1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Google Redirect - Suspicious Atapi.sys File (Fixed)

Discussion in 'Security and Privacy' started by deback, 2009/12/20.

  1. 2009/12/20
    deback

    deback Inactive Thread Starter

    Joined:
    2009/12/20
    Messages:
    1
    Likes Received:
    0
    I've had the Google redirect problem for the last two days. I ran Spybot, Ad-Aware, Malwarebytes, and Gmer. Only Gmer reported a suspicious atapi.sys file in c:\windows\system32\drivers. The other programs found nothing that would solve this problem.

    Here's what I did:

    From another networked computer (that has no problems), I went to DOS and changed to the c:\windows\system32\drivers folder. I copied the atapi.sys file to the computer with the Google redirect problem. The file date (on the problem computer) kept changing automatically to today's date (from 04/13/2008) within seconds after I copied the file. So, I ran the "attrib +r atapi.sys" command to make the file read-only on the good networked computer. Then I copied the read-only file again to the problem computer. Since then, the file date has not changed, and I've had NO redirect problems when searching at Google.

    I'm not sure at this time if the problem is completely fixed, but it appears that it is.
     
  2. 2009/12/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Infection of atapi.sys file has been the most common redirection cause lately, but some other files may be involved as well.
    If you're not 100% sure, your computer is perfectly clean, you can always post at
    Malware and Virus Removal section.
     

  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.