Jump to content

Cleaned malware with MBAM, just one question about atapi.sys

Soul34t3r

By Soul34t3r
in Resolved Malware Removal Logs

 Share

Recommended Posts

Soul34t3r

Soul34t3r

Posted
Posted

Hi everyone and to the people who make MBAM, a big thank you :)

I used MBAM to and an anti-virus rescue boot cd to clean a rootkit from my friend's system. It had infected atapi.sys. I think it's gone now since the google redirects are gone too, but I have one question. What is the md5 checksum of the real, genuine atapi.sys driver for Windows XP SP 3 that has not been infected? I calculated it from within the boot cd on my friend's system, and the atapi.sys had an md5 of 9F3A2F5AA6875C72BF062C712CFA2674. Is that the real one?

Thanks! :)

Link to post
Share on other sites
Soul34t3r

Soul34t3r

Posted
  • Author
Posted
Hi,

Yes, the MD5 9F3A2F5AA6875C72BF062C712CFA2674 appears to be the good one.

Did you replace the infected atapi.sys previously? I assume you did since google redirects have stopped...

Yes, I replaced the atapi.sys after it was detected as infected and it looks like MBAM and the antivirus were able to clean everything else since the redirects stopped completely :) I found the atapi.sys that has the MD5 9F3A2F5AA6875C72BF062C712CFA2674 from a backup and used it as the replacement for the infected driver (the infected driver had a completely different MD5). I wasn't sure if it was the real, good driver, but now I know. Thank you very much :)

Link to post
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.