Inactive Trojan horse is back

[gooodjunkk]

Filename: atapi.sys
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Sat 21 Aug 2010 23:00:59 (CET) Permalink
File size: 86912 bytes
Filetype: PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5: 95b858761a00e1d4f81f79a0da019aca
SHA1: 008bbadc55fb145c32b240644083059677681025

 

[crunchie]

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
c:\windows\$NtServicePackUninstall$\atapi.sys | c:\windows\system32\drivers\atapi.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

=============

Let me know how things are please.

 

[gooodjunkk]

Ok, here is combofix log. I was able to turn off AVG this time.... wierd.


Thanks again for all your help.

 

[crunchie]

How are things now?

 

[gooodjunkk]

It's kind of hard to say. Seems like it may be better. I didn't reboot cuz I wasn't asked to. Should I have anyway?

 

[crunchie]

Always best to reboot.

 

[gooodjunkk]

So far so good.. computer does seem to be running better. Anything I should be doing besides just keeping an eye out for recurring problems?

 

[crunchie]

Just make sure all your programs are up to date and you should be good.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.