Solved

windows kb files "The volume for a file was externally altered" virus

Posted on 2010-08-26
3
845 Views
Last Modified: 2013-11-22
Does anyone ever heard about this error message.
It shows everytime we try to execute any update file downloaded from microsoft.

i.e.: We are trying to install XP SP3 in a XP SP2 Pro box, but, after de expand files process, the error mesage is shown again.

OneCare Live on-line analisys didn't correct the problem nor Microsoft Forefront.

Tried to scan the HD connected to another (clean) box. Even it detected and erased several files, back to the original box the issue remains.

These are the basic lines, if you need aditional info, just demand it.

0
Comment
Question by:Catalaziz
3 Comments
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 33537063
What is the file system type "NTFS or Fat 32 " ? Can you try to check your disk if there's some bad sectors that needs to be checked.

Click Start
Run
Type cmd
type chkdsk /f c: and enter
It will ask you to schedule the chkdsk on reboot, Type Y and enter
Do the same thing for the other partitions by changing the Letter C.

GL
0
 
LVL 2

Accepted Solution

by:
ccampbell15 earned 125 total points
ID: 33539674
fownload malwarebytes from http://www.malwarebytes.org/ 
Install and run

Download Gmer from http://www.gmer.net/ 
and run it

Report back with the results
0
 

Author Closing Comment

by:Catalaziz
ID: 33540131
You did it.

MalwareBites identified the thread as a rootkik.
Unfortunately I can't get the log.

It's strange that Microsoft Forefront didn't found it. And even googleing about atapidrv.sys, the engine didn't found too much references.

Many thanks.
Josep.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is My Computer Infected with a Web Browser Pop-up Alert Scam? 11 123
Has this user really been infected by Ransomware? 3 129
Checkpoint Endpoint Managment 3 63
ransomware virus 21 99
Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now