I saw this module in the System process view in process explorer.
According to process explorer it is located in system32\drivers but it
is not really there, so I cannot submit it for analysis. When I
launch Depends on this module it has the same attributes as atapi.sys
- same file size, version number, date and time stamp, etc. When I
view the module strings in the module properties in process explorer
and compare them to the strings in atapi.sys they are exactly the same
and in the same order. I did a google search on this but nothing came
up. Has anyone else seen this or something similar and know what it is?

cs92004j-(E-Mail Removed) wrote:
> I saw this module in the System process view in process explorer.
> According to process explorer it is located in system32\drivers but it
> is not really there, so I cannot submit it for analysis. When I
> launch Depends on this module it has the same attributes as atapi.sys
> - same file size, version number, date and time stamp, etc. When I
> view the module strings in the module properties in process explorer
> and compare them to the strings in atapi.sys they are exactly the same
> and in the same order. I did a google search on this but nothing came
> up. Has anyone else seen this or something similar and know what it is?
>

What is the malware/virus status of the machine? If you think it is
clean, what programs (and versions) did you use to determine this?

Be sure the computer is clean:
http://www.elephantboycomputers.com/...moving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://pcdid.com/Multi_AV.htm - download

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

"cs92004j-(E-Mail Removed)" wrote:

> I saw this module in the System process view in process explorer.
> According to process explorer it is located in system32\drivers but it
> is not really there, so I cannot submit it for analysis. When I
> launch Depends on this module it has the same attributes as atapi.sys
> - same file size, version number, date and time stamp, etc. When I
> view the module strings in the module properties in process explorer
> and compare them to the strings in atapi.sys they are exactly the same
> and in the same order. I did a google search on this but nothing came
> up. Has anyone else seen this or something similar and know what it is?


You need to be sure your system is clean from malware and Viruses by
scanning for them
Scan for malware from here:
http://onecare.live.com/site/en-gb/d....htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
Run a scan from here on-line:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/
http://free.grisoft.com/doc/5390/lng/us/tpl/v5

Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
nass
--------
www.nasstec.co.uk