• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!


backdoor.tidserv removal tool

Runing XP SP3. Norton Internet Security 2011 came up with warning:

"volsnap.sys.vir contains threat backdoor.tidserv.inf"

Status "manual removal required".

Risk: High

Infected file is C:\Qoobox\quarantine\C\WINDOWS\system32\drivers\volsnap.fix.vir

Using option "remove this file" resulted in something like a "not possible" message.

On this page http://www.symantec.com/security_response/writeup.jsp?docid=2008-111113-1112-99&tabid=3

Its says to run Norton Power Eraser. This took a long time to reboot, did an long scan and reported no threats.

Then I saw another page http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99

about the removal tool. I downloaded this tool, but after running it get the error:

"pre-boot operation failed, unable to continue".

I cant figure out how to manualy remove the threat. Can someone help?


Accepted Solution
Kudos5 Stats

Re: backdoor.tidserv removal tool

With FixTDDS I have tested the new version but don't know where it's available to download yet, prbably not, as it's not gone though testing fully after helping with FixTDSS.

As to your problem, we are talking about TDL3+ having once infected a critical OS file, but in your case you can manully just delete the Infected file is C:\Qoobox\quarantine\C\WINDOWS\system32\drivers\volsnap.fix.vir (making sure to double check you have the correct file) and delete from the Recycle Bin.  

You may have to disable Norton Auto-Protect to allow you to do this.

Then you will have to go into the Norton History, Unresolved Threats, list and click the "Clear Entries" button.



Re: backdoor.tidserv removal tool

Thanks, Quads.

Excellent advice.


Re: backdoor.tidserv removal tool

I received a similar message but it didn't tell me which file was infected It told me that I was infected with Backdoor.Tidserv.I!inf and to manually remove it by doing the following steps:1. Disable the System Restore. 2. Update the virus definitions. and 3. Run a full system scan. Are these legitimate instructions from Norton or has something else hacked my system?


Re: backdoor.tidserv removal tool

Norton should tell you the file name etc. when you click on the details.

Both NPE and the stand alone FixTDSS removal tool are updated to detect the latest TDSS, Tidserv, TDL variants.

See this post and the one below for the NPE Tutorial (if you like) and the post below that from Peter with the download links.  http://community.norton.com/t5/Tech-Outpost/TDSSkiller-TDL4/m-p/467396/message-uid/467396/highlight/true#U467396

NOTE: To make it simple, If it's not the same as file and location as for the user above DO NOT delete the file as it will be a driver that is critical to Windows, so the file needs to be cured or disinfected NOT DELETED.



This thread is closed from further comment. Please visit the forum to start a new thread.