Help, anyone?

Welcome snihed,

 

You say you've been dealing with this for 2 weeks, when did you last scan with TDSSkiller?  The reason I ask is that it was updated again just 3 days ago. If it's been longer since you scanned you might want to try another scan:  TDSSkiller

 

Another good app that can remove many TDL rootkits is Dr.Web CureIt, It is always up to date if you get it from the Dr. Web website and you don't have to install it; just download it to your desktop and run it:  CureIt

 

I don't know a lot about N360 but if you can, check the firewall logs and see if there are any connection attempts related to tidserv, if there are, that would indicate that the rootkit is attempting to update it's patch and would mean that the rootkit is still active. If you don't see any such connection attempts that is a good sign.

 

 

 

 

Hi Turbo, I last used TDSSKiller last saturday, I will give it another round of scan. I will try to run the tools that you've mentioned and will get back to you with the results.

 

Thanks.

Hi, Another round of scan using TDSSKiller ended clean. I can't seem to go far with Dr.Web cureit as my internet browsing experience is prehistoric at best, probably caused by this malware, i know this because i've done consistent speedtest which were very good after. Webpages seem to load in decades after n360 alerted me with this tidserv, been suffering with this anomaly for weeks now. I forgot to include that I've already ran combofix this weekend ( i followed instructions carefully @bleepingcomputer) but the tidserv still remains present under the unresolved security risks log, scrrenshot i included in the first post.

 

Attached is a full history log in my N360 dating July16 up to present. And yes, I've seen a couple instances of the tidserv thing, as you were saying. I hope you can help me.

 

Thank you.

Hello snihed

 

Welcome to the Norton Community Forum

 

You have a rootkit which needs to be fixed with the help of a reputable malware removal free site. These sites have the proper programs which will show them what is on your computer. They also can give you the proper tools and procedures in helping get your computer cleaned. They do this on a 1 to 1 basis and they do the most to protect your computer. Unless you are an expert on malware removal, it is best that you don't try to fix this yourself.

 

Please pick one of these sites and register with them and put the name of the malware in the subject. Bleeping Computers will be busy, but the other Forums are good also. Please let us know which one you pick and follow their directions and ask them questions. Norton's can't fix it because it involves replacement of windows essential drivers.

 

Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)
 

Please come back and let us know who you registered with.

Hello floplot,

 

I registered @ http://forums.whatthetech.com/

will update you guys on how everything turn out. I might get back a little late as i'm @GMT+8 and it's already past 1am here, i have work in the day so I'll probably make a return post PM of the next day. Again, I really appreciate your help, i hope everything turns out allright.

 

Thanks much.

Hi snihed,

 

While I am not going to assume that the threat has been successfully removed, it is possible that the tools you used did remove the infection from your system.  Because Norton initially caught the threat, but did not remove it, Tidserv!Inf is still showing as unresolved as far as Norton is concerned.  If you cannot remove the entries from the Unresolved Threats log, try using the following Fix, which should work in Norton 360 as well as NIS.

 

http://community.norton.com/t5/Norton-360/HELP-I-have-been-hit-with-Backdoor-tidserv-and-Packed-gene...

 

I would still recommend following through with a malware removal forum, especially if you are still having indications that the rootkit was not entirely eliminated.

Bleeping Computer has been running into some of these infections that are remarkably resistent to being removed. It very much depends on how new the variant is.  Even Combofix has been unable to remove it without a specific script.  That is one reason why Combofix should not be used without assistance.

I understand your point and perhaps it was stupid of me using that tool without seeking first assistance from people who have the authority about the issue. But hey, what can I do, I was really desperate to get it over with, i just hope what I did didn't make my situation worse. I really appreciate your insight guys. I've yet to get a response from the guys at whatthetech, I'll keep you all posted regarding this. I hope you all are having fine evenings.