boot.Tidserv

deible1 · ‎12-05-2010

Hello,

I just finished a complete re-install after formatting the hard drive. After installing SP3 and installing all windows updates I installed Norton Internet Security. While installing application I noticed that the after booting Norton Security detected Boot.Tidserv, which it reported as Removed and then Fully removed. However, these same two messages appear every time I boot and periodically when I have been running for some time.

The messages appear in the Security History window when I look under Resolved Security Risks.

After I noticed the messages I ran a full scan which found the JS.KakWorm.G, which was removed. No instances of Boot.Tidserv were found during the full scan.

I don’t understand why the software is reporting the Boot.Tidserv virus as fully removed if it keeps appearing everytime I boot.

Looking for ideas. I started the re-install because of a previous infection that I could neither identify nor remove.

SlamDunkley · ‎02-18-2010

. Disable system restore

2. Update Norton Internet Security

3. Reboot into safe mode

4. Perform a full system scan with Norton Internet Security

5. Perform a full system scan with Malwarebytes, it can be downloaded from the link below, don't forget to update it first

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=d...

Hope this helps :)

SlamDunkley · ‎02-18-2010

Then after you done that I would recommend you use CCleaner to get rid of temp and junk files, you can download it from the link below

http://www.piriform.com/ccleaner/download/standard

When installed, click on 'Run Cleaner' and junk files will be removed

aviben1994 · ‎11-26-2010

You may as well try Hitman Pro or Norton power eraser or any other multicloud vendor scanners(will have False positive)

Read up the threat removal from symantec regarding the threats they may help

Also if u have any folder opening or folder option/task manager issue download dsik heal to correct them

Run a scan after changing heuristic and sonar to agressive in normal mode

aviben1994 · ‎11-26-2010

http://www.symantec.com/security_response/writeup.jsp?docid=2010-082613-5957-99

http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99

also download important updates for Norton and windows(Genuine only) update both

I recommend you use windows 7 as microsftwill surely gonna quit support for XP soon

this will land you in some problems

The second threat in removal category is said to be difficult to remove u still wanna continue trying to clean your pc or format all drives just to extra secure!

SlamDunkley · ‎02-18-2010

deible1

Even if you remove these infections I would recommend a reformat just to be on the safe side, it's best to get rid of boot.tidserv before reformatting though.

delphinium · ‎11-21-2008

Please visit one of these free malware removal forums for assistance in removing this bootkit. Bleeping is very busy but all of these are quite capable. If you continue to use different programs, it may well cause other problems, and if one of them actually works, your machine may not boot again.

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

aviben1994 · ‎11-26-2010

their used to be tool to fix mbr(from symantec)

Or why not get a symantec tech. dude remotely repair your computer

Quads · ‎07-21-2008

This is a classic thread to why I no longer do advanced malware removal on this forum. Norton cannot as far as I know remove Boot.Tidserv (but Symantec is getting there) Malwarebytes as I have said before is a no go, It is not meant to detect infected files that are critical, and also CCleaner is useless for this.

Please go to the protected sites for Malware removal, They are able to check all drives for the infected MBR (s) if more than one drive , if it isn't present, It might be that Norton has it stuck in the Unresolved History.

They should be also able to check for JS.KakWorm.G,

A reformat should not be required, otherwise I should be reformatting my PC like 20 times a day.

Quads