Jump to content

browser hijack? atapi.sys file patched. need help


Recommended Posts

I've had some lingering issues after a recent "fake virus" infection.

Currently, McAfee is reporting that my atapi.sys file has been patched and reports it has cleaned a "PatchedSYSFile.a" trojan, but it continually appears to be trying to reinfect.

My browser seems to have been hijacked as many links from search engines put me at random sites, and I am frequently having "Website Survey" popups show up.

Don't know if these two situations are related, but it really appears that something is going on. MBAM is not detecting anything and McAfee on a full scan is not finding anything (other than the on access scan showing and clean the previously mentioned item.)

I need a little direction on how to resolve this.

Regards,

Chris

Link to post
Share on other sites

Same here. Couple of additional bits of information:

On my PC, this is coincident with the "directrdr.com" redirect problem. None of the malware cleaners I use detect it, and the only way I've been able to make it stop has been to add it to my browser's blocked sites list. And watch when a redirect happens, click the "stop" button as soon as I see a URL, and block that too.

McAfee added this "patched-sysfile.a" to its engine on December 24, 2009, calling it a trojan, but that's all the McAfee Knowledge Base says about it, at least as of this writing.

So one could make the detection stop by rolling back the McAfee version, but that is not a solution.

My temporary solution is to make the on-access scan message dialog box very small and leave it on my screen. At least them it stops opening over and over again and the PC is functional.

Link to post
Share on other sites

  • Root Admin

Hello , and welcome to Malwarebytes.org

That one can be difficult to repair on some systems. Please follow the directions below and someone will assist you as soon as they can. Please realize that it is the Holiday Season so wait times will probably be even longer.

We don't work on Malware removal in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

  • 2 weeks later...

Same symptoms here. In addition, I could not restart, even in "safe mode." I have an external drive that automatically backs up files, so I did a clean system reinstall. It took all day, but my machine is working again and restoring the backed up files did not re-infect with the trojan. McAfee is still silent (as of 1/3/10) on the issue, other than reporting the discovery on Christmas Eve.

Link to post
Share on other sites

I have the exact same symptoms. The browser is hijacked and my anti-virus (McAfee) keeps popping a message that it has cleaned the trojan 'Patched-SYSFile.a'. I tried the Anti-Malware of Malware Bytes and several other anti-virus and anti-malware tools but none of them were able to clean it. Any help or pointers to clean it will be appreciated.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.