Re: TDL evolving

SendOfJive · ‎02-07-2009

Quads wrote:
One sample though places a randomly named file with registry key so that when the MBR gets cured on the restart (or after using a CD/DVD to fix) on the startup the MBR gets reinfected again, and again and again. The registry key and /or random file has to be dealt with first, before dealing with the MBR, otherwise you would be going around in circles somewhat.

They never give up, do they.

Quads · ‎07-21-2008

Just like aftershocks

Quads

Quads · ‎07-21-2008

For Peter

FixTDSS did not find or detect the infected MBR (Boot.Tidserv), here is a screenshot and the 2 logs attached. I downloaded FixTDSS from Symantec's download page again this morning incase it was updated during my night time.

FixTDSS2.1.2.jpg

Quads

mdersch · ‎05-08-2011

Okay, I'm new here... obviously since this is my first post.

NIS is telling me that I've got Boot.Tidserv on my computer (Windows 7 64)... cant' remove it...

Tried FixTDSS and NPE: both said there is "no infection", yet every time the computer boots Norton pops up stating it's still there.

There are NO other signs/symptoms that I'm aware of, but I'm scared to do anything with a password (like online financial work) in case someone somewhere is able to access this information.

What next?

Quads · ‎07-21-2008

Run TDSSkiller 2.5.0.0, FixTDSS does not detect Tidserv (the newer variants) on my PC.

Quads

mdersch · ‎05-08-2011

THANKS! that worked.... did have to clear the history on Norton to stop it from warning.

Quads · ‎07-21-2008

Due to the fact you used another program to cure TDL4 (boot.Tidserv) Norton do the curing so still has the Unresolved Threat listing and so still has the listing.

The same listing would have still been there if it was FixTDSS that cured the Bookit instead.

The problems woth FixTDSS are being looked into over the last few days.

Quads