I had a hard time getting rid of this problem.
Spyware Terminator detected it, and it's attempt to remove it wasn't successful.
I had to find a clean copy of "atapi.sys" and save it to my documents. Then I had to use RootRepeal and use its tools to force-wipe the infected copy of "atapi.sys" from two locations.
File: C:\WINDOWS\system32\DRIVERS\atapi.sys
Registry HKLM\SYSTEM\CurrentControlSet\Services\atapi located at
After that, I copied and pasted the clean copy of "atapi.sys" into those locations and run a full scan again.
Spyware Terminator then reported:
So, to clean this temp file out, I used
CCleaner. First I changed the settings under "advanced settings" to delete ALL TEMP files, not just the ones older than 24 hours.
Then I run the cleaner. And after that, I run the registry Cleaner.
Then I scaned again with Spyware Terminator, and it came up clean.
Finally, I run Norton Ghost" and made a clean backup of my computer to an external drive.
Good luck, and I hope you don't have this Nasty RootKit.
Navigation: use the links below to view more comments.
first 1-20, 21-22 next last
To: Yosemitest
It does not show up on my Linux box
To: Yosemitest
Wow
What a project!
Sorry to say it but ,,, get a Mac.
And tell Bill Gates where to get off with his POS DOS system from the 90s that he refuses to bring into the modern world.
3 posted on
04/07/2010 1:30:07 AM PDT by
DontTreadOnMe2009
(So stop treading on me already!)
To: Yosemitest
hoo boy, stealing your DNS gives virtual carte blanche to the haxors.
4 posted on
04/07/2010 1:32:49 AM PDT by
HiTech RedNeck
(I am in America but not of America (per bible: am in the world but not of it))
To: Yosemitest
BTTT. Thanks for posting!
5 posted on
04/07/2010 1:34:13 AM PDT by
EdReform
(Oath Keepers - Guardians of the Republic - Honor your oath - Join us: www.oathkeepers.org)
To: Yosemitest
Which Windows. XP? Vista? 7?
6 posted on
04/07/2010 1:35:22 AM PDT by
HiTech RedNeck
(I am in America but not of America (per bible: am in the world but not of it))
To: Yosemitest
11 posted on
04/07/2010 1:53:07 AM PDT by
truthguy
(Good intentions are not enough!)
To: Rammer
12 posted on
04/07/2010 1:59:54 AM PDT by
Rammer
To: Yosemitest
16 posted on
04/07/2010 2:12:13 AM PDT by
bmwcyle
(Free the Navy Seals)
To: Yosemitest
Where do I go/what do I search for to see if my pc has the trojan? Can’t I just look for a certain file rather than downloading a scanner?
25 posted on
04/07/2010 2:57:02 AM PDT by
chilltherats
(First, kill all the lawyers (now that they ARE the tyrants).......)
To: GreatMan
48 posted on
04/07/2010 4:37:05 AM PDT by
GreatMan
To: All
Prevention
Take the following steps to help prevent infection on your system:
-
Enable a firewall on your computer.
-
Get the latest computer updates for all your installed software.
-
Use up-to-date antivirus software.
-
Use caution when opening attachments and accepting file transfers.
-
Use caution when clicking on links to web pages.
-
Avoid downloading pirated software.
-
Protect yourself against social engineering attacks.
-
Use strong passwords.
All pretty standard PC security stuff. I wonder if Microsoft Security Essentials handles this?
56 posted on
04/07/2010 5:13:01 AM PDT by
McGruff
(Don't criticize. Explain to me who I should support other than Sarah Palin.)
To: Yosemitest
To: Yosemitest
Off topic.....I have Crap Cleaner, but don't use it anymore since it erases all my stored log-in stuff, ofrum passwords, etc. Do you have any idea what 'checkbox' I should uncheck?
C Cleaner gets rid of more junk than any other utility, but as is right now, I'm leaving it alone.
73 posted on
04/07/2010 7:23:03 AM PDT by
ErnBatavia
(It's not the Obama Administration....it's the "Obama Regime".)
To: Yosemitest
Wow - your post has a ton of good info. Thanks.
76 posted on
04/07/2010 7:47:39 AM PDT by
weef
To: Yosemitest; rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...
80 posted on
04/07/2010 9:49:19 AM PDT by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: Yosemitest
Bump for later dissection at home. Cool genealogy lesson on XP.
82 posted on
04/07/2010 9:56:06 AM PDT by
ssaftler
(America feared a third "W" term, and got a second "Jimmuh" term instead.)
To: Yosemitest
92 posted on
04/07/2010 11:00:17 AM PDT by
LucyJo
To: Yosemitest
My gosh! I just bought a Dell Mini 10, with windows 7 starter (my first windows purchase since win2k). If it ever gets to that point, I think I’d just take it out back and shoot it, and go buy another one.
To: LibreOuMort
102 posted on
04/07/2010 1:09:27 PM PDT by
sionnsar
(IranAzadi|5yst3m 0wn3d-it's N0t Y0ur5:SONY|Remember Neda Agha-Soltan|TV--it's NOT news you can trust)
To: Yosemitest
Somebody out there will come up with a little program to remove that soon for free I am sure.
106 posted on
04/07/2010 1:25:09 PM PDT by
A CA Guy
( God Bless America, God bless and keep safe our fighting men and women.)
Navigation: use the links below to view more comments.
first 1-20, 21-22 next last
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson