My new antivirus: Avira Antivira detected atapi.sys as a malware.
Heres log:
Avira AntiVir Personal
Report file date: Sunday, 21 March 2010 21:37
Scanning for 1879445 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : S Chung
Computer name : CSC2
Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 00:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/26/2009 23:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 00:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/26/2009 23:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 20:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:30:46
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:31:00
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 02:31:06
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 02:31:19
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 02:31:19
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 02:31:21
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 02:31:21
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 02:31:25
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 02:31:25
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 02:31:25
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 02:31:26
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 02:31:26
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 02:31:28
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 02:31:29
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 02:31:31
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 02:31:32
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 02:31:35
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 02:31:36
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 02:31:43
VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 02:31:43
VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 02:31:44
VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 02:31:45
VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 02:31:45
VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 02:31:45
VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 02:31:46
VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 02:31:47
VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 02:31:47
VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 02:31:47
VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 02:31:48
VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 02:31:48
VBASE031.VDF : 7.10.5.155 59392 Bytes 3/19/2010 02:31:50
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/21/2010 02:32:20
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/21/2010 02:32:19
AESCN.DLL : 8.1.5.0 127347 Bytes 3/21/2010 02:32:15
AESBX.DLL : 8.1.2.1 254323 Bytes 3/21/2010 02:32:22
AERDL.DLL : 8.1.4.3 541043 Bytes 3/21/2010 02:32:14
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/21/2010 02:32:12
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/21/2010 02:32:06
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/21/2010 02:32:04
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/21/2010 02:31:55
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/21/2010 02:31:54
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/7/2009 20:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/21/2010 02:31:51
AEBB.DLL : 8.1.0.3 53618 Bytes 11/7/2009 20:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/11/2008 21:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 04:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/21/2010 02:32:23
AVREG.DLL : 9.0.0.0 36609 Bytes 12/4/2008 23:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 04:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/29/2009 23:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 04:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/1/2009 21:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/4/2008 23:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 04:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 01:25:47
Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Sunday, 21 March 2010 21:37
Starting search for hidden objects.
c:\windows\system32\sys_drv.dat
[INFO] The file is not visible.
[NOTE] A backup was created as '4c18f7de.qua' ( QUARANTINE )
c:\windows\system32\sys_drv_2.dat
[INFO] The file is not visible.
[NOTE] A backup was created as '4d9266d7.qua' ( QUARANTINE )
c:\windows\system32\winfldrv.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4c13f7ce.qua' ( QUARANTINE )
c:\documents and settings\s chung\application data\systemfl.$dk
[INFO] The file is not visible.
[NOTE] A backup was created as '4d961717.qua' ( QUARANTINE )
'68161' objects were checked, '4' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'WinManager.exe' - '1' Module(s) have been scanned
Scan process 'wrapper.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DNTVSchedulerProTray.exe' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '69' files ).
Starting the file scan:
Begin scan in 'C:\' <MAIN>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\S Chung\Desktop\ \Downloadz\zaSetup_91_007_002_en.exe
- Archive type: ZIP SFX (self extracting)
--> SWITCHUNINST_44ZONE LABS.EXE
[1] Archive type: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\maxdriver\atapi.sys
[DETECTION] Is the TR/Patched.Gen Trojan
Beginning disinfection:
C:\WINDOWS\maxdriver\atapi.sys
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to '4c070349.qua'!
End of the scan: Sunday, 21 March 2010 22:28
Used time: 50:34 Minute(s)
The scan has been done completely.
13146 Scanned directories
564106 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
564103 Files not concerned
4673 Archives were scanned
3 Warnings
7 Notes
68161 Objects were scanned with rootkit scan
4 Hidden objects were found