11-27-2008 04:17 PM
11-27-2008 04:24 PM
Removal instructions for Backdoor.Tidserv!inf: http://www.symantec.com/en/uk/security_response/wr
You can also Upgrade to N.I.S. 2009, using the Remaining Days of your Norton 2008 Product.
Upgrading instructions for Norton 2006 Products and Later:
01. Select your Product and Version, from the Web Link (above).
02. Save the Download on your Desktop.03. Save your Product Key (www.mynortonaccount.com; http://service1.symantec.com/SUPPORT/custserv.nsf/
04. Dis-connect from the Internet.
05. Go to Add/Remove.
06. Locate "Norton Internet Security/Norton AntiVirus (Symantec Corporation)" and click on "Remove".
07. Follow the instrctions and, when asked to, re-start your computer.
08. Locate to Add/Remove upon start-up.
09. Click on LiveUpdate and "Remove" and any other LiveUpdate.
10. If requested, re-start your computer.
11. Double-click on the Saved N.I.S./N.AV. File on your Desktop.
12. Follow the instructions.
13. Open Norton Internet Security or Norton AntiVirus and "Run [Norton] LiveUpdate" manually.
14. It is now Safe to Connect to the Internet again.
15. If you notice things not running right with N.I.S. 2009/N.AV. 2009, it may be a bug; please Post them here [in the Forum].16. If you have Other Norton Products, then you can re-install LiveUpdate, or, if you have Used the N.R.T., you can re-install your Other Norton Product(s); if you do not have the Disc, then you can re-download it via the Trailware. Norton SystemWorks users have had a "Patch" Released so that Updates are received through Norton LiveUpdate, i.e. your Norton Internet Security 2009 Product.
17. If you have problems un-installing/installing, then use the Norton Removal Tool.
11-27-2008 08:34 PM
I tried this solution and it did not work I still have the Trojan, Below is the export from Norton.
Scan Time: 3870 seconds
Scan Targets: C:
Total items scanned: 356,905
- Files & Directories: 355,657
- Registry Entries: 252
- Processes & Start-up Items: 866
- Network & Browser Items: 124
- Other: 5
Total security risks detected: 1
Total items resolved: 0
Total items that require attention: 1
Virus ID: 38565
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
c:\documents and settings\owner\local settings\temp\tdss3671.tmp - Failed
11-27-2008 09:32 PM
11-27-2008 10:25 PM - edited 11-27-2008 10:27 PM
It seems that it uses a Rootkit Driver to even run in Safe Mode So the file would be "in use" so unable to delete...................................
It can be using the "Svchost.exe" to run. that is where the O4 entry above is mentioned.