03-20-2012 01:27 PM - edited 03-20-2012 01:34 PM
Then what was I supposed to do? Kaspersky proved very useful, however TDSSKiller knocked out my internet. I'm still not sure how to fix that black screen error everytime I had to boot my pc except having to go into the recovery console to restore the os back to factory default.
03-20-2012 03:05 PM - edited 03-20-2012 03:17 PM
Well if you want to play with this stuff and at the end this is what happens, When you do your factory reset, which wipes the HD and install Windows a fresh, don't play with the stuff again or attempt to deal with these groups.
Interesting on page 2, http://community.norton.com/t5/Tech-Outpost/Rootki
But yet you struggled and did a factory reinstall, hmmmm which means your methods don't work, people should ignore what you did (don't do the same).
As I said on page 2 Internet = I.P Stack or could be corrupt driver, black screen = it's not fully removed. As I have done for people even when Windows won't startup I have had to remove the infection on the system and reset things for Windows to startup again.
03-22-2012 09:31 AM - edited 03-22-2012 10:27 AM
Actually, the first infection was when I experienced the black screen at bootup, so I went into the recovery console. The second one after that was the network redirect rootkit called Sirefef. I couldn't access System Restore b/c there was an error trying to open it using the Recovery Console and after I had restored the pc to default, it had a ZeroAccess trojan in several of its system snapshots.
04-15-2012 05:48 AM - last edited on 04-15-2012 02:02 PM by shannons
I removed this with Kaspersky Rescue CD.
Downloaded the iso
Booted to it in text mode
configured the networking
downloaded the updates
scaned all my drives, deleteing or disinfecting files
scan the boot sector,and disenfected it
I tried a dozen or so different things this was what finally removed it
I also finished by using Rouge Killer to scan and restore my desktop and start menu, and other settings
09-21-2012 09:04 PM
Thank you Quads. you were extremely helpful in helping me remove Boot.tidserv off an old Dell Optiplex 755 running Windows 7 x64. I found a hidden partition using your GParted theory. It had 1.93MB partition. After I rebooted it 3 times I got no warning from Norton stating my machine was infected. So im doing another fresh install to make sure the registry and MBR is good. Thanks again.
09-22-2012 03:36 PM
With boot.Pihar and MaxSS (SST.*) it is not really the MBR like with TDL4, but I am aware Symantec / Norton does or can detect these as Tidserv for quite some time.
09-22-2012 05:06 PM
Yeah the way it was embedded makes me think it was the Maxes strain. Nasty little bugger though. Neither NPE, TSSkiller, or fresh installs helped. But your theory was right on spot. Good work. IM in school right now to become a security specialist. Is there anything else I should do to be sure its completely gone? MalwareBytes or anything similar didn't pick up its signature before anything you might know of to be sure?
09-22-2012 06:43 PM
Reformat and Fresh Install of Windows does not work for a reason, I do keep telling people, about infections surviving reformatting.
You did your own thing, so I don't give any info or advice for your system.