09-06-2010 01:32 AM - edited 09-06-2010 01:35 AM
I am new to this forums and I hope you can help me. For the past 2 weeks, I have been trying to resolve this backdoor.tidserv issue detected in my Norton 360 to no avail. I have browsed all over the web for solutions and tools to remedy my problem to no avail. As of posting, there are still 3 unresolved risks in my history list showing this backdoor.tidserv thing, I really don't know what to do. I have tried using a tool called tdsskiller from kaspersky which found the anomaly but have not fully removed the thing although it says it did. I tried using combofix also, and did a scan in safe mode using MBAM and super antispyware. All of the scan results showed clean but the issue just wouldn't go away, it is still in my unresolved security risks:
Can anyone help me with this? It would be greatly appreciated.
Thanks in advance for the replies.
I am using a pc running windows 7 home premium 32-bit
- norton 360 premium ed
- super anti spyware free ed
- malwarebyte's antimalware free ed
- tuneup utilities
09-06-2010 06:42 AM
You say you've been dealing with this for 2 weeks, when did you last scan with TDSSkiller? The reason I ask is that it was updated again just 3 days ago. If it's been longer since you scanned you might want to try another scan: TDSSkiller
Another good app that can remove many TDL rootkits is Dr.Web CureIt, It is always up to date if you get it from the Dr. Web website and you don't have to install it; just download it to your desktop and run it: CureIt
I don't know a lot about N360 but if you can, check the firewall logs and see if there are any connection attempts related to tidserv, if there are, that would indicate that the rootkit is attempting to update it's patch and would mean that the rootkit is still active. If you don't see any such connection attempts that is a good sign.
09-06-2010 07:11 AM
Hi Turbo, I last used TDSSKiller last saturday, I will give it another round of scan. I will try to run the tools that you've mentioned and will get back to you with the results.
09-06-2010 08:25 AM
Hi, Another round of scan using TDSSKiller ended clean. I can't seem to go far with Dr.Web cureit as my internet browsing experience is prehistoric at best, probably caused by this malware, i know this because i've done consistent speedtest which were very good after. Webpages seem to load in decades after n360 alerted me with this tidserv, been suffering with this anomaly for weeks now. I forgot to include that I've already ran combofix this weekend ( i followed instructions carefully @bleepingcomputer) but the tidserv still remains present under the unresolved security risks log, scrrenshot i included in the first post.
Attached is a full history log in my N360 dating July16 up to present. And yes, I've seen a couple instances of the tidserv thing, as you were saying. I hope you can help me.
09-06-2010 09:07 AM
Welcome to the Norton Community Forum
You have a rootkit which needs to be fixed with the help of a reputable malware removal free site. These sites have the proper programs which will show them what is on your computer. They also can give you the proper tools and procedures in helping get your computer cleaned. They do this on a 1 to 1 basis and they do the most to protect your computer. Unless you are an expert on malware removal, it is best that you don't try to fix this yourself.
Please pick one of these sites and register with them and put the name of the malware in the subject. Bleeping Computers will be busy, but the other Forums are good also. Please let us know which one you pick and follow their directions and ask them questions. Norton's can't fix it because it involves replacement of windows essential drivers.
Please go to one of these free Forums for help in removing your bad malware or rootkits.
(Thanks to Delph for providing the list of sites)
Please come back and let us know who you registered with.
Success always occurs in private and failure in full view.
09-06-2010 10:15 AM
I registered @ http://forums.whatthetech.com/
will update you guys on how everything turn out. I might get back a little late as i'm @GMT+8 and it's already past 1am here, i have work in the day so I'll probably make a return post PM of the next day. Again, I really appreciate your help, i hope everything turns out allright.
09-06-2010 10:34 AM - edited 09-06-2010 10:41 AM
While I am not going to assume that the threat has been successfully removed, it is possible that the tools you used did remove the infection from your system. Because Norton initially caught the threat, but did not remove it, Tidserv!Inf is still showing as unresolved as far as Norton is concerned. If you cannot remove the entries from the Unresolved Threats log, try using the following Fix, which should work in Norton 360 as well as NIS.
I would still recommend following through with a malware removal forum, especially if you are still having indications that the rootkit was not entirely eliminated.
09-07-2010 01:20 AM
Bleeping Computer has been running into some of these infections that are remarkably resistent to being removed. It very much depends on how new the variant is. Even Combofix has been unable to remove it without a specific script. That is one reason why Combofix should not be used without assistance.
09-07-2010 07:05 AM