Could you upload this file to www.webimmune.net
C:\Windows\System32\drivers\atapi.sys
and post back the submittion id please
Message was edited by: Vinod R on 12/4/09 4:01 AMThank you, Vinod.
It is posted as ID 5674232.
Vinod or anyone,
Do you have any other ideas?
sorry for the delay in response.... could you submit the same file on www.virustotal.com and then select re-analyze .... it will list out the detections for that system file.... once done copy the website address ( the link for the detection list) and post back.... it would help us see the properties of that file easily..
Vinod,
Here is the link:
Here are some interesting line items (all others show no result):
eSafe | 7.0.17.0 | 2009.12.03 | Win32.Rootkit |
McAfee-GW-Edition | 6.8.5 | 2009.12.05 | Heuristic.BehavesLike.Win32.Rootkit.H |
I hope this may be the culprit.
I looked at the other helpful post (from Mirjam) about the FakeAlert virus, but I don't think I have that. None of those files appear on my computer, and I have already used HijackThis, and have found no such references in the registry.
But I appreciate any piece of advice - thanks.
Message was edited by: Jeffrey Howard on 12/5/09 1:20:07 PM CSTSorry it didn't work. I got redirected to the China Sex Museum all the time. The tool on myantispyware.com was the only thing that worked. Hope you find a solution too.
Tentatively, and with some reservation, I'd like to celebrate. I believe that I've successfully removed the virus that was affecting my computer.
After trying nearly every resource, and spending hours researching the Internet and reading forums like this one, I was able to find a tool called "combofix" (you can Google for it, but it's only associated with bleepingcomputer(dot)com, and often masquerades under this name as a virus on other sites). This tool came with many disclaimers about the sensitivity of the rootkit viruses that it specializes in cleaning, and recommends that it only be used when recommended by an expert.
However, I was desperate, so I regarded the disclaimers, and went ahead at my own risk. Fortunately, after several reboots, it claimed to have cleaned some files from my computer, and since then, I no longer have the browser redirect problem.
Thanks for all the advice from these forum users. If you are having browser redirect problems, I highly suggest reading the forums from the website mentioned above. They were really helpful in finding users with similar issues, and I heeded the advice given in those similar cases.
Hopefully, the virus is gone for good, but I am going to change all my bank account passwords from another computer, as recommended by the experts on that forum. Apparently, some versions of rootkit viruses can send personal information over the Internet, and leave a person vulnerable to identity or bank account theft - and I don't want to take any chances.
Again, thanks to all for the advice. After 10 different virus checking programs, none of them were able to solve this problem, except for one. Viruses have clearly evolved to insane levels of complexity and insidiousness. I hope others can solve their problems as well.
I am glad that you are ok. From the detection and description of the issue and solution applied I am quite positive that this was a very new variant of a complicated rookit that infects and affects the system file ( Atapi.sys..iasotr.sys etc....). The particular one digs deep on to the machine and starts up on the machine very early using techniques not so common.
If you inspect the logs of combofix you are likely to see that the file mentioned has been replaced by something. ( something .. because its not revealed properly to prevent mis-use by malware writers)
NOTE:
OTHERS AFFECTED WITH SIMILIAR ISSUE DO NOT ATTEMPT TO USE THE TOOL MENTIONED BY THE ORGINAL POSTER. TOOL MENTIONED IS VERY POWERFUL AND MUST BE USED ONLY WHEN A QUALIFIED TECHNICAIN OR HELPER INSTRUCTS YOU TO DO SO.
i am a typo master....... la la....... on 12/6/09 8:46:07 PM GMT+05:00
Vinod, thanks, and it was in fact one of the files you mentioned.
I just wanted to check by and see if anyone like yourself responded. I am curious if McAfee is in progress on building in a fix for this new variant of rootkit virus.
This whole experience has made me very wary of web-surfing on anything but the most trusted sites. So it would be nice to know if McAfee will add support for this, so that I can be protected.
I have exactly same problem. Mcafee doesnt detect it. Can somebody guide please
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA