For the past 7 days I’ve been seeing a new rootkit (not sure of the name) that patches the atapi.sys driver. This rootkit was NOT detected by any of the applications I use in my bootable anti-malware toolkit. Full scans with:
- Spyware Doctor
revealed nothing. I was still getting all searches in any browser redirected to scam sites. I usually don’t like running Combofix on Vista, but I had no choice. Sure enough Combofix detected a rootkit and disinfected it! Again, the rootkit infected the atapi.sys driver which redirected all searches and probably downloaded a few randomly named exe’s to the system32 directory.