Not what you were looking for? Ask our experts!
Reply
Visitor
DaveZ1
Posts: 4
Registered: ‎05-15-2011
Accepted Solution

backdoor.tidserv removal tool

Runing XP SP3. Norton Internet Security 2011 came up with warning:

"volsnap.sys.vir contains threat backdoor.tidserv.inf"

Status "manual removal required".

Risk: High

 

Infected file is C:\Qoobox\quarantine\C\WINDOWS\system32\drivers\volsnap.fix.vir

 

Using option "remove this file" resulted in something like a "not possible" message.

On this page http://www.symantec.com/security_response/writeup.jsp?docid=2008-111113-1112-99&tabid=3

Its says to run Norton Power Eraser. This took a long time to reboot, did an long scan and reported no threats.

 

Then I saw another page http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99

about the removal tool. I downloaded this tool, but after running it get the error:

 

"pre-boot operation failed, unable to continue".

 

I cant figure out how to manualy remove the threat. Can someone help?

Bot Obliterator
Quads
Posts: 16,451
Registered: ‎07-21-2008

Re: backdoor.tidserv removal tool

With FixTDDS I have tested the new version but don't know where it's available to download yet, prbably not, as it's not gone though testing fully after helping with FixTDSS.

 

As to your problem, we are talking about TDL3+ having once infected a critical OS file, but in your case you can manully just delete the Infected file is C:\Qoobox\quarantine\C\WINDOWS\system32\drivers\volsnap.fix.vir (making sure to double check you have the correct file) and delete from the Recycle Bin.  

You may have to disable Norton Auto-Protect to allow you to do this.

Then you will have to go into the Norton History, Unresolved Threats, list and click the "Clear Entries" button.

 

Quads

Visitor
DaveZ1
Posts: 4
Registered: ‎05-15-2011

Re: backdoor.tidserv removal tool

Thanks, Quads.

Excellent advice.

Visitor
ctoepke
Posts: 1
Registered: ‎06-15-2011

Re: backdoor.tidserv removal tool

I received a similar message but it didn't tell me which file was infected It told me that I was infected with Backdoor.Tidserv.I!inf and to manually remove it by doing the following steps:1. Disable the System Restore. 2. Update the virus definitions. and 3. Run a full system scan. Are these legitimate instructions from Norton or has something else hacked my system?

Bot Obliterator
Quads
Posts: 16,451
Registered: ‎07-21-2008

Re: backdoor.tidserv removal tool

[ Edited ]

Norton should tell you the file name etc. when you click on the details.

 

Both NPE and the stand alone FixTDSS removal tool are updated to detect the latest TDSS, Tidserv, TDL variants.

 

See this post and the one below for the NPE Tutorial (if you like) and the post below that from Peter with the download links.  http://community.norton.com/t5/Tech-Outpost/TDSSkiller-TDL4/m-p/467396/message-uid/467396/highlight/...

 

NOTE: To make it simple, If it's not the same as file and location as for the user above DO NOT delete the file as it will be a driver that is critical to Windows, so the file needs to be cured or disinfected NOT DELETED.

 

Quads 

.