atapi.sys Olmarik.PY virus

**me_ashman** · 14-11-09, 10:30 AM

Nod picked this up yesterday morning and I cant seem to clean it. Anyone come across this before?

Win7

Ash

**ssrattus** · 14-11-09, 12:22 PM

Have you tried booting into safe mode (press f9 on boot) and cleaning it in safe mode? Malwarebytes has a good cleaner...

**me_ashman** · 15-11-09, 02:55 PM

yeah tried it..I'll keep reading

**ssrattus** · 15-11-09, 03:56 PM

You are probably going to have to boot from your OS CD (what is it xp or vista?) into recovery console and expand atapi.sys from the cd and replace the existing atapi.sys.

From the recovery console cmd window check where the infected atapi.sys is, ie it should be c:\windows\system32\drivers\

Then from the recovery console cmd window change directory to the i386 directory on the cd and type in "expand -r atapi.sy_ c:\windows\system32\drivers\", without the quotes and this will write the clean atapi.sys over the infected atapi.sys.

If this works reset your system restore to stop windows restoring it in the future...

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

14-11-09, 10:30 AM	#1 (permalink)
me_ashman Senior Member Join Date: Jan 2008 Posts: 268 Thanks: 26 Thanked 0 Times in 0 Posts Rep Power: 8	atapi.sys Olmarik.PY virus Nod picked this up yesterday morning and I cant seem to clean it. Anyone come across this before? Win7 Ash

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
virus fighter	malo	Security and Privacy	0	23-12-08 11:14 AM
Virus Fighter	crowbar	Security and Privacy	7	23-08-08 04:08 PM
Virus help =S	jimbahh	PC Software	7	13-03-08 04:37 PM

14-11-09, 12:22 PM	#2
ssrattus Super Moderator Join Date: Jan 2008 Posts: 2,614 Thanks: 86 Thanked 165 Times in 104 Posts Rep Power: 25	Have you tried booting into safe mode (press f9 on boot) and cleaning it in safe mode? Malwarebytes has a good cleaner...

15-11-09, 02:55 PM	#3
me_ashman Senior Member Join Date: Jan 2008 Posts: 268 Thanks: 26 Thanked 0 Times in 0 Posts Rep Power: 8	yeah tried it..I'll keep reading

15-11-09, 03:56 PM	#4
ssrattus Super Moderator Join Date: Jan 2008 Posts: 2,614 Thanks: 86 Thanked 165 Times in 104 Posts Rep Power: 25	You are probably going to have to boot from your OS CD (what is it xp or vista?) into recovery console and expand atapi.sys from the cd and replace the existing atapi.sys. From the recovery console cmd window check where the infected atapi.sys is, ie it should be c:\windows\system32\drivers\ Then from the recovery console cmd window change directory to the i386 directory on the cd and type in "expand -r atapi.sy_ c:\windows\system32\drivers\", without the quotes and this will write the clean atapi.sys over the infected atapi.sys. If this works reset your system restore to stop windows restoring it in the future... 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK.