Hi,
I have an HP Pavilion desktop from 2006 running XP that became infected with virus(es) so I installed Norton AV 2012 (not in Safe Mode though) and it could not fix the problem. I did a System Recovery (not from discs, but I guess a partition on one of my drives?), which I thought would kill ANYTHING, it deleted all my files of course, but when I loaded Norton AV 2012 back onto the computer, it again detected a Boot.Tidserv threat that it says it can not remove. The details are below:
Full Path: Not Available
On computers as of Not Available
Last Used 5/3/2012 at 9:03:34 PM
Startup Item No
Launched No
Unknown
Number of users in the Norton Community that have used this file: Unknown
Unknown
This file release is currently not known.
High
This file risk is high.
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
Suspicious Actions
Master boot record infection: Drive 0x80
Remove Failed
File Thumbprint - SHA:
Not Available
File Thumbprint - MD5:
Not Available
I tried Norton Power Eraser and downloaded the Backdoor.TidServ removal tool, but neither worked. I have done searches and read a few threads about Boot.Tidserv, but frankly I'm not familiar enough with computers to attempt anything drastic like deleting partitions or whatever. Can this virus actually attach itself to the system recovery partition? I would have thought that impossible, I mean System Recovery deletes EVERYTHING and brings the computer back to factory condition, complete with the desktop craplets from AOL & Blockbuster! Is it possible Norton AV is just detecting a ghost of a virus? If not, I guess at this point I will have to either trash the computer (I have a laptop), or take it to a professional (=$). Maybe I should spend the money on upgrading the machine to Windows 7. Would that finally get rid of Boot.Tidserv?
Thanks for any and all insight.