05-15-2011 02:51 PM
Runing XP SP3. Norton Internet Security 2011 came up with warning:
"volsnap.sys.vir contains threat backdoor.tidserv.inf"
Status "manual removal required".
Infected file is C:\Qoobox\quarantine\C\WINDOWS\system32\drivers\vo
Using option "remove this file" resulted in something like a "not possible" message.
Its says to run Norton Power Eraser. This took a long time to reboot, did an long scan and reported no threats.
Then I saw another page http://www.symantec.com/security_response/writeup.
about the removal tool. I downloaded this tool, but after running it get the error:
"pre-boot operation failed, unable to continue".
I cant figure out how to manualy remove the threat. Can someone help?
Solved! Go to Solution.
05-15-2011 05:47 PM
With FixTDDS I have tested the new version but don't know where it's available to download yet, prbably not, as it's not gone though testing fully after helping with FixTDSS.
As to your problem, we are talking about TDL3+ having once infected a critical OS file, but in your case you can manully just delete the Infected file is C:\Qoobox\quarantine\C\WINDOWS\system32\drivers\vo
You may have to disable Norton Auto-Protect to allow you to do this.
Then you will have to go into the Norton History, Unresolved Threats, list and click the "Clear Entries" button.
06-15-2011 02:23 PM
I received a similar message but it didn't tell me which file was infected It told me that I was infected with Backdoor.Tidserv.I!inf and to manually remove it by doing the following steps:1. Disable the System Restore. 2. Update the virus definitions. and 3. Run a full system scan. Are these legitimate instructions from Norton or has something else hacked my system?
06-15-2011 06:10 PM - edited 06-15-2011 06:35 PM
Norton should tell you the file name etc. when you click on the details.
Both NPE and the stand alone FixTDSS removal tool are updated to detect the latest TDSS, Tidserv, TDL variants.
See this post and the one below for the NPE Tutorial (if you like) and the post below that from Peter with the download links. http://community.norton.com/t5/Tech-Outpost/TDSSki
NOTE: To make it simple, If it's not the same as file and location as for the user above DO NOT delete the file as it will be a driver that is critical to Windows, so the file needs to be cured or disinfected NOT DELETED.