OK here is my issue. The other day (last week) my son came to me with a computer issue. It had multiple pop ups saying that the hard drive and RAM had failed. I installed Norton IS(was not on his computer I had let it lapse by accident) and ran a check. It found 10 threats, was able to clean 9 of them. The one it could not clean was the boot.tidserv.
I then asked friends for help and have used NORTON'S tips for getting rid of this. I have used housecall(found and cleaned 4 threats nortons didn't see), Kaspersky( found nothing) and Nortons "POWER ERASER and The rescue tool.
To this date Nortons still says that I have this boot.tidserv threat on my computer. The only choices I have are Get help, rescan or exclude. What am I supposed to do with this?
2. Boot.Tidserv is the detection for the TDL TDSS boot sector, although there are now a couple of other groups that use the boot sector technique like maybe carberp.
Try TDSSkiller download by clicking on the .exe link as it can be updated quicker then the ,zip version.
If detected, after you will still have to clear Norton's unresolved threats list.
Thanks Quads..... I think Ive got it removed now however I cant find out how to get to the unresolved threats list.... I am using 32bit VISTA are you able to help me find this??
Thanks for the help.... Ive done everything listed in the link multiple times, However NORTONS still shows the boot.tidserv threat whenever I run it. This DOES NOT show on any other virus program that I have used.... Any other tips or do I have to either ignore it or Fdisk my computer :(
I did and it still shows up after the next restart. With the TDSSkiller I assume its the newest vision out there, I got it from the site you recomended.
What I am doing is going into safe mode, running Rkill (have tried all of the links multiple times) and most of the time I get a Microsoft Windows message saying that iexplore.exe has stoped working and then a windows system alert(bottom right shield with a red X) saying that windows security is not turned on. I have ignored these incase it is the virus.
Then I get the rkill log to pop up in notpad and there are no processes listed under terminated by Rkill.
Then I try TDSSkiller. If I run it with the standard options Services and drivers, and boot sectors. After this is run it scans but finds nothing... If I add the additional options Verify driver digital signatures and Detect TDLFS file system I get the bellow threats found. They all are marked at skip and when I google them I believe they are not an actual threat and didnt want to delete.
All are unsigned file
Service: Giveio
Service: PxHelp20
Service: speedfan
Service: USBAAPL
all are also listed as Suspicious object, medium risk.
It shows 3 disks(at the top under volume) one not named one is C and the other is D. It wont allow me to attach a screen shot because its not a txt, log, or lue file. If you have an email I can send it to I would be happy to forward the jpg. Not sure what other information it is that you need.
If you don't know what you are doing at all, Try and find someone who really does as you don't want to delete the wrong (good) partitions otherwise on exiting the boot CD and booting via Hard Drive you will or could go nowhere, no Windows.
I will post on the other thread how to using 2 other boot CD's with screenshots borrowed, may take awhile.
Thanks again for the GREAT help.... I will try and get with my neighbor to see if he can help me with this step of the process. The one other question I have is would F disking the drive fix the issue as well??
FDisking the drive does not help as you would reformat the partition you are in (more than likely HP (C:)) and then when you clean install Windows, and eveything else including Norton again, Norton will once updated again detect the 3MB partition.
As seen by another users comment,
" A Norton technician advised me to wipe the hard drive and reinstall the OS. I did this, and after reinstalling Norton a full scan revealed Boot.Tidserv still infecting the PC. Norton directed me to try NPE and FixTDSS again, which were ineffective. I am also running the full version of MBAM and a full scan does not register the infection. I have also tried Kaspersky's tdsskiller which also does not register the infection.
I am not experiencing any overt symptoms but Norton scans continue to show it as an infection. I understand that Boot.Tidserv can survive OS reinstalls and I have been unable to resolve it with any of my usual tools"
I have the screenshots for using Gparted step by step, using the example of a 1MB MaxSS partition, I just have to place them in order and figure out what to type simply put.
OK that answers my question... I guess Ill wait till you have the time to post what/how I can do this myself. I will also check the link you provided as help. . Is this something that a tech can do remote? or does it have to be in person?
Well one other question, the computer itself seems to run ok, although I have not used it for anything special at this time. If I just ignore the warning will it cause any major issues in the future? Or is that 3MB partician the virus hiding in wait until I stop trying to kill it to come back?
Sorry its taken me so long to reply. I will be looking at the other thread over the next couple days. Its been a busy work week and Xmas this weekend. I will update and let you know if it worked or if I screwed the pooch :)
