My pals PC is suffering as a result of this infection. AVG detects but will not rectify.
Is one way of sorting it to connect my pals HD to my PC so that I can see all the files including Windows (XP) and deleting the file from the SYS32/Drivers folder? I can then copy the good file (same version) to his HD.
Hi Xania. If you boot through Windows XP on the infected machine and try to delete the file, it automatically duplicates itself (infected). That's why I thought about looking at the drive through another machine.
atapi.sys is a protected microsoft windows system file (which can be located in anything up to 12 different places in the file system) so you will not be able delete or replace it from within the windows operating system, if you are certain that this is not a false positive rootkit detection by AVG, you could replace it with a known good copy from another PC by booting to a linux live or barts PE CD and overwriting the existing file with the known good copy