Printable View
After many infections, my pc is the victim of a strange thing that prevents it from using any other browser IE and totally prohibits access to Windows Update. After some research it seems to me that I am the victim of a rootkit that modifies atapi.sys. I had run Combofix and the log files does not tells me to do anything. I believe that all things are not really cleaned. How to fix that.
Run a system scan under safe mode. Use Malwarebytes Antimalware. For the further issue download and install GMER. It is a fixing tool to restore your damage file. for this first disable your security software like antivirus, antispyware, etc and closes all open programs. Then run the GMER setup. If your anti-virus alert appears for the file or gmer.sys gmer.exe, let it run. Click on the rootkit tab and scan your system.
First you must remove your older antivirus program so that you can run the scan with other antivirus program. For that click on Start and then click on Run. Then type Combofix / uninstall and OK. After that clean your computer with CCleaner and disable and then re-enable System Restore. Because that can restore the virus. Remove all the recently installed programs from Control Panel > Add remove program.
It is a rootkit virus and it add as patch to atapi.sys file. This variant has also aimed to generate redirects in Google searches. At the time of this writing, this variant uses various modes of propagation for exploiting your system. This variant is characterized by this temporary file. Open the temp folder and then search for this files. The name can be 4.tmp or 1.tmp. Use CCleaner to clean your computer.
In my system AVG has detected Rootkit Trojan infection. The virus name is Rootkit-Pakes.U and the location for the same is C: \ bak \ Windows.0.bak \ system32 \ drivers \ atapi.sys. I searched among the drive C: \ WINDOWS \ system32 \ drivers atapi.sys file and found there also but AVG has not detected any threat. I am using Windows XP home service pack 3 and right now for web browsing I am using Internet Explorer 8. Where the virus is.
There are some fixes for that. I know a simple tool name called ZHPDiag.exe. It is also called as ZHPFix. Do not change the settings just install the software and run it at the end. Click on the shortcut icon of this file and then click on options. A list appears in the main box, from their verify that all lines are well marked except 045 and 06. Then click on the button of magnifying glass to start the scan.
A rootkit virus is hard to find and remove. I got a infection recently. I had use Gmer mbr.exe to find the exact location of this software. But before running this disable your internet connection and stop all applications running. run this application and after sometime of scan you can see a report mbr.log. It will show a message MBR rootkit code Detected. To cure that click on start > run and type userprofile\desktop\mbr -f.
I was able to remove this rootkit virus using HitmanPro...you can find it at download dot com (or just Google search for it). I installed it from a flash drive after booting in SAFE mode. I believe it is a 30 day trial but it did the trick.