Not what you were looking for? Ask our experts!
Reply
Contributor
Dclark015
Posts: 12
Registered: ‎12-13-2011
Accepted Solution

BOOT.Tidserv

OK here is my issue.  The other day (last week) my son came to me with a computer issue.  It had multiple pop ups saying that the hard drive and RAM had failed.  I installed Norton IS(was not on his computer I had let it lapse by accident) and ran a check.  It found 10 threats, was able to clean 9 of them.  The one it could not clean was the boot.tidserv.

 

I then asked friends for help and have used NORTON'S tips for getting rid of this.  I have used housecall(found and cleaned 4 threats nortons didn't see), Kaspersky( found nothing) and Nortons "POWER ERASER and The rescue tool.

 

To this date Nortons still says that I have this boot.tidserv threat on my computer.  The only choices I have are Get help, rescan or exclude.  What am I supposed to do with this?

 

Any help is GREATLY appreciated.

 

DClark015

Bot Obliterator
Quads
Posts: 16,528
Registered: ‎07-21-2008

Re: BOOT.Tidserv

1.  Sound like you had a variant of the Fake HDD family, like http://www.bleepingcomputer.com/virus-removal/remove-system-fix

 

2. Boot.Tidserv is the detection for the TDL TDSS boot sector, although there are now a couple of other groups that use the boot sector technique like maybe carberp.

 

Try TDSSkiller download by clicking on the .exe link as it can be updated quicker then the ,zip version.

 

If detected, after you will still have to clear Norton's unresolved threats list.

 

Quads

Contributor
Dclark015
Posts: 12
Registered: ‎12-13-2011

Re: BOOT.Tidserv

Thanks Quads..... I think Ive got it removed now however I cant find out how to get to the unresolved threats list....  I am using 32bit VISTA are you able to help me find this??

 

 

Thanks in advance

Bot Obliterator
Quads
Posts: 16,528
Registered: ‎07-21-2008

Re: BOOT.Tidserv

Norton's History the the Unresolved list from the drop down menu.

 

Quads

Contributor
Dclark015
Posts: 12
Registered: ‎12-13-2011

Re: BOOT.Tidserv

Thanks for the help.... Ive done everything listed in the link multiple times, However NORTONS still shows the boot.tidserv threat whenever I run it.  This DOES NOT show on any other virus program that I have used....   Any other tips or do I have to either ignore it or Fdisk my computer :(

Bot Obliterator
Quads
Posts: 16,528
Registered: ‎07-21-2008

Re: BOOT.Tidserv

[ Edited ]

Did you clear the unresolved threats list?

Did TDSSkiller (newest version) find anything??

 

Quads

Contributor
Dclark015
Posts: 12
Registered: ‎12-13-2011

Re: BOOT.Tidserv

I did and it still shows up after the next restart.  With the TDSSkiller I assume its the newest vision out there, I got it from the site you recomended.

Bot Obliterator
Quads
Posts: 16,528
Registered: ‎07-21-2008

Re: BOOT.Tidserv

The up to date page is http://support.kaspersky.com/faq/?qid=208280684

 

See where is says "Execute the file TDSSKiller.exe" Click on the TDSSkiller.exe

 

Quads

Contributor
Dclark015
Posts: 12
Registered: ‎12-13-2011

Re: BOOT.Tidserv

Tried again with same results....

 

What I am doing is going into safe mode, running Rkill (have tried all of the links multiple times) and most of the time I get a Microsoft Windows message saying that iexplore.exe has stoped working and then a windows system alert(bottom right shield with a red X) saying that windows security is not turned on.  I have ignored these incase it is the virus.

 

Then I get the rkill log to pop up in notpad and there are no processes listed under terminated by Rkill.

 

Then I try TDSSkiller.  If I run it with the standard options Services and drivers, and boot sectors.  After this is run it scans but finds nothing...  If I add the additional options Verify driver digital signatures and Detect TDLFS file system I get the bellow threats found.  They all are marked at skip and when I google them I believe they are not an actual threat and didnt want to delete.

 

All are unsigned file

Service: Giveio

Service: PxHelp20

Service: speedfan

Service: USBAAPL

 

all are also listed as Suspicious object, medium risk.

 

 

 

Thank you so much for thehelp with this.

Bot Obliterator
Quads
Posts: 16,528
Registered: ‎07-21-2008

Re: BOOT.Tidserv

It appears that Norton is now detectiong the MaxSS (SST.a, SST.b) partition as Boot.Tidserv also now, which is a little confusing.

 

For Vista and Windows 7 type in the search box type diskmgmt.msc  (Disc Management)

 

How many drives do you have listed and all the info please.

 

Quads