Auto Protect Description/Help

Archive
1

I would like some help on "where Auto Protect is getting detail to say 'it has protected me against Boot.Tidserv (Trojan) and fully resolved it/protected me'"???  I get this EVERYTIME I reboot, with this external drive attached; although that drive has been cleared of this Trojan.  (Ran scans that cleaned it; then later FDisked and cleared former partitioning - including hidden files, then reformatted it.  There is nothing now on that drive.)

There is no doubt that this drive had gotten the NEWEST Version of Boot.Tidserv; 32 bit version that attacks MBR (orig. 8/26/10) and makes drive unbootable - this happened.  I had to remove that drive from its machine, and "attach it as an external one to another system protected with up to date Norton NIS 2010".  This AV identified the Trojan, keeps saying it has FULLY RESOLVED it and removed/deleted files (I followed Norton's instructions in write-up to do removal and run scans).  I no longer get any indications of any virus on this entire system; but get this Auto Protect message (suspicious) as protecting me EVERYTIME I boot-up with this drive attached - BUT only when that particular drive is attached, but not if I do not attach that specific drive.

I thought Auto Protect was reacting to something left on that drive, so did the FDisk, and reformat - now there is nothing left.  However, Auto Protect still reacts at Boot-Up and gives this same message with something reacting to harddisk Volume 2; SO WHAT IS Auto Protect reacting to - maybe something in Registry when second drive is accessed at boot-up.  Can this be a Registry entry and be traced; it doesn't look so from Norton Logs as I see them.  Only thing mentioning more than it being drive 0x81 repaired is: "\Device\Harddisk Volume 2\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe".  I assume this is the Norton Program (Auto Protect) detecting something suspicious in memory???  Is that CORRECT; but where is it coming from??  Why do these logs show PORTS??

Can anyone help on this; not sure why these logs are not MORE ACCURATE or Helpful??  Norton seems to want to simply refer this to paid support (at $99.) without ANY SUPPORT/ATTENTION being given to this.  Since this is a new Trojan mutant just originated August 26, 2010; I think they ought to learn some more about it and how their existing software works it!!

ANY HELP???  Regards, d. l. c.