rootkit

[MrSlottech]

YOU GUYS GOT ME VERY WORRIED. I HAVE BEEN WORKING ON A COMPUTER which has been hit with XP Secuity 2010 a few days ago. Not the first time I have worked on this machine over the course of the last 16 months. But I am not finding the y7v11 files as others reported but I am seeing the AVE.EXE files.

Finally got frustrated and pulled the drives and externally hooked the first one up to a clean machine. Ran Malwarebytes and while it was running AVG -- latest version with update popped up with some Trojan Horse : SHeur3.NSB AND SHeur17.AAZL This was during the Malwarebytes scan. Then all of a sudden MALWAREBYTES came up with (([bootdrive externally mounted]\windows\system 32\drivers\ATAPI.SYS being somehting along the lines of Win32/Patched.CGI ((I believe rootkit)) I removed it as I have never had any problems with Malwarebytes and false positives.

PLEASE RESEARCH THIS. It is still externally installed. I don't remember if I saved the log file when I finished. I Then ran a full blown AVG as it hit a few files in the /restore.... files which Malwarebytes missed but were very similar to the ones malwarebytes found so I told it to place them in the vault. Deleted them when Malwarebytes was done and then started the AVG. I have running at a friends house; and he was ready to go to bed as he has to be at work at 6:30 am. I am pretty sure it DID not modify the registry though. As I was wondering how to correct the registry of the drives before I put them back in the infected computer and boot it up. As I feel they have started a trojan CALL HOME on this varient of the Malware that contains Trojan activity.

If your wondering why I didn't like what was happening when I had Malwarebytes running on the infected machine is because Malware had hit it by my using a backdoor in safe mode, but then three days later the neighbor was hit again. This time alll looked fine until the screen went to screensaver, and yes in hindsight I realized I forgot to turn off restore points, and then when I moved the mouse to turn off screen saver I got a blue screen with a mouse pointer, the hard drives still sounding like they were being scanned by Malwarebytes after 14 hours and bong and bings sounds every few minutes of the fakerean telling me the machine was being attacked. Tried everything and couldn't get a screen back. When I rebooted I got a desktop back but then the fakerean took hold again.

Thanks Bob

Bob try this program Hitman Pro.

Do a google search for it.

Hope this helps your situation.

It does repair the atapi but at first it will seem like it doesn't but let it do it's work.

You will have to reboot more than once.