# Solved: driver_irql_not_less_or_equal - ataport.sys



## jake24 (Apr 3, 2011)

Hi Everyone,

I really need your help.
I've got a network of around 14 computers and really worried.
On Thursday I got this BSOD on my computer:
driver_irql_not_less_or_equal - ataport.sys

I looked around forums, ran ram memory tests, hard drive tests,
everythings fine. I'm really worried if its a virus.

I formatted my computer, and its now working.
However, on my other machine, its now appearing on that one too!

I've added a dump file.
Please if anyone could help, that would be great!

At the moment, can't login, reached login screen, after few seconds BSOD launches.
Windows 7 Ultimate X64

Thanks,
Jake


----------



## Elvandil (Aug 1, 2003)

The dump says that the crash was caused by ataport.sys.


----------



## jake24 (Apr 3, 2011)

ahh right, so how would I go about resolving it?


----------



## Frank4d (Sep 10, 2006)

I didn't see anything unusual in your minidump log. If you are concerned there may be malware that is propogating through the network, run HijackThis on one of the machines that is still getting BSODs and post the log here.


----------



## jake24 (Apr 3, 2011)

Hi Frank4d,

Thanks for your reply.
There are currently only 2 machines which had the BSOD.
First one > Reformatted > Now Working

Second one > Brings up the BSOD.
How would I run HijackThis on the BSOD machine?
I can't get to the login screen at all.
Safe Mode doesn't work, Advanced Startup doesn't work, still brings the same BSOD message.

Thanks,
Jake


----------



## Elvandil (Aug 1, 2003)

Have you run Startup Repair?

Replace the file from the Recovery Environment.

(A formatted drive will not do anything, Did you install Windows?)


----------



## jake24 (Apr 3, 2011)

Hi Elvandil,
Yes I ran Startup Repair, No Errors Found.
The thing is, I can get to the login screen, it says Please Wait, the mouse then flickers with the wait symbol, and after 5 seconds it goes to the BSOD.

Windows is Installed.


----------



## Frank4d (Sep 10, 2006)

Sorry, I didn''t realize it was permanently in BSOD mode.
I guess your options in that case would be to restore a backup, or do a repair install, or reformat.


----------



## Elvandil (Aug 1, 2003)

Open a command pronmpt and see if ataport.sys is there. If it is, copy it to Windows\system32\drivers and overwrite the file.

Or, run a complete file scan to replace corrupted files. If C: is your system drive:

sfc /scannow /offwindir=C:\Windows /offbootdir=C:\


----------



## jake24 (Apr 3, 2011)

right, ok, thanks Frank4d.
In terms of restoring a backup, that goes out of the window because I haven't created any system restore points  . I also wouldn't want to do a reformat if possible as it does have a load of programs which I would need to reinstall again.

How would I go about doing a repair install?


----------



## Elvandil (Aug 1, 2003)

There is no repair install in 7.

That seems a little drastic at this point, anyway.


----------



## jake24 (Apr 3, 2011)

Hi Elvandil,
So do I just go to startup repair > command prompt and enter:
sfc /scannow /offwindir=C:\Windows /offbootdir=C:\ 

How do i check if ataport.sys is present?


----------



## Elvandil (Aug 1, 2003)

I just checked the RE and found a copy of ataport.sys.

Hold on a minute and I'll get the path for you. Scanning all your files will take a long time.


----------



## Elvandil (Aug 1, 2003)

OK. When you get the command prompt, it should be:

X:\Sources

So try this command and see if it works:

copy ataport.sys C:\Windows\system32\drivers\ataport.sys

Or this one:

copy X:\boot\Windows\system32\drivers\ataport.sys C:\Windows\system32\drivers\ataport.sys

Sorry, but the DVD has an image file, so I'm getting a bit confused about what the path will be once the image is decompressed. 

Hopefully, one of those will do it without errors.

Tell me if you get errors. If not, try booting.


----------



## jake24 (Apr 3, 2011)

Thanks,
I've just got to go, but i'll try it out in about an hour and i'll let you know the results.
Thanks once again


----------



## Elvandil (Aug 1, 2003)

OK. See you later.

Keep in mind that even if you boot up, the dark and malevolent force that did this will probably do it again. You may not be able to reboot. So be prepared for a visit to the Malware forum if you get booted.


----------



## jake24 (Apr 3, 2011)

Hi Elvandil,
Unforunately No luck, it copied the file I think, but then startup repair came up again, which tried to fix it, > fixed it, rebooted, same BSOD again. I'm getting really sick of these errors 

I'm just going to reformat for now, thanks once again to everyone who has helped.
If anyone does know the real reason behind ataport.sys, please do let me know.

Cheers,
Jake


----------



## Elvandil (Aug 1, 2003)

You should have skipped the Startup Repair. It is starting because it does not know that the error has changed.

If you use F8, you can just boot.

But, if you are going to format, it doesn't matter. Need to recover any files?

You know, of course, that you may be wasting your time. If the other machines are infected, then the 2 you reinstalled may get reinfected in short order. If you can get running (or at least use an offline anti-virus), you will at least be able to identify the culprit and how to get rid of it.


----------



## jake24 (Apr 3, 2011)

Thanks Elvandil,
Yes, I've recovered the files using another computer and Sata to USB thankfully.
Cheers for your help.

Just out of interest, do you think this issue had anything to do with the fact that only those two computers had SSD drives? - is ataport.sys - something to do with SATA Ports?


----------



## Elvandil (Aug 1, 2003)

Depends if those drives are being used as SATA drives. If they are running in compatibility, they may be using that driver. It is for ATAPI devices, so it could be a CD-ROM, too, but not a SATA drive. Machines that don't have IDE drives may still boot with that file infected. But the infection could be spreading elsewhere, or even entrenched and sending out data for all we know.


----------



## jake24 (Apr 3, 2011)

ahh right, ok, Thank you so much for your help Elvandil.
I just really hope that this doesn't happen again, its wasted by whole weekend 

Thanks,
Jake


----------



## Elvandil (Aug 1, 2003)

Well, the Malware forum is really the place to get help for an infection.

But I am an advocate of offlline scans for infections. When rootkits take control of the Windows kernel, they can make themselves invisible. Offline scans with a boot CD can find a lot more. BitDefender and Avira, F-Secure, and others have free, downloadable boot CD's.

The danger of these is that critical infected Windows files may be removed. So you need to keep track of, or save a log of, any Windows files affected so that they can be replaced (by our method) later if need be.


----------



## jake24 (Apr 3, 2011)

Cheers


----------



## sonexpc (Mar 31, 2011)

If you have time ... you can try one more thing..... 

Boot up with your Win 7 DVD and get to the command prompt and type (without the "- "):
- c:
- bootsect /fixmbr
- bootsect /fixboot

if it solve the program ...let me know...


----------

