How to protect yourself from malware, adware and other virus

Posted: Tue Jun 21, 2011 9:16 am

=$9artan= wrote:

I've got this, windows\systems32\drivers\atapi.sys according to google it's malware and it's a bastard to get rid of. Avast is the only program that detects it but wont delete it, move it or nothing. I'm going to try a guide i found here. Before i do anybody got any better suggestions?

atapi.sys
ATAPI IDE Miniport Driver Windows Update

It's on every windows computer I've ever looked at.

here it is on my machine

Posted: Tue Jun 21, 2011 9:20 am

=$9artan= wrote:

I've got this, windows\systems32\drivers\atapi.sys according to google it's malware and it's a bastard to get rid of. Avast is the only program that detects it but wont delete it, move it or nothing. I'm going to try a guide i found here. Before i do anybody got any better suggestions?

There is a legitimate atapi.sys driver, but this could be it and its infected, or it could malware thats using another atapi.sys filename. Just make sure its not a false positive your getting.

edit: ninja'd

what av is telling you its infected? Sounds like false positive. Try running with another program like malwarebytes

edit2: sorry i see youve said its AVast. Download and isntall and update malwarebytes and run full scan with it. See if that also flags it as malware?

Posted: Tue Jun 21, 2011 9:23 am

Or better yet what's the file data on it?
if the date and size matches mine it's a windows file. If it was recently changed there might be something going on. I've never heard of this particular file being viral though.

Posted: Tue Jun 21, 2011 1:25 pm

Malwarebytes does not pick it up only Avast. In Avast in the log it says the threat is Win32:Alureon-FQ

Then in the result bit it says Error: the specified file is read only (6009)

Google is now telling me that this is some really bad shit, and it's a Trojan in my os. Also i had unusual activity on my gmail account and had to reset it.

Looks like this is bad guys.

Posted: Tue Jun 21, 2011 5:45 pm

See if this is any help ....

http://www.computerforum.com/172355-i-have-trojan-win32-alureon-fq.html

Read about it on a few forums and apparently a programme called "Hitman Pro" gets rid of it ....... the link below is for Hitman Pro, it's free for thirty days.

http://www.surfright.nl/en linked edited by mod

Posted: Tue Jun 21, 2011 6:03 pm

rob that was linked straight to a download Rolling Eyes

Posted: Tue Jun 21, 2011 6:09 pm

Sorry ! Must have copied the wrong link as I downloaded it aswell ...........

Posted: Tue Jun 21, 2011 6:21 pm

For all the size of the file you try and upload it to one of these sites

virustotal

http://www.virustotal.com/

jotti

http://virusscan.jotti.org/en-gb

If it is bad and you have to remove the file you could try removing it with
malwarebytes fileassassin or Unlocker
http://www.emptyloop.com/unlocker/

Also Spybot Search & Destroy has options to see if things look dodgy in the startup ..

Posted: Tue Jun 21, 2011 6:27 pm

it's also a root windows file. If it's been altered a secure file check should say so.

go to the start bar and run or search box depending on windows version
type cmd and hit enter
in the box that opens up type
SFC /Scannow
hit enter and let it run.
If a base windows file has been altered it will see it.

Posted: Wed Jun 22, 2011 3:44 am

=$9artan= wrote:

I've got this, windows\systems32\drivers\atapi.sys according to google it's malware and it's a bastard to get rid of. Avast is the only program that detects it but wont delete it, move it or nothing. I'm going to try a guide i found here. Before i do anybody got any better suggestions?

Just came across a page on: remove-malware.com/malware/malware-news/atapi-sys-rootkit-is-everywhere/
If you look down on the right bottom corner in"Related post" and choose "1 - Nasty new Rootkit Patches Atapi.sys. Hope this helps.

You might want to try Iobit new Malware Fighter V1.0
Good luck.

Posted: Tue Jun 28, 2011 10:23 pm

thanks for the post pacino23!

Posted: Sat Jul 16, 2011 4:42 pm

Thanks man I found it very helpful! I am downloading the programs you recommended

Posted: Sun Sep 11, 2011 12:58 pm

Thank you guys, this gonna be a very useful informations, keep on sharing this such great informations. Smile

Posted: Wed Oct 19, 2011 7:21 pm

boknoy wrote:

Thank you guys, this gonna be a very useful informations, keep on sharing this such great informations. Smile

peerblock and ultrasurf, not sure if it was mentioned.

Posted: Mon Nov 21, 2011 11:39 am

some mod should know that in Comment #4523533 of the torrent http://isohunt.com/torrent_details/354120741/anno+2070?tab=comments a user posts a link to a virus claiming its a crack/serial for the video game listed on that torrent.