Jump to content

IRP Hook, \Driver\atapi DriverStartIo -> 0x885D52C6


Recommended Posts

Not really sure what else to tag up there in the topics tag...

...anyway.

Two days ago my boss alerts me to some crazy noises (like 6 radio stations going off at the same time, some warbled, some skipping, some spanish, some songs, one specifically a home depot commercial) going on in the background of his computer. I kind of laughed and went over to close out of any hidden windows he had or to shut down some secrete IE process running in the background somehow. I don't know. Well there were no open windows and I closed out every process not windows-critical with no success... the noise continued. We restarted and it stopped... until about 10 minutes later when boom, noise. Craziness. I've never seen anything like that so I automatically assumed virus and threw a full computer scan on with our free AVG2012 program.

Well I'm not sure if that has anything to do with this, but, the virus scan found this: <unknown> IRP Hook, \Driver\atapi DriverStartIo -> 0x885D52C6 Object is Hidden

So I remove it, or try to, but it doesn't remove itself. It says there were problems removing the thing and left it at that. I researched and found all of this information about rootkits and some removal processes for things that were going on with these specific people. Unfortunately none of these people initially had the same issues I had ... and NOW the stupid computer wont even restart into windows anymore. It blue-screens right after the windows logo/loading screen shows up. I can start in safemode, but while I am REALLY computer literate in comparison to my boss... I'm really not THAT computer literate in reality. Safemode means nothing to me.

It should maybe be said that my boss spent the last 4 days recklessly scouring the internet for pictures/movies of cowboys and probably clicked on every link in existence on the good old world wide web. He also likes to click on links in his email with the email body saying something like 'Hi! Try this new product! <link>' so this really isn't a surprise and probably wont be the last time this all happens.

So... yeah. I'm here wondering if anyone can help me. I can't seem to get a grasp on the how-to's of deleting this stupid virus (or whatever it is), and I can't even log into real-live-windows anymore. I'm not a complete moron in the ways of computers but basic language while helping would probably be best please! =)

I appreciate any unfortunate soul who chooses to help me and deal with this in advance.

Aimee

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.