Atapi.sys infected by a Trojan Horse Packed.Protector.C

[evilfantasy]

Right-click My Computer and click on Manage.

In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.

See if anything in there tells you if it was repaired or replaced.

Also, how is the computer running now?

[Mermaid123]

AVG still gives me warnings. And I can't find the "System" window. Merry Christmas btw!

[evilfantasy]

What warnings? The same ones?

Have you updated AVG recently? What version are you using, 8.5 or 9.0?

[Mermaid123]

Same Protector C trojan but on some cdrom system file or smth like that.

I got the 9.0 and it's updated every day so should be fine. But I alsoe noticed that my net is very slow on this pc and some websites can't even be opend.

[evilfantasy]

Can you give me the exact file path that's being detected?

Let's get a fresh CF scan.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[Mermaid123]

This time it was; C:\System Volume Information\_restore{6C61C8AE-354846D5-8365-5D6833B7B259}\RP11\A0017677.sys
But it seems to be diffrent everytime.

[Saving space, attachment deleted by admin]

[evilfantasy]

C:\System Volume Information\_restore <- These are Restore Points and we can clean that by resetting it.

Disable/Enable the System Restore Utility to flush old infected restore points

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.

[Mermaid123]

Done. The PC seems fine now!

[Mermaid123]

Hey. I'm not sure it's related but my PC started freezing, sometimes only after a few seconds of use and sometimes several minuets.

At first I can't click anything, then my mouse changes icon to the "loading one" then my sound hangs up and it's an endlees "beep" or whatever the last sounds was played on the PC then my mouse freezes to and all I can do is to restart it "the hard" way. It started when i turned off the vaccine in panda vaccine, and used the hdd I used to vaccine.

[evilfantasy]

Is it still happening after a restart?

[Mermaid123]

Yep. Im currently in safe mode becouse it gives me more time before it freezes.

[evilfantasy]

Update and run Malwarebytes please. Post the log.

[Mermaid123]

Just got a blue screen. The first one I've got since this problem. I'll try to translate it as good as I can;

"There was a error and windows have shut down to prevent problems with your PC.

IRQL_NOT_LESS_OR_EQUAL

If this is the first time you see this message, you should restart the PC. If the message is shown again you should do following:

Controll that all new hard- and software are correctly installed. If this is a new installation, you can contact the hard- or software makers if you need special files for Windows.

If the problem remains you can try to inactivate or uninstall new installed hard- or software. Deactivate alternative for BIOS-memory like for an example caching or shadowing.
This is how you do if you have to use Safe-mode to uninstall or deactivate components: Restart the PC, press F8 to show the list for Advanced start up alternative and choose Safe-mod.

Technical information:

*** STOP: 0x0000000A (0xffffff94, 0x0000001C, 0x00000000, 0x80500155)
Starting dumping of physical memory.
Dumping of the physical memory finished. Contact the systemadminister or technical support if you need help."

Should I restart it and run the scan? Got it before I read your post.

[evilfantasy]

Have a look here for the stop error information. http://support.microsoft.com/kb/314063

[Mermaid123]

That didn't work. When I tried to repair my installation. It told my I don't have a harddrive.
I ran the malware scan but I got the same blue screen, so I did it in safe mod.

[Saving space, attachment deleted by admin]