Not what you were looking for? Ask our experts!
Reply
Visitor
jmsa
Posts: 8
Registered: ‎03-13-2012

ZeroAccess Rootkit Activity 4 and Tidserv

I've downloaded tdssfix but it says no infections found yet norton is still having pop ups saying that I have tidserv. Also, there is no removal tool for ZeroAccess Rootkit for systems running on 64 bit. Please help?

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: ZeroAccess Rootkit Activity 4 and Tidserv

[ Edited ]

What is your Operating System??

 

Quads

 

 

Visitor
jmsa
Posts: 8
Registered: ‎03-13-2012

Re: ZeroAccess Rootkit Activity 4 and Tidserv

im running on 64 bit

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: ZeroAccess Rootkit Activity 4 and Tidserv

What Operating system are you using??? I know it's 64 bit,   Lets get really basic here, are you using XP 64 bit, Vista 64bit or Windows 7 64 bit??

 

Quads

Visitor
jmsa
Posts: 8
Registered: ‎03-13-2012

Re: ZeroAccess Rootkit Activity 4 and Tidserv

haha i apologize. i am a little slow; but its windows 7

Super Spam Squasher
cgoldman
Posts: 2,929
Registered: ‎06-25-2008

Re: ZeroAccess Rootkit Activity 4 and Tidserv

Until you have a solution, may I suggest the following:

 

disconnect your pc from the internet

do not power down

do not reboot

 

Post exactly what N360 found. Did it identify ZeroAccess Rootlkit Acitivty 4 and Tidserv? or where there more details.

 

 

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: ZeroAccess Rootkit Activity 4 and Tidserv

[ Edited ]

cgoldman wrote:

Until you have a solution, may I suggest the following:

 

disconnect your pc from the internet

do not power down

do not reboot

 

Post exactly what N360 found. Did it identify ZeroAccess Rootlkit Acitivty 4 and Tidserv? or where there more details.

 

 


That won't fix anything, zeroaccess is cleaver and protective.

 

" ZeroAccess Rootlkit Acitivty 4 and Tidserv" is the I.P detections. 

 

Quads

Super Spam Squasher
cgoldman
Posts: 2,929
Registered: ‎06-25-2008

Re: ZeroAccess Rootkit Activity 4 and Tidserv


Quads wrote:

That won't fix anything, zeroaccess is cleaver and protective.

 

" ZeroAccess Rootlkit Acitivty 4 and Tidserv" is the I.P detections. 

 

Quads


Its not designed to fix anything. With respect look at what I wrote.

These infections will pull other malware in, so by disconnecting internet until needed will stop and limit such further infections.

 

The consequences of power off or rebooting with Norton present and before a solution is proposed and tried, can have dire consequences.

 

If on the other hand, you recommend that the user reboots before taking any action and leaves his internet connection enabled, then you are free to say so and the user can decide on the logic of the approach. However, I would be surprised indeed if you are of that view.

 


 

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: ZeroAccess Rootkit Activity 4 and Tidserv

Jmsa

 

Download AswMBR  hxxp://public.avast.com/~gmerek/aswMBR.htm (change the hxxp to http) 

 

Run the scan, with definitions if it asks, But do not have it fix anything when it is finished Just  create a log and also attach.

 

I just want the logs for information of what I may need to remove,, or if a driver goes missing helps in knowing which one needs to be replaced.

 

Quads

Visitor
jmsa
Posts: 8
Registered: ‎03-13-2012

Re: ZeroAccess Rootkit Activity 4 and Tidserv

"Threat requiring manual removal detected: System Infected: Tidserv Activity 2"

and it says the same for zeroacess rootkit