Prev: Spyware Blaster Database Updated 10/Feb/10
Next: ثيم جامد جدا لنوكيا 5130 بعنوان Never Stop حمله الان
From: Smurf on 12 Feb 2010 12:13
First time came across this curious blue screen of death, on startup, before
windows logon, creating a reboot cycle. Did the obvious, checked memory,
checked hard drive, no joy, checked google, which suggested checking hard
drive and checking memory.

Thought i would just give a check to see if any rootkit activity was going
on (on questioning, it seems that a redirector was causing problems before
reboot cycle, sending users to different web addresses), loaded up mini xp
boot disk, went to system32/drivers noticed two recently changed *.sys
files, a random named file and an atapi.sys.

An infected atapi.sys it seems has been very busy of late, it is responsible
for a google redirector which is missed by both combofix and malwarebytes.
Did a search for previous copies of atapi.sys, got the most recent one,
deleted both the system32/drivers one and the one laying around in the dll
cache folder waiting to reinfect, and copied over the one from the sp
install folder.

Problem sorted, can get into windows and continue cleaning up system.

I was fortunate in picking up on the problem quite quickly, but you could
easily spend a long time trying to trace this little sod down, thought i
would give a heads up...


 | 
Pages: 1
Prev: Spyware Blaster Database Updated 10/Feb/10
Next: ثيم جامد جدا لنوكيا 5130 بعنوان Never Stop حمله الان