12-07-2009 02:13 AM
Help - I have a virus problem.
I have Norton 360 (2009 version) installed, running on Windows XP (SP2, with all updates) on a Dell PC
I was fooled into running an executable (I know, but it had been a long day, and it was well disguised as being from a legitimate source). I did run a Norton scan on the file, it said it was OK. However, when it ran it rebooted the PC.
Obviously I was suspicious so immediately ran a full scan overnight. The scan reported 1 threat and needed to reboot to complete the fix. I let it reboot. The computer failed to boot, with a blue screen and a Stop message (code 7B hex). Safe mode would also not reboot – same blue screen. Selecting “reboot using last safe settings” did boot. I checked the Norton log. The scan found one virus – Backdoor.Tidserv.l!inf, which it claimed to have resolved. However auto-protect also reported finding the same virus a bit later, again claiming to have resolved it. Rebooting again resulted in the same blue screen, this time in all types of boot, including last safe settings. I'm now unable to boot at all.
Any suggestions on how to proceed – I would like to avoid completely reformatting the disc and reinstalling Windows if possible? Is booting from the Norton 360 installation CD likely to allow me to clear this?
(I seem to recall that the product comes with e-mail support, but I can’t find an e-mail address to send this to – the only virus support I can find on the web page is a premium paid service.)
Any suggestions gratefully received.
12-07-2009 09:18 AM - edited 12-07-2009 09:18 AM
Welcome to Norton Community!
I would suggest you to restart your computer in Safe Mode and then try running a full system scan with your Norton program. You can also try booting from the Norton Recovery tool and then try running the scan using the Norton Recovery tool mentioned by Tim_Lopez in this thread:http://community.norton.com/norton/board/message?b
Refer to the removal instructions from the following Symantec Article:
12-07-2009 09:57 AM
Yogesh the poster reports "Rebooting again resulted in the same blue screen, this time in all types of boot, including last safe settings. I'm now unable to boot at all."
So No point in stating to "I would suggest you to restart your computer in Safe Mode".
1. You are at least the 3rd PC with the exact same problem, seeing as you were able to look up in Norton what was taken first time around are you able to say what file(s) or registry entries were taken??
2. Firstly I would suggest getting your personal files off the HD and on to flash drive so your photos etc are OK, See
12-07-2009 09:58 AM
If the above instructions are not successful, as they are a year old, and the new generation rootkits are much more complex to remove, you might also be wise to take the problem to a malware removal site such as www.bleepingcomputer.com
They have the tools and the know-how to walk you through the removal.
12-07-2009 10:17 AM - edited 12-07-2009 10:20 AM
Thanks for pointing that poster is unable to boot. But still, he/she can try to boot using the Norton Recovery Tool and run a scan. If that corrects the boot problem, surely safe mode can be done afterwards.
12-07-2009 10:25 AM
As I said, currently unadle to boot - all options lead to blue screen with stop code 7b hex.
I will try producing the rescue disk, and booting from that. If that doesn't help, then I'll try the linux boot disk to get at the files.
Luckily all my photos and music are on a separate usb disk, with a backup on another disk and on my Windows Home Server. My files are backed up on the WHS and also daily and weekly using Genie Backup Manager, so its all recoverable, just potentially very time consuming. As is reinstalling everything. I'd rather be able to boot and copy files, or ideally clear the problem.
I was sort of hoping Norton 360 would deal with this, that being what it's for, though I know viruses are forever changing.
I did not see any information in the log about which files were impacted, just the virus name and that it had been resolved. It's possible there were more details I didn't find - I do find it hard to get at the details in Norton 360. If I can get it back to booting I'll take another look.
12-07-2009 10:28 AM
The computer failed to boot, with a blue screen and a Stop message (code 7B hex). Safe mode would also not reboot – same blue screen. Selecting “reboot using last safe settings” did boot.
It seems that the poster was able to boot to "Last Known Good Configuration". So, I think it is possible to boot to Safe Mode from there onwards.
Read the post again,
Not the second time around First thing is to get the personal data of off the HD, You learn that in PC repair when it goes that far. Get personal data
Depends what is being taken by Norton on 3 PC's that report Tidserv (or not) to whether the Norton Recovery Cd will do anything.
Norton may have taken an important OS registry entry or file. Maybe Norton is now detecting TDL3, but is deleting the likes of "atapi.sys" which ummm is not good.
who knows what is happening to peoples PC's at this point.
12-07-2009 11:03 AM
A Report from a person with TDL3 after AV software attempted or succeeded to remove the driver file
Stop Code 7b restart loop, Now that's a bugger.
Maybe Norton is doing the same then, Detecting TDL3 as Tidserv, and removing files, to cause this.
Not a good idea.
Just trying to work out what is going on with Norton and the BSOD loop after detection.
12-07-2009 11:39 AM
Yep, that looks limke the same issue - I'll double check when I get home - but its the same hex error.
I am wondering if Norton 360 has deleted something that is vital, or if this a left over from the virus itself.
Any specific suggestions for getting past this? Do you think I should try a repair from my Windows installation disk (though this is pre SP2)?
Is there somewhere I should "officially" report this, or is this forum as official as required?