Jump to content

Google Redirect Virus - Atapi.sys Patched?


Recommended Posts

Hey there. My laptop (running XP) has been infected with a nasty Google Redirect Virus. This virus is tricky and has managed to evade detection by multiple malware scans that I ran. I've ran scans with Hitman Pro 3.5, TDSSKiller, ESET and Malwarebytes Anti-Malware. While the scans detected some other problems I had that I didn't know of, they failed to find the Redirect Virus.

The virus that infected my laptop seems to be a new strand of the Google Redirect Virus, as neither Hitman Pro nor TDSSKiller detected it when they should have. The virus only redirects me when I try clicking on a link to a anti-virus support site. For example, if I googled "Norton Security" almost all links would be redirected, but if I googled "why is the sky blue?" the links would work fine. I've checked my host connections and made sure that only my local IP address is listed. Now I've begun to suspect that the problem lies in a file in WINDOWS/system32 "atapi.sys", which has most likely been patched by the virus. I ran a scan using GMER but have no idea how to interpret the results. Any help on how to get rid of this virus would be greatly appreciated. Thanks.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hey Screen317, thanks for your time.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7378

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

8/4/2011 4:22:46 PM

mbam-log-2011-08-04 (16-22-46).txt

Scan type: Quick scan

Objects scanned: 169576

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DSS freezes after the "#" bar reaches about 2/3 complete. A few minutes after that, my whole laptop freezes and I have to force a restart. This happened 3 times.

Also, MBAM keeps saying that it has "successfully blocked access to a potentially malicious website: xxx.xxx.xxx.xx Type: outgoing" Does this have something to do with the redirect virus?

Link to post
Share on other sites

  • Staff

Try this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.