Solved Rootkit taking over my system, atapi.sys BSOD virus
- Thread starter bchung
- Start date
Broni
Posts: 56,041 +516
Please, run F-Secure Online Scanner
- Disable your Antivirus program.
- Checkmark I have read and accepted the license terms.
- Click on Run Check button.
- Quick scan (recommended) option will come pre-checked. Don't change it.
- Click on Start button.
- When scan is done, in Step 3: Clean the files, leave all settings as they're.
- Click Next button.
- Click Full report... button.
- Copy report's content and paste it into your next reply.
[FONT=Arial]Scanning Report[/FONT]
[FONT=Arial]Wednesday, July 4, 2012 20:12:38 - 20:19:43[/FONT]
Computer name:
Scanning type: Quick scan
Target: System
[FONT=Arial]No malware found[/FONT]
[FONT=Arial]Statistics[/FONT]
Scanned:
[FONT=Arial]Wednesday, July 4, 2012 20:12:38 - 20:19:43[/FONT]
Computer name:
Scanning type: Quick scan
Target: System
[FONT=Arial]No malware found[/FONT]
[FONT=Arial]Statistics[/FONT]
Scanned:
- Files: 4698
- System: 4698
- Not scanned: 0
- Disinfected: 0
- Renamed: 0
- Deleted: 0
- Not cleaned: 0
- Submitted: 0
Broni
Posts: 56,041 +516
1. Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
2. Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it.
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
Clean up with OTL:
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. (Windows XP only) Run defrag at your convenience.
11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
13. Please, let me know, how your computer is doing.
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
2. Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it.
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Do NOT post JavaRa log.
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. (Windows XP only) Run defrag at your convenience.
11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
13. Please, let me know, how your computer is doing.
I just completed everything listed; download PSI, FileHippo etc. How do I make a new restore point since my old ones were deleted.
I am currently running Windows Update and one of the files failed to install.
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Vista...... (KB2656370)
I am currently running Windows Update and one of the files failed to install.
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Vista...... (KB2656370)
Broni
Posts: 56,041 +516
Did you complete step 1?
If you did it did reset restore points. You just have one, clean one.
As for that update, download and install it manually: http://www.microsoft.com/en-us/download/details.aspx?id=29364
If you did it did reset restore points. You just have one, clean one.
As for that update, download and install it manually: http://www.microsoft.com/en-us/download/details.aspx?id=29364
Latest posts
-
EA wants to place ads in full-price games, again- Anton Longshot replied
-
OpenAI considers letting users create AI-generated porn- Dimitriid replied
