Jump to content
Important Announcement: Planned Forum Shutdown ×
Important Announcement: Planned Forum Shutdown

HELP

slippin

By slippin,
in Help, my PC is infected!

 Share

Recommended Posts

slippin

slippin

Posted
Posted

Hello,

I have a problem a-squared detects the file atapi.sys(96kbytes) as Rootkit.Win32.TDSS.y! A2.

I tried to replace it with a clean file from the distribution (os ms xp sp3) which weighs 48kbytes, but again he was replaced by a tether in the infected 98kbytes (tried to remove, but it appears again).

Attaching a file to the message

I very much hope your some help.

p.s.Excuse me for my bad English

Link to comment
Share on other sites
Lynx

Lynx

Posted
Posted

Hi slippin, and welcome to the forum

1) do not post suspected files.

There is a special procedure of submitting flagged items to EMSI developers or to any other vendor that produced flaggings for investigation.

2) Today's detections of atapi.sys was most likely False Positive.

a-squared displayed the message to submit and the items did not appear

in the detection list.

The detections here were in

C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386

and C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386

3) In any case never rush to remove/quarantine system files. Please read this Sticky

4) If you want to find out how to investigate the matter regarding False Positives, please create new thread in the respective section and you will be advised.

5) Since you posted into this section and/or your System is misbehaving

follow the standard rules that apply here:

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

Link to comment
Share on other sites
Lynx

Lynx

Posted
Posted

slippin,

Sure you can attach the log files into this thread if you feel that the system has to be checked here

Two comments though:

1) Please read the conditions for running and attaching Win32kDiag

You may not necessarily need to run it

2) before running Deep Scan by a-squared - update!

My regards

Link to comment
Share on other sites
slippin

slippin

Posted
  • Author
Posted

The situation is changed from the file atapi.sys changed md5 number, now the file is not detected by a-squared, but detected by eSafe (Win32.Rootkit) and McAfee Gw-edition (Heuristic.BehavesLike.Win32.Rootkit.H)

I'd like to hear your opinion on this subject

Link to comment
Share on other sites
ShadowPuterDude

ShadowPuterDude

Posted
Posted (edited)

Without logs, I can't even begin to determine what is or is not malware.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Traduction anglais-français: http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F&sl=en&tl=fr&history_state0=

Englisch > Deutsch Übersetzung: http://translate.google.com/translate?hl=en&sl=en&tl=de&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F

Inglese Traduzione italiana: http://translate.google.com/translate?hl=en&sl=en&tl=it&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F

Traducción del Inglés al Español: http://translate.google.com/translate?hl=en&sl=en&tl=es&u=http%3A%2F%2Fsupport.emsisoft.com%2Findex.php%3F%2Fforum-6%2Fannouncement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread%2F

EDIT: The copy of atapi.sys that you original attached, to your first post, is the correct file for Windows XP SP3; file size, md5, file name and signature match.

Edited by ShadowPuterDude
additional information
Link to comment
Share on other sites
ShadowPuterDude

ShadowPuterDude

Posted
Posted

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 06/30/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...