12-13-2011 01:29 PM
OK here is my issue. The other day (last week) my son came to me with a computer issue. It had multiple pop ups saying that the hard drive and RAM had failed. I installed Norton IS(was not on his computer I had let it lapse by accident) and ran a check. It found 10 threats, was able to clean 9 of them. The one it could not clean was the boot.tidserv.
I then asked friends for help and have used NORTON'S tips for getting rid of this. I have used housecall(found and cleaned 4 threats nortons didn't see), Kaspersky( found nothing) and Nortons "POWER ERASER and The rescue tool.
To this date Nortons still says that I have this boot.tidserv threat on my computer. The only choices I have are Get help, rescan or exclude. What am I supposed to do with this?
Any help is GREATLY appreciated.
Solved! Go to Solution.
12-13-2011 03:37 PM
1. Sound like you had a variant of the Fake HDD family, like http://www.bleepingcomputer.com/virus-removal/remo
2. Boot.Tidserv is the detection for the TDL TDSS boot sector, although there are now a couple of other groups that use the boot sector technique like maybe carberp.
Try TDSSkiller download by clicking on the .exe link as it can be updated quicker then the ,zip version.
If detected, after you will still have to clear Norton's unresolved threats list.
12-14-2011 12:13 PM
Thanks Quads..... I think Ive got it removed now however I cant find out how to get to the unresolved threats list.... I am using 32bit VISTA are you able to help me find this??
Thanks in advance
12-15-2011 01:02 PM
Thanks for the help.... Ive done everything listed in the link multiple times, However NORTONS still shows the boot.tidserv threat whenever I run it. This DOES NOT show on any other virus program that I have used.... Any other tips or do I have to either ignore it or Fdisk my computer :(
12-16-2011 07:28 PM
Tried again with same results....
What I am doing is going into safe mode, running Rkill (have tried all of the links multiple times) and most of the time I get a Microsoft Windows message saying that iexplore.exe has stoped working and then a windows system alert(bottom right shield with a red X) saying that windows security is not turned on. I have ignored these incase it is the virus.
Then I get the rkill log to pop up in notpad and there are no processes listed under terminated by Rkill.
Then I try TDSSkiller. If I run it with the standard options Services and drivers, and boot sectors. After this is run it scans but finds nothing... If I add the additional options Verify driver digital signatures and Detect TDLFS file system I get the bellow threats found. They all are marked at skip and when I google them I believe they are not an actual threat and didnt want to delete.
All are unsigned file
all are also listed as Suspicious object, medium risk.
Thank you so much for thehelp with this.
12-17-2011 12:19 AM
It appears that Norton is now detectiong the MaxSS (SST.a, SST.b) partition as Boot.Tidserv also now, which is a little confusing.
For Vista and Windows 7 type in the search box type diskmgmt.msc (Disc Management)
How many drives do you have listed and all the info please.