[Yosemitest]

I had a hard time getting rid of this problem.

Spyware Terminator detected it, and it's attempt to remove it wasn't successful.

I had to find a clean copy of "atapi.sys" and save it to my documents. Then I had to use RootRepeal and use its tools to force-wipe the infected copy of "atapi.sys" from two locations.

File: C:\WINDOWS\system32\DRIVERS\atapi.sys


Registry HKLM\SYSTEM\CurrentControlSet\Services\atapi located at

File: c:\WINDOWS\ServicePackFiles\i386\atapi.sys

After that, I copied and pasted the clean copy of "atapi.sys" into those locations and run a full scan again.

Spyware Terminator then reported:

Program: Rootkit-2660 C:\WINDOWS\system32\drivers\SET1A5.tmp Action: Auto Deny Shield: File Access shield

Process: Rootkit-2660 (Trojan Detected by ClamAV)

So, to clean this temp file out, I used CCleaner. First I changed the settings under "advanced settings" to delete ALL TEMP files, not just the ones older than 24 hours.
Then I run the cleaner. And after that, I run the registry Cleaner.

Then I scaned again with Spyware Terminator, and it came up clean.

Finally, I run Norton Ghost" and made a clean backup of my computer to an external drive.

Good luck, and I hope you don't have this Nasty RootKit.

[taxcontrol]

It does not show up on my Linux box

[DontTreadOnMe2009]

Wow

What a project!

Sorry to say it but ,,, get a Mac.

And tell Bill Gates where to get off with his POS DOS system from the 90s that he refuses to bring into the modern world.

[HiTech RedNeck]

hoo boy, stealing your DNS gives virtual carte blanche to the haxors.

[EdReform]

BTTT. Thanks for posting!

[HiTech RedNeck]

Which Windows. XP? Vista? 7?

[truthguy]

read later

[Rammer]

ping

[bmwcyle]

bttt

[chilltherats]

Where do I go/what do I search for to see if my pc has the trojan? Can’t I just look for a certain file rather than downloading a scanner?

[GreatMan]

ping

[McGruff]

Prevention

Take the following steps to help prevent infection on your system:

• Enable a firewall on your computer.
• Get the latest computer updates for all your installed software.
• Use up-to-date antivirus software.
• Use caution when opening attachments and accepting file transfers.
• Use caution when clicking on links to web pages.
• Avoid downloading pirated software.
• Protect yourself against social engineering attacks.
• Use strong passwords.

All pretty standard PC security stuff. I wonder if Microsoft Security Essentials handles this?

[phockthis]

save

[ErnBatavia]

Off topic.....I have Crap Cleaner, but don't use it anymore since it erases all my stored log-in stuff, ofrum passwords, etc. Do you have any idea what 'checkbox' I should uncheck?

C Cleaner gets rid of more junk than any other utility, but as is right now, I'm leaving it alone.

[weef]

Wow - your post has a ton of good info. Thanks.

[ShadowAce]

[ssaftler]

Bump for later dissection at home. Cool genealogy lesson on XP.

[LucyJo]

bookmark

[shorty_harris]

My gosh! I just bought a Dell Mini 10, with windows 7 starter (my first windows purchase since win2k). If it ever gets to that point, I think I’d just take it out back and shoot it, and go buy another one.

[sionnsar]

ping

[A CA Guy]

Somebody out there will come up with a little program to remove that soon for free I am sure.