1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

system32\drivers(dllcahce)\atapi.sys Trojan packer

Discussion in 'Virus & Other Malware Removal' started by AndreasA, Dec 3, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. AndreasA

    AndreasA Thread Starter

    Joined:
    Dec 3, 2009
    Messages:
    6
    This morning I got a trojan warning out of the blue, while browsing a webpage where local taxi companies were compiled. I am using Windows XP Service Pack 3, AVG antivirus and SpyBot Search and Destroy.

    While AVG gave me the warning Spybot said that I needed to allow some system startup values I couldn't do anything however as Spybot froze and my computer started lagging a lot. I was forced to crtl-alt-del to end the spybot process and AVG wouldn't let me do anything else than Ignore the threat. I ran a full scan on AVG and in the end it said that the threats had been healed and asked me to do a system reboot. On startup however AVG still gave me the warning. Then I was able to remove 1 threat again. I'äm adding some pictures below. (Ignore the picture names... I panicked)

    Also what happened is that suddenly all my rememberd passwords in facebook, my picture gallery and a couple of forums have been forgotten and I am logged off.

    http://www2.picturepush.com/photo/a/2590130/1024/Myself/fun.bmp - location details
    http://www4.picturepush.com/photo/a/2590272/1024/Myself/fun3.bmp - after startup

    EDIT - Spybot is still bugging me about some startup registries, but I can't do anything since it freezes all the time. I might of managed to hit deny access once, but I couldn't check the remember decision box. I wasn't able to see the name of the registry since the box always goes grey-ish.

    EDIT again - the startup entry spybot is bugging me about is C:\WINDOWS\system32\av_md.exe and regedit32 Right now I'm denying them access, but I don't want to hit the "remember decision" box until I know what's going on.
     
  2. AndreasA

    AndreasA Thread Starter

    Joined:
    Dec 3, 2009
    Messages:
    6
  3. AndreasA

    AndreasA Thread Starter

    Joined:
    Dec 3, 2009
    Messages:
    6
    More - Looks like I got rid of the av_md.exe files. I'm searching my system for it to be sure. AVG still gave me a warning about the C:\WINDOWS\system32\drivers\atapi.sys though. Spybot stopped bugging me thankfully.
     
  4. AndreasA

    AndreasA Thread Starter

    Joined:
    Dec 3, 2009
    Messages:
    6
    Even more... I found a copy of the av_md.exe in - C:\WINDOWS\system32\config\systemprofile - too

    I also denied the changes Spybot kept bugging me about.
     
  5. AndreasA

    AndreasA Thread Starter

    Joined:
    Dec 3, 2009
    Messages:
    6
    The superantispyware is unable to detect any threats in the atapi.sys file. However AVG gave a warning about it as soon as I started the scan. Spybot keeps blocking the regedit change constantly. I have removed all the av_md.exe files that I could find, but now I've hit a dead end.
     
  6. AndreasA

    AndreasA Thread Starter

    Joined:
    Dec 3, 2009
    Messages:
    6
    I tried Malwarebytes now, a free version though. It was unable to find anything in the first file even with a full scan. It solved some other stuff though. Any help here?

    Can I just delete atapi.sys? I am getting really annoyed here,
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/882471

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice