You are here: Home > Malware > Malware News
Archive | Malware News RSS feed for this section

Atapi.sys Rootkit is EVERYWHERE!

Man…every client I’ve seen for the past 2 weeks who was infected with malware also had this Atapi.sys rootkit.  I know I’ve written about this about 2 weeks ago, but I wanted to keep this fresh.  If you’re searches are getting redirected and you’ve scanned with just about every thing you can think of then there’s a pretty good chance your atapi.sys has been patched (Microsoft Security Essentials detects a spawned dll from this rootkit…I think it’s called AlureonCT).

One easy way to find out if you have a patched Atapi.sys is to run the latest copy of GMER Anti-RootKit.  Upon opening GMER it will run a very fast quick scan.  If you see any entries like \DEVICEHARDDISK\Atapi (something like that) or Atapi.sys “suspicious modification” (especially this one) then your probably dealing with a very nasty rootkit.

For clients that run Windows XP I’ve just been using Combofix (Combofix disinfects Atapi.sys).  For other operating systems (32-bit) I’ve just been using a bootable anti-malware disc (bartpe) and replacing atapi.sys with one from the Windows disc.



Read full story · Comments { 24 }

Black Screen Of Death Caused By Trojan:Win32/Daonol

I’ve seen a lot of reports that users are experiencing a black screen of death when some Windows updates are applied. Windows updates do NOT cause the black screen of death, however malware already present on the PC does, specifically Trojan:Win32/Daonol (which is an info stealer/redirector). The latest versions of Trojan:Win32/Daonol are very buggy and prevent Windows from starting or shutting down properly, thus a black screen is the only thing the user sees.

If you want to fix this infection a bootable anti-malware disc is needed.

Read full story · Comments { 13 }

Remove-Malware Traffic Stats