Hello everyone.
I made lots of scans to my PC today, with all kinds of programs (Avira, a-squared, superantispyware, gmer, malwarebytes and linux based Avira boot disc scan.) Only a squared found two suspicious programs, but it didnt quarantine them. They are in:
#1 C:\WINDOWS$NtServicePackUninstall$\atapi.sys
#2 C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
Could you tell me if these are clean programs or rootkits etc? Do you guys have them? If you do, then please upload them to virustotal and check if your atapi.sys files get infection mark like mine did.
I will tell you what virustotal showed me:
From file #1, virustotal`s scanners found:
Didnt find anything.
From file #2, virustotal´s scanners found:
A-squared 4.5.0.43 2009.11.28 Rootkit.Win32.TDSS.y!A2 :o
McAfee-GW-Edition 6.8.5 2009.11.28 Heuristic.LooksLike.Win32.NewMalware.H :o
Please tell me if atapi.sys is rootkit, and if its not, are my atapi.sys files in correct area ???
Thank you