12-05-2010 07:43 PM
I just finished a complete re-install after formatting the hard drive. After installing SP3 and installing all windows updates I installed Norton Internet Security. While installing application I noticed that the after booting Norton Security detected Boot.Tidserv, which it reported as Removed and then Fully removed. However, these same two messages appear every time I boot and periodically when I have been running for some time.
The messages appear in the Security History window when I look under Resolved Security Risks.
After I noticed the messages I ran a full scan which found the JS.KakWorm.G, which was removed. No instances of Boot.Tidserv were found during the full scan.
I don’t understand why the software is reporting the Boot.Tidserv virus as fully removed if it keeps appearing everytime I boot.
Looking for ideas. I started the re-install because of a previous infection that I could neither identify nor remove.
12-05-2010 08:43 PM - edited 12-05-2010 09:02 PM
. Disable system restore
2. Update Norton Internet Security
3. Reboot into safe mode
4. Perform a full system scan with Norton Internet Security
5. Perform a full system scan with Malwarebytes, it can be downloaded from the link below, don't forget to update it first
Hope this helps :)
12-05-2010 08:50 PM
Then after you done that I would recommend you use CCleaner to get rid of temp and junk files, you can download it from the link below
When installed, click on 'Run Cleaner' and junk files will be removed
12-05-2010 08:59 PM
You may as well try Hitman Pro or Norton power eraser or any other multicloud vendor scanners(will have False positive)
Read up the threat removal from symantec regarding the threats they may help
Also if u have any folder opening or folder option/task manager issue download dsik heal to correct them
Run a scan after changing heuristic and sonar to agressive in normal mode
12-05-2010 09:03 PM - edited 12-05-2010 09:10 PM
also download important updates for Norton and windows(Genuine only) update both
I recommend you use windows 7 as microsftwill surely gonna quit support for XP soon
this will land you in some problems
The second threat in removal category is said to be difficult to remove u still wanna continue trying to clean your pc or format all drives just to extra secure!
12-05-2010 11:40 PM - edited 12-05-2010 11:41 PM
Please visit one of these free malware removal forums for assistance in removing this bootkit. Bleeping is very busy but all of these are quite capable. If you continue to use different programs, it may well cause other problems, and if one of them actually works, your machine may not boot again.
12-06-2010 12:15 AM
This is a classic thread to why I no longer do advanced malware removal on this forum. Norton cannot as far as I know remove Boot.Tidserv (but Symantec is getting there) Malwarebytes as I have said before is a no go, It is not meant to detect infected files that are critical, and also CCleaner is useless for this.
Please go to the protected sites for Malware removal, They are able to check all drives for the infected MBR (s) if more than one drive , if it isn't present, It might be that Norton has it stuck in the Unresolved History.
They should be also able to check for JS.KakWorm.G,
A reformat should not be required, otherwise I should be reformatting my PC like 20 times a day.