Jump to content

HELP


slippin
 Share

Recommended Posts

Hello,

I have a problem a-squared detects the file atapi.sys(96kbytes) as Rootkit.Win32.TDSS.y! A2.

I tried to replace it with a clean file from the distribution (os ms xp sp3) which weighs 48kbytes, but again he was replaced by a tether in the infected 98kbytes (tried to remove, but it appears again).

Attaching a file to the message

I very much hope your some help.

p.s.Excuse me for my bad English

Link to comment
Share on other sites

Hi slippin, and welcome to the forum

1) do not post suspected files.

There is a special procedure of submitting flagged items to EMSI developers or to any other vendor that produced flaggings for investigation.

2) Today's detections of atapi.sys was most likely False Positive.

a-squared displayed the message to submit and the items did not appear

in the detection list.

The detections here were in

C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386

and C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386

3) In any case never rush to remove/quarantine system files. Please read this Sticky

4) If you want to find out how to investigate the matter regarding False Positives, please create new thread in the respective section and you will be advised.

5) Since you posted into this section and/or your System is misbehaving

follow the standard rules that apply here:

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

Link to comment
Share on other sites

slippin,

Sure you can attach the log files into this thread if you feel that the system has to be checked here

Two comments though:

1) Please read the conditions for running and attaching Win32kDiag

You may not necessarily need to run it

2) before running Deep Scan by a-squared - update!

My regards

Link to comment
Share on other sites

The situation is changed from the file atapi.sys changed md5 number, now the file is not detected by a-squared, but detected by eSafe (Win32.Rootkit) and McAfee Gw-edition (Heuristic.BehavesLike.Win32.Rootkit.H)

I'd like to hear your opinion on this subject

Link to comment
Share on other sites

Link to comment
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...