I am trying to figure out what I've caught. Whatever it is, it is not being picked up by McAfee nor PC Tools Spyware Doctor. I end up being redirected to random sites and this evening I was asked to download something from a site that looked exactly like a genuine Microsoft. Is there anyone who can help, thanks ... Tom
Please try these tools:
Please try the steps below..
On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:
Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well. After installing and updating SuperAntispyware, run another full system scan and delete everything it finds as well. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
Hope this helps.
Will do and thanks Grif. I will give it a try and let you know the results.
Tom, Montreal Canada
same problem....no solution so far
Hello Grif. I went throught the procedure, used a safe machine, downloaded and renamed and ran mbam and superantispyware, AND ran McAfee (which I run on my PC) which picked up some stuff but nothing that made me think it had found it. Run of the mill adware stuff for online gaming etc. Any other ideas would be appreciated? Thanks, Tom.
I had the same problem and have tried everything. Finally I found Hitman Pro 3.5 ran the scan and it solved it. It found a problem with Windows\system32\drivers\atapi.sys. The program is freeware and only took about five minutes to run. Hope this works for you.
Thank you for your help tv104. The same virus name as you mentionned in your reply was found i.e. atapi.sys along with a few others that I do not believe were the culprits here but just the same it cleaned them up. Loading and running Hitman Pro took literally 10 minutes end to end. The original problem persisted even after having loading Firefox, scanning with a multitude of various apps and McAfee never found it. Not sure how it could have snuck in as McAfee is always running on my PC.
In any case, thanks again for your help, much appreciated .... Tom
Glad you got things sorted out..
Apparently, you were able to connect to the internet.. That's the primary issue with Hitman Pro.. It needs an internet connection to correctly determine the validity of many detected problems. If you don't have an internet connection, its "cloud based" scanner/classifyer doesn't give a reliable determination of suspicious files.
Just a word of caution.. The "atapi.sys" file which was detected on your system is a required, legitimate file and it resides at the same location you've mentioned. In addition, there are a number of malware scanners that have incorrectly called that file a rootkit. (It was a false positive using Malwarebytes about a month ago.) Still, the "atapi.sys" file CAN be infected with malware and if Hitman removed the infection and your computer is still running, that's a good thing..
Keep up the good work.
Hope this helps.
Thanks... So far the Hitman Pro seems to be working. I tried almost eveything else and was getting very frustrated with the re-direct. It found the Root Kit Windows\system32\drivers\atapi.sys also, and another .exe it said was suspicious.