05-02-2011 07:05 PM
One sample though places a randomly named file with registry key so that when the MBR gets cured on the restart (or after using a CD/DVD to fix) on the startup the MBR gets reinfected again, and again and again. The registry key and /or random file has to be dealt with first, before dealing with the MBR, otherwise you would be going around in circles somewhat.
They never give up, do they.
05-03-2011 05:23 PM
FixTDSS did not find or detect the infected MBR (Boot.Tidserv), here is a screenshot and the 2 logs attached. I downloaded FixTDSS from Symantec's download page again this morning incase it was updated during my night time.
05-08-2011 02:32 PM
Okay, I'm new here... obviously since this is my first post.
NIS is telling me that I've got Boot.Tidserv on my computer (Windows 7 64)... cant' remove it...
Tried FixTDSS and NPE: both said there is "no infection", yet every time the computer boots Norton pops up stating it's still there.
There are NO other signs/symptoms that I'm aware of, but I'm scared to do anything with a password (like online financial work) in case someone somewhere is able to access this information.
05-08-2011 03:57 PM
Due to the fact you used another program to cure TDL4 (boot.Tidserv) Norton do the curing so still has the Unresolved Threat listing and so still has the listing.
The same listing would have still been there if it was FixTDSS that cured the Bookit instead.
The problems woth FixTDSS are being looked into over the last few days.
05-25-2011 04:28 PM
Soemvery interesting, and highly technical information on maax++ here:
Quads is probably the only one of us that actually understands it.