V and then run Malwarebytes if you can -Thank You -EDIT - Never use Combofix unless directed by an expert advisor - You can cause damage to your system if not used in the correct manner -The program is constantly being updated or altered to suit modern needs -

Read other 2 answers
RELEVANCY SCORE 45.6

I am using Windows XP -SP 1 & 2; have AVG Anti-Virus Free & Zone Alarm Firewall free installed. From yesterday morning on opening the system AVG is giving alert as follow:

Trojan horse Packed.Protector.C;"C:\WINDOWS\system32\drivers\atapi.sys";"Object is white-listed (critical/system file that should not be removed)";"11/20/2009, 3:40:15 AM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse Packed.Protector.C;"C:\WINDOWS\system32\dllcache\atapi.sys";"Moved to Virus Vault";"11/20/2009, 3:40:15 AM";"file";"C:\WINDOWS\system32\svchost.exe
"Trojan horse BackDoor.Agent.ACVO;"C:\WINDOWS\system32\drivers\qol5dbf.sys";"Moved to Virus Vault";"11/20/2009, 4:38:50 AM";"file";"System"

Alerts are repeating whenever system is opened.
The virus is unable to heal/remove (& reappear after moving to vault).

System is unable to restore to back date.

Please guide me what to do?

I thought of removing the infected file with fresh one but unable to find the same new file - not sure whether this would remove the problem. There was compulsory system shut down by NT system also once in begginning today.

Hoping early help from advanced adviser.

Thanks,

Sunil Goyal
 

A:Trojan Virus Infection atapi.sys - drivers/dllcache

Read other 16 answers
RELEVANCY SCORE 45.6

Hi,

I am having a problem that when I search something in Google via firefox, I get redirected to an unrelated site. Sometimes these sites are malware/spyware infected. I have ran the following anti-virus programs:

-Malwarebytes
-Spybot
-Hitman Pro 3.5
-McAfee
-TDSSKiller
-Avast

I have ran all of these numerous times in safe mode and normal mode. The reason i think it is affecting atapi.sys is because when i ran TDSS Killer, i said that that file is infected, and that it would be cured on rebbot, but that never fixes anything. Also I ran GMER Rootkit and he said that there was suspicious modification to atapi.sys. This problem is a pain to deal with. What is should I do?

A:Google Redirect Virus (atapi.sys rootkit problem)

I am using Windows XP by the way

Read other 2 answers
RELEVANCY SCORE 45.6

A few days ago my Symantec Antivirus AutoProtect picked up this virus and I tried to remove it but I can't. I ran Malwarebytes' Anti-Malware quickscan and it found a virus and I was able to delete it but the virus in atapi.sys remained.

I'm running Vista Basic 32-bit

I read in other forums to download combofix but on the download site it states to only use it if I have someone to guide me. Can someone please help me?

A:Need help with Trojan/Virus Backdoor.Tidserv!inf removal in atapi.sys

Welcome to BCUpdate mbam and run a FULL scanPlease post the results===================ATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop.... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

i do have the same problem with user SunilGoyal4. alerts keep on popping that i am infected with this trojan horse virus:

Trojan horse Packed.Protector.C;"C:\WINDOWS\system32\drivers\atapi.sys";"Object is white-listed (critical/system file that should not be removed)"
Trojan horse Packed.Protector.C;"C:\WINDOWS\system32\dllcache\atapi.sys"

please guide me on what to do. i do want to follow the thread of SunilGoyal4 and dvk01, but i think my logs also have to be assessed.

Thanks.
Kevin
 

A:HELP with Trojan Virus Infection atapi.sys - drivers/dllcache

bump
 

Read other 1 answers
RELEVANCY SCORE 45.2

About a week ago my PC somehow became infected with the Google redirect virus. I started searching for information about how to remove this, downloaded some programs (which may have caused more problems), and eventually discovered that the machine was infected with somewhere around 159 viruses. At first it was still possible to use the computer, but eventually the machine started freezing almost immediately after booting up. Before it came to that extremity, I had managed to download the Combofix program. Although I had read that this was not to be used without expert supervision, my machine had gone so haywire that I was on the verge of erasing the hard drive and losing all files. Before doing that, I decided I might as well try to run Combofix, which remarkably was still able to run despite all the infections/freezing desktop. I ran it in spite of being unable to disable my Symantec anti-virus program, as whenever I would disable it, it would automatically re-enable itself within moments, and I simply could not find a way to disable it. Combofix seemed to fix everything, and the PC was running well again.However, today my weekly antivirus scan alerted me to a large number of viruses, all but one of which it quarantined. The one that was not quarantined is titled atapi.sys.vir. I would be curious to know how my system became this badly infected with so many viruses, and especially how I can delete the atapi virus, and delete all the other viruses which have been qua... Read more

A:Infected with Atapi.sys virus, plus a large number of quarantined viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 61 answers
RELEVANCY SCORE 44.4

Hello,I have a Google Redirect virus on my computer where it constantly redirects any and all links resulting from a google search to bogus websites. It seems to redirect me 3 times in a row and then it lets me go to the site on the fourth try. It happens in Google searches and Yahoo searches, and I assume more search engines as well.It seems fairly similar to another person's posting found here: http://www.bleepingcomputer.com/forums/topic272216-15.htmlI would try to do the same things that this person did, but I am unclear as to what actually solved his problem, so I am a bit shaky trying to do this alone.My issue also started with Antivirus System Pro taking over my computer. (Actually, I believe that it probably initially started when I clicked on an email attachment that looked legit but proved to be suspicious (full of strange code) once I opened it). I downloaded a program I believe was called Rkill and ran that on startup which was able to kill the Antivirus System Pro process that was locking my computer down. After that I ran BitDefender, and it found a number of issues which I fixed. The only one it couldn't fix was ioursysguard.exe which was in this directory:C:\Document and Settings\...\Local Settings\Application Data\kakih ???\But, once I could get to my task manager again, I was able to kill that corresponding process, and then I deleted the file and emptied my recycle bin, and then restarted. The Antivirus System Pro stopp... Read more

A:Google redirect virus, Possible Atapi.sys Rootkit / similar to ...topic272216-15.html

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 17 answers
RELEVANCY SCORE 44.4

Request your help in removing the virus from my system. I'm not a tech savvy and hence request your assistance in removing this.

A:"C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG"

Your help is highly appreciated

Read other 3 answers
RELEVANCY SCORE 44

Please find the logDDS (Ver_10-03-17.01) - NTFSx86 Run by Shankar at 23:44:50.24 on Mon 04/05/2010Internet Explorer: 8.0.6001.18828Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1982.974 [GMT 5.5:30]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) /colorc1SP: AVG Anti-Virus *enabled* (Updated) /colorc0SP: Windows Defender *disabled* (Outdated) coloro:blue9============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\rundll32.exeC:\Windows\system32\WLANExt.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exeC:\Program File... Read more

A:"C:\Windows\System32\drivers\atapi.sys";"Virus identified Win32/Patched.CG";"Object is...

Hello Shankar.ish, to Bleeping Computer Virus, Trojan, Spyware, and Malware Removal Logs Forum. My Nick is Net_Surfer I'll be glad to help you with your computer problems. I will be working on your Malware issues, this may or may not solve other issues you may have with your machine. Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Please take note of the following which will make our fix go more smoothly:1. The cleaning process is not instant. Very seldom can we remove the entire infection in one go. Many of today's infections install other infections and for the most part they do not like to go quietly. Please continue to review my answers until I tell you your machine is clean. Just because a symptom "disappears" does not mean your system is clean. 2. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process. 3. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Please... Read more

Read other 16 answers
RELEVANCY SCORE 43.6

Hiya! This morning I managed to somehow get "Your Protection" installed on my computer. After multiple hours of googling, attempts, and what not, MalwareBytes finally uninstalled it. All was good - until I tried to google something and I get redirected constantly. There is no specific website, it is always random, and its driving me insane. Here is the methods I have taken:The rkill file.MalwareBytes - this supposedly removed Your ProtectionSpybot Search and Destroy - removed a bunch of stuff, around 15 or so. It constantly picks up something like "WindowsSecurtyAlertsAntiVirus". I have ran multiple scans.SUPERAntiSpyware - this removed multiple trojans I had not found before.Combofix - alerted to atapi being messed up.CWShredder - nothing found.TDSSKiller - It alerts, once again, atapi, but does not do anything about it upon reboot.HiJackThis! - I removed various BHO's and files associated with Your Protection via it.I have reinstalled Firefox (the main browser I use), cleared all temporary files for both FF and IE as well as Disk Cleanup. Also, unlike the others that seem to have this problem, I CAN update my MalwareBytes, as well as the various other Spyware tools I use. At this point in time, ALL my programs (MalwareBytes, Spybot, SUPERAntiSpyware) comes up clean. Combofix, TDSSKiller, and GMER are finding things.I cannot enter safe mode, either - it simply gives me an option to select either my hard drive, my slave drive, or my CD driver t... Read more

A:Rogue Anti-Virus Software (Your Protection), Google Redirection, error in atapi file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 7 answers
RELEVANCY SCORE 38

Hello..im currently experiencing a torjan or worm in my com..its called worm_reboot..can i noe how ta remove em?
 

A:Solution to virus..

Read other 7 answers
RELEVANCY SCORE 38

I am running Norton Antivirus and AVG antivirus. I keep getting virus alerts (pop ups) saying I have the Klez.h virus. Located in NortonAnti/Quarantine/Portal Folder (two files shown, pop up as infected) and also shown in the System Restore folder.

But when i run the Anti virus programs to scan, no viruses are found.

When I open Norton program, and look under Quarantine, nothing is listed.

Question? Can i just delete the Portal Folder to get rid of these. (i have sent question into Norton, but have yet to receive an anser) Also, i found the info page on how to disable System Restore, but any other help is greatly appreciated.

Thanks in advance.

Mudkitty ~~ Lisa
 

A:virus solution

Read other 7 answers
RELEVANCY SCORE 37.6

Hello there.I am new on this forum so dont show me hate I have an Asus Laptop which is really great,running everything smoothly.Last days i got a virus on this laptop which i cant detect.I used cccleaner,malwarebytes,dtsskiller and avg but nothing was found.So the virus opens links on youtube from videos with like 100 views,xat chat,sexual content sites,and pops up on startup a photo with sexual content again.Its really annoying cause i cant do nothing about it.Oh i forgot that the laptop logs off sometimes.So if anyone had same issues or knows how to help i would be grateful!Thanks in advance!

A:Cant find solution for this virus

Welcome to the forum. If you can do all our scans and post results we can deal with it PCHF System Scans

Read other 4 answers
RELEVANCY SCORE 37.6

Dear Frenz,

Can anyone know, how to disable or remove Worm:W32/Downadup.gen.

i try few removal tools such as f-secure,dcleaner & ssclean. The worm is deleted. But after few minutes its back.

any idea frenz?

thansk for sharing.

A:Virus problem+need Solution

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 37.6

Cant remove antivir solutions pro

A:Antivir solution pro virus

boopme instructed you here what to do and you did not follow those instructions so your topic was moved here.

Read other 1 answers
RELEVANCY SCORE 37.6

At my shop we found a new version of the FBI virus that automated scanners were unable to remove. What we ended up doing was booting PE and run Panda Cloud Antivirus which tagged a random generated .exe in the user folder. That file was still sought by the registry and would start a command promt everytime we booted the computer. We found it in the registy as 2 keys:
 
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and look for a shell key with a value of cmd.exe and delete it.
HKEY_CURRENT_USER\Software\Microsoft\Command Processor and look for an autorun key with the random exe and delete it as well.
 
After getting rid of these two the computer booted normally. I hope this will help people clean their machines.
 
I have found today that Hitman Pro Kickstart is now finding this so the above solution might not be nessessary but is still good info nonetheless.

A:FBI Virus 05-13-2013 Solution

Hello,
Thank you for sharing your solution! Whenever new ransomware versions come out it always takes a bit before automated tools like HMP kickstart catch up. The fix you posted will do the trick, but a bit of caution is required because wrongly editing these keys/values can cause serious damage to your computer. Unfortunately setting a system restore point or backing up is often difficult in these situations, but I'd advice any user who has this problem and isn't sure/comfortable how to fix it, not to try things but post a help request in the malware removal forum instead.
 
One small correction:

HKEY_CURRENT_USER\Software\Microsoft\Command Processor and look for an autorun key with the random exe

 
That would be an autorun value, not a key. You'll see something like "Autorun" = "c:\<path to random file>"

Read other 1 answers
RELEVANCY SCORE 37.6

I have this pop-up saying that Im infected. It always goes to a virus removal site.... I am posting the hijack this log in hopes for some help. PLEASE HELP ME here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:49:54 AM, on 4/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\lxctcoms.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Desktop Tray Clock\DTClock.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Ma... Read more

A:Nasty "Virus solution" Pop-up

Hello dewey witt,Please post a new HijackThis log. Do not use quote.

Read other 2 answers
RELEVANCY SCORE 37.6

I picked up Antivir Solution Pro Virus from a website a few days ago. Downloaded and ran Malwarebytes in Safemode. It seemed to fix it. Not!

Win Vista Home

Symptons:

1. WinTaskMgr is showing 100% CPU useage but the sum of CPU useage in running files is far less, 10% in some cases.

2. When I run Firefox it loads with saved tabs PLUS another website I've never visited -- a different one every time.

3. Tried to run HJT with it disabled writing -- couldn't save the file. Ran as Admin and got this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:07 PM, on 7/21/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.... Read more

Read other answers
RELEVANCY SCORE 37.6

Hi guys,

my sister put a virus on my laptop

basically she accidently blocked images on firefox for facebook and she didnt know how to get them back, i had a look at tools > options > under content tab it has image exceptions

and there was a whole load of sites under that list...these may have been default sites because i did not enter them?

anyway so i found facebook and removed it from the list but the images still didnt reappear...so my sister cleared the whole of the list of wesites that were on the image block list

and this may have been the cause of the virus?

i started getting pop ups from antivir solution pro telling me everything was a virus...my browsers would not connect to the internet...i couldnt start taskmngr it said it was a virus...i couldnt load add/remove programs

so i read the article on bleepingcomputer.com about removing it and went into safemode and ran malwarebytes and that seemed to get rid of the virus as i dont get the pop ups anymore

but my ie7 would not connect to the internet so i uninstalled it...and now i have ie6 which i tried to update to ie8 but it wont let me

and both my ie6 and ff 3.6 keep redirecting me to different webpages when i search something on google...so i guess they are hijacked but malwarebytes is telling me i dont have any viruses

please help

A:AntiVir Solution Pro virus

here are my log files

DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 14:22:43.98 on 17/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.254 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateServic... Read more

Read other 12 answers
RELEVANCY SCORE 37.6

Hello,

I'm having problems with AntiVir Solution Pro pop-up. I'm running Windows XP and recently got a pop-up notification telling me I was infected with something and then proceeded to "scan my computer" which I stopped and all but obviously it hasn't gone away. And I'm fearful because I can't even open AVG or Malwarebytes. There are constant "infiltration alerts" and other pop-up notifications with this and even opens up sites from Internet Explorer when I am actually using firefox.

I'd appreciate any kind of help with this!

Thank you!

Edit: Ok, I might have jumped the gun here. I kind of panicked and posted here first instead of seeing if I could do something myself. So, I'm going to try following the guide in the Spyware Removal topic to try and remove it, also I tried to delete this entire post but I can't :/

Update: Wow, this is embarrassing, I couldn't even get past the first step. My problem is that I can't start the computer in safe mode, every time I selected Safe Mode with Networking it would just return to the screen where you choose how you want to start windows. Therefore, I'd be happy with any help anyone can give me!

A:AntiVir Solution Pro Virus

Hi, it's been a few weeks and I've had no replies, I've kind of been at a lost as to what to do with my computer. I haven't really used it since I found out I was infected with AntiVir Solution Pro. Today I tried again to boot in Safe Mode so I could follow the instructions here: http://www.bleepingcomputer.com/virus-remo...ir-solution-pro. But no luck. I googled what I should do to get it to boot in Safe Mode and saw that maybe using msconfig might help. I selected Diagnostic Startup hoping that might at least allow me to start in Safe Mode, but still no luck, it just brings me back to the screen of options, but the only option that would work is if I chose to start up windows normally. I don't really have any experience with this kind of situation so I would appreciate any kind of help!

Read other 1 answers
RELEVANCY SCORE 37.6

I've run MBAM and it has found nothing. I am in safe mode.

I deleted two registry entries using Hijack this, but found more using regedit that I know are associated with this stupid virus.

They are in HKEY_CURRENT_USER\Software\SolutionAV

They are all jibberish.

Can they be deleted?

Will this fix my computer?

I have found no running processes associated with the problem, and also no registry keys listed on other sites have been on my machine.

HELP!

Read other answers
RELEVANCY SCORE 37.6

First of all, I want to thank everybody here that spent their time to help the others..

Every time my PC got infected with different types of malware I found solution for it here. However, I did not find any problem that is similar to mine..

here is the picture of my antivirus which is Avira "the free version"



and here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:49, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bh11ySa6d\IDMan.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NgrabLite\NGrabLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Progr... Read more

A:Solved: I have a virus.. Any solution

any help please, I installed avast instead of avira and still nothing !
 

Read other 1 answers
RELEVANCY SCORE 37.6

My computer is infected with two different viruses that claim to be security centers and are trying to get me to block attacks every few seconds. The virus wont allow me to open any programs minus mozilla firefox and wont allow to download the defogger recommended as one of the start-up steps. Is there a way for me to get these things downloaded around the virus? Or what would you suggest as my best option.

A:Antivir Solution Pro virus

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers
RELEVANCY SCORE 37.2

Hi all,

I am totally stumped on this one, im visiting home and my little brother has a problem with the laptop (im on just now). It has webroot spysweeper installed coming up fine (latest defs).

I ran Hijack this and checked out the log and deleted all things that where of no importance.

The computer runs perfect, i only noticed because i could hear spysweeper blocking popups and i cant play some games (or even type this) as the window often loses focus as it drops some FPS.

Annoying as it is, i went to download trend micro and i had a problem with installing it, it wouldnt install so i just deleted it and downloaded virworks antivirus and when i extract it exe files dont extract. So basically its a massive problem because any exe copied is instantly deleted. All known virus scanners do not install.

I decided to go in safe mode but i cant, i get a new BSOD but its deffo not hardware related, i have read other posts like this but no replies so im hoping someone can point me in the right direction.

There is currently only required processes running, explorer.exe and iexplorer.exe can be closed and are not hiding as those names.

Also, hijack this is clean now and since no scanner can be installed then im at a loose end and i currently dont have the capability to do a clean install! (only visitin family an no windows disk!)

thanks.
 

A:XP Virus , any ideas welcome so i can search solution

How about posting the make and model of the computer, operating system version, and a hijackthis log--

Get the correct version here:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click Edit > Select All> Edit > Copy to copy the entire contents of the log.
Paste the log in your next reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers