Jump to content

Cleaned malware with MBAM, just one question about atapi.sys

Recommended Posts

Hi everyone and to the people who make MBAM, a big thank you :)

I used MBAM to and an anti-virus rescue boot cd to clean a rootkit from my friend's system. It had infected atapi.sys. I think it's gone now since the google redirects are gone too, but I have one question. What is the md5 checksum of the real, genuine atapi.sys driver for Windows XP SP 3 that has not been infected? I calculated it from within the boot cd on my friend's system, and the atapi.sys had an md5 of 9F3A2F5AA6875C72BF062C712CFA2674. Is that the real one?

Thanks! :)

Link to post
Share on other sites


Yes, the MD5 9F3A2F5AA6875C72BF062C712CFA2674 appears to be the good one.

Did you replace the infected atapi.sys previously? I assume you did since google redirects have stopped...

Yes, I replaced the atapi.sys after it was detected as infected and it looks like MBAM and the antivirus were able to clean everything else since the redirects stopped completely :) I found the atapi.sys that has the MD5 9F3A2F5AA6875C72BF062C712CFA2674 from a backup and used it as the replacement for the infected driver (the infected driver had a completely different MD5). I wasn't sure if it was the real, good driver, but now I know. Thank you very much :)

Link to post
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.