What is atapi?

Atapi.sys is a Windows driver. A driver is a small software program that allows your computer to communicate with hardware or connected devices. This means that a driver has direct access to the internals of the operating system, hardware etc. The free file information forum can help you determine if atapi.sys is a Windows system file or if it belongs to an application that you can trust.

Run a free scan to check for atapi drivers in need of updating

Atapi.sys file information

The process known as IDE/ATAPI Port Driver or Standard IDE/ESDI Hard Disk Controller or ATAPI IDE Miniport Driver belongs to software Standard IDE/ESDI Hard Disk Controller or Microsoft Windows Operating System by Microsoft (

Description: Atapi.sys is an important part of Windows, but often causes problems. Atapi.sys is located in the C:\Windows\System32\drivers folder. Known file sizes on Windows 10/8/7/XP are 96,512 bytes (56% of all occurrences), 95,360 bytes, 21,584 bytes or 19,944 bytes. 
The driver can be started or stopped from Services in the Control Panel or by other programs. It is a Windows system file. The program is not visible. The service has no detailed description. The atapi.sys file is a trustworthy file from Microsoft. Therefore the technical security rating is 13% dangerous, however you should also read the user reviews.

Uninstalling this variant: You could also contact to assist you or uninstall Microsoft Windows from your computer using the Control Panel applet Uninstall a Program.

Recommended: Identify atapi.sys related errors

Important: Some malware disguises itself as atapi.sys, particularly when not located in the C:\Windows\System32\drivers folder. Therefore, you should check the atapi.sys process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.


User Comments

Looks like it belongs to a program that creates a virtual drive on the system, like Alcohol 120%... seems OK
It causes a BSOD
Atapi.sys 5.1.2600.1135
Had a series of BSOD (Blue Screen of Death) starring atapi.sys on a PC running XP.
  Signed: Ninja(who? Hint: not Shane)  
Is part of a message when I get BSoD, error code 0x0000007A.
Simple Fix! This error message = defective RAM. Replace RAM and your laptop will spark right up.
normally a modem file
Can be associated with the Rootkit Pakes.U remove Hard disk and scan on another pc to verify
I had a virus scan identify that this was infected with a trojan and that it was an important system file. My virus scann and removal software used to remove MSA.exe also killed this file. When I rebooted, I got a virtual loop......without the file the system won't boot. BSOD occurs
04-Nov-2009 This file is highly susceptible and could become a venom for spyware and attackers at systems grass root level. I found it corrupted and the official name given is Rootkit-Pakes.U. When corrupted, it redirects HTTP traffic at system root level from ‘any’ browser to spam websites seeking traffic attention and redirects search results to websites like
  KGB-dupe   (further information)
Backdoor trojan - see link
  saldesi   (further information)
This was reported on my system by Comodo as a Trojan, removed it and caused BSOD on restart, fixed by replacing with an older version of file
VIPRE calls it a trojan
Possible file for rootkit infections. Seek professional help.
This is a windows file but can be infected by a Win32 Virus Olmarik.RF
Without it windows cannot access the IDE hard drive. So it is usefull ... Corrupted by virus, pay attention not to let you antivirus remove it as it will cause a BSOD (horrible blue screen)
  Jul974   (further information)
the virus is win32.cutwail-ad (trj)
  j s fisher  
Atapi.sys has recently been used to disguise infections (rootkit)
  Miles   (further information)
my symantec antvirus corporate client keeps flagging it as a back door trojan.
Sometimes it is infected with Packed.Protector.C, in that case you will have to replace it with the original file, for which you will need the Windows Recovery CD.
Probably short for ATA API or interface for ATA hard drives. Gmer listed this file as modified and Avast found that it was infected so i deleted it. Windows would not boot without it (BSOD) so i copied a clean copy over using bart-pe.
System file. Can be corrupted by a rootkit.
  John   (further information)
just cleaned from friend's computer, avast! free found it. Now I'm looking to see if I need to download and replace it with a clean copy. It may be what is causing his system to infinite-loop reboot after a nearly complete boot. In conjunction with temp internet file pdffile(1).pdf?
it is a virus....very hard to remove as well
Atapi.sys is a very common target of rootkits, it is a valid file, but can be dangerously modified by many malicious software.
  Colin   (further information)
search engine redirection
virus if wrong size and current date related to pcsecurity hoax program
  Dave Hill  
My Norton Classified this file as backdoor.Tidserv!inf. More can be read
  McFly   (further information)
rootkits like page redirect like to hide here
Valid system Driver for the ATA controller, however TDL3 rootkit attacks it, a 17 year old flaw in the Kernel of windows NT4-windows 7. you will know your infected from a Memory BSOD, or your AV claiming it is blocking traffic from
It's the hard drive driver (which is why it can hide itself from antivitus programs, you ask to scan it and it lies, returning valid info istead of the true infection info). (It can cause a BSOD if it's damaged, since the PC can't access the hard drive without it.)
  George S.   (further information)
it didn't cause a BSOD, chances are Daemon Tools did
ide controller driver
It's a system file that comes with your computer. HOWEVER, it can be easily infected and become a rootkit. If you by chance know that your atapi.sys is infected, run ComboFix. It will fix the rootkit. Also, an infected atapi.sys will generally redirect most of your searches to seemingly random assures and attack sites. Be careful.
It is an essential Windows system file. It is harmless unless modified by malware. You cannot just delete it.
Its a vital part of the windows O/S
Windows Driver for ATA peripherals, often times infected by a virus
Atapi,sys is mandatory to boot from your hard drive. It can be infected by malware. You can replace an infected or deleted file with a clean copy from another location on your system. Do a file search for other copies.
  PC Doctor  
atapi.sys It's an important file to properly boot your Windows if you notice the file bytes is 96+ or 94kb below then it's altered try restoring it from the installation disc unzip the file from cd:\i386\ATAPI.SY_ overwriting(replace) C:\Windows\system32\drivers\atapi.sys
  Yaeko Yoshimura   (further information)
I'm not sure what it does, but it's making my anti-virus prgram go bonkers. Plus, if you delete it, it just comes back. pretty sure that's indicative of malware
The atapi.sys is a rootkit that modifies your search engienes. Adverts always come up when I search in Google. I don't know how to remove it or access it because the file is needed by windows and access to view the file is denied.
Windows critical file. ATA/IDE controller. Can be infected with rootkits.
  Alex F  
Atapi.sys is shown as specious modification when it is infected
gives me a blue screen once a day
This file is how all of your drives that are atapi (Advanced Technology Attachment with Packet Interface) compatible function. Almost all CD drives and Hard Drives use this, therefore this is a critical system file as without it your computer more than likely will not boot. In windows vista and windows 7 you cannot stop this file using the task manager and therefore reaching this file at all in those two operating systems is not possible without some type of mod (such as an application) is not possible. with xp or earlier this program could be stopped simply by using the task manager. plenty out there just search for ATAPI and u will find tons of info.
We will see! Making it read only did get rid of redirect problem. Be advised it is an important file--back it up. We are only changing file attributes to restrict use, not deleting the file.
  Richard Reddy  
can be infected by Backdoor.tidserv!inf
  Wildfire   (further information)
Microsoft patch KB977165 or MS10-015 (Feb'10) originally caused BSOD if this file was infected by the Allureon rootkit. The patch was later released (Mar'10) with detection logic so it wouldn't cause the BSOD but instead just fail to install on infected machines. If you experience a BSOD caused by ATAPI.SYS, go to the (further information) link and follow the steps to recover. This is an important Windows file.
  Brandon (I.T.)   (further information)
It can be a TDSS pragama rootkit
After scan with ESET NOD32 Antivirus everything is OK. Sophos AntiRootkit reported "Removable: Yes (but clean up not recommended for this file)"
  Roumanian man   (further information)
atapi.sys is also known as the Google Redirect Virus
It is reportedly an IDE Miniport driver. It can be attacked by viruses, such as the one I'm currently dealing with: Alureon.H (rootkit:Alureon- atapi). The symptoms encountered were Google results getting redirected to random spam web sites in Firefox (I tried to reporduce it in IE, but it didn't seem to affect that browser, but I've read other reports of this virus affecting all browsers). The infection is not detected by AVG free, which let it onto my system. Microsoft Security Essentials detects it on Windows 7 and seems to disinfect it, but I'm not sure if it really has succeeded.
used for optical drives, ie. cd, dvd, etc
  mikeey   (further information)
It's the driver for IDE hard drives--can't do without it.
it is sometimes infected with google redirect virus
It is a legit file that can be infected with viruses.
This is a legit driver file (as stated by some other users) which can _get_ infected, but it is not always infected, and all XP systems will have it. Keep your virus checker up to date, and it will identify if this file gets infected (infection can mean just one additional byte added to it).
  Mark E.  
I had a virus once that replaced atapi.sys. The replacement included some evil redirections. It was fixed by hitman pro.

Rating chart

Summary: Average user rating of atapi.sys: based on 58 votes with 59 user comments. 27 users think atapi.sys is essential for Windows or an installed application. 8 users think it's probably harmless. 7 users suspect danger. 16 users think atapi.sys is dangerous and recommend removing it. 8 users don't grade atapi.sys ("not sure about it").

Do you have additional information?
What do you know about atapi.sys:
How would you rate it:
Link for more info:
Your Name:

Best practices for resolving atapi issues

A clean and tidy computer is the key requirement for avoiding problems with atapi. This means running a scan for malware, cleaning your hard drive using 1cleanmgr and 2sfc /scannow, 3uninstalling programs that you no longer need, checking for Autostart programs (using 4msconfig) and enabling Windows' 5Automatic Update. Always remember to perform periodic backups, or at least to set restore points.

Should you experience an actual problem, try to recall the last thing you did, or the last thing you installed before the problem appeared for the first time. Use the 6resmon command to identify the processes that are causing your problem. Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the 7DISM.exe /Online /Cleanup-image /Restorehealth command. This allows you to repair the operating system without losing data.

To help you analyze the atapi.sys process on your computer, the following programs have proven to be helpful: ASecurity Task Manager displays all running Windows tasks, including embedded hidden processes, such as keyboard and browser monitoring or Autostart entries. A unique security risk rating indicates the likelihood of the process being potential spyware, malware or a Trojan. BMalwarebytes Anti-Malware detects and removes sleeping spyware, adware, Trojans, keyloggers, malware and trackers from your hard drive.

Other processes

atapi.sys [all]