Boot.Tidserv

genehall33 · May 28, 2011, 6:06pm

I am having problems. Norton 360 pops up saying I have 2 high risk threats. Boot.Tidserv. I run NPE and TDSSm Adware. Nothing removes the virus. Norton says it failed to remove the threats. What good has my money done if what I paid for cannot and will not remove it. Norton needs to attack this issue and resolve this issue or this long time customer will be buying another program from another company.

Swede41020 · May 28, 2011, 6:36pm

Hello, sorry to hear about your problem and that you got a virus on your computer.

a question first, what version of Norton 360 do you have installed on your computer.

What operating system and service pack do you have installed on your computer

Have you done a Full System Scan on your computer using the latest protection updates via Liveupdate.

Does Norton 360 Quarantine any files when if founds these threats on your computer, or does Norton only warn you about these threats?

Here are a link to Boot.Tidserv Removal Tool.

http://www.symantec.com/security_response/writeup.jsp?docid=2010-082613-5957-99&tabid=3

You can also use these two programs on your computer, Superantispyware and Malwarebytes Anti-Malware and to try to remove the threats from your computer. Here are the links to the programs.

http://www.filehippo.com/download_malwarebytes_anti_malware/

http://www.filehippo.com/download_superantispyware/

Install one or both programs on your computer, and do a Full Scan of your computer.

When you have done all this, let us now if the problem got solved or if the problem is still there.

Replay in the same topic.

Good Luck

Quads · May 29, 2011, 1:45am

NPE won't detect or shouldn't remove the the Detection name known as Boot.Tidserv or Backdoor.Tidserv!inf family names, as far as I know NPE has not been given the ability yet and the date on the linked instructions is old.

The Removal Tool to detect and remove Tidserv (including Boot.Tidserv) is here http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99

Although the Removal Tool has not been updated on the site for the user for the lastest Tidserv versions.

So try TDSSkiller if that doesn't work.

Quads

xxxpersonxxx · May 29, 2011, 3:11am

If none of those work then if you can identify the virus using taskmanager or another way you can then go into your registry and delete any keys it has created by pressing control - F to search for specific names and tags. To get to the registry editor press start > run > and type in regedit. You need to be admistrator of the computer. It's best to use regedit in safe mode that way the virus can't stop you. To get into safe mode either run msconfig the same way you run regedit and under the boot tab check safe boot > minimal.

-Alex

Quads · May 29, 2011, 3:32am

Hahaha. Who has been able to find Boot.Tidserv by using the Task Manager or Regedit??

Boot.Tidserv does not show in simple ways like this, if only it was so easy.

Quads

Quads · June 1, 2011, 12:38am

I'm still trying to work out how to use the Task Manager and Regedit to find and remove this Malware Family, even with the old TDL2 + it doesn't work.

Quads

genehall33 · June 2, 2011, 11:59am

I have done several full system scans using my latest updated paid for Norton 360> no thrests found. I have run NPE(root kit scan)>no thrests found, I have run TDSS>no threats found. On a reboot of my system using NPE, my system will reboot, run its checks, and when done, Norton 360 throws up a warning that I have two high threats, both of which are Boot.Tidsev, and both removals failed by Norton. When I choose the get help and ok in Norton 360, a web page comes up for the removal tools, etc. When I minimize the removal page, one threat is gone from the Norton warning, when I click the get help for the second Boot.Tidserv threat and click the ok, another help page comes up for removal tools, and I notice that the Norton 360 warning of the two threats flashes in the window, that all threats have been removed. With that said, when I reboot my computer the cycle starts again, my system boots up, and Norton 360 once again warns me of 2 high threats of Boot.Tidserv. I tried other anti-virus programs from www.cnet.com and of course they scan my system, root kit scans like NPE, but then want me to purchase their product to remove the threats found. I do not want to do a total system recovery unless I have too. I have CCleaner and Ad-Aware, and neither of those will remove or find this Boot.Tiderv threat. I have tried several registry scan programs with no luck as well. I keep my Windows update, up to date, Norton is up todate as well. I do a manual update to insure all these stay up todate even when I see that it has run in the back ground automaticely. I will try the several suggestions listed below. I complete system recovery from what I have been reading here may or may not resolve this problem. Will post an update when I have competed the several suggestions listed. Thanks

genehall33 · June 2, 2011, 1:14pm

OK, I went to http://www.filehippo.com/download_superantispyware and downloaded this, they found a total of 14 tracking cookies, and after running the scan and rebooting, the Norton 360 warning of 2 threats of Boot.Tiddserv did not come up after rebooting. I have a list of the tracking cookies they were found. Hopefully this fixed the Boot.Tidserv threats.

delphinium · June 2, 2011, 2:44pm

If TDSSKiller found and removed the TDL3/4, you will need to go into Norton unresolved threats in history and clear the entries. When another application removes it, Norton does not know it is gone and continues to pop up warnings.

delphinium · August 2, 2011, 2:53pm

1. It could have been a new variant that Norton didn't recognize at the time but had since had updated definitions. Norton might actually have popped up a warning and been ignored. Any number of things can happen to reduce protection. No antivirus is 100% all the time.

2. Once the system has become infected, the malware attempts to prevent the antivirus from working properly. If the tool was built into the antivirus it could also be made ineffective.

SendOfJive · August 2, 2011, 4:14pm

Hi jstenuf,

Here is a short article that appeared when Boot.Tidserv was first discovered. It explains the nature of this threat:

http://www.symantec.com/connect/blogs/tidserv-64-bit-goes-hiding

vigilante · November 20, 2011, 3:25pm

I had a problem with Boot.tdiserv, and here is how I fixed it.
Only Norton Internet Security saw this problem; no other program could see it.
My computer ran fine, but it was bothersome to have this red Norton warning every time I started the computer.

First, here's what DIDN'T work:
   Super Antispyware
   Kaspersky TDSSKiller
   GMER Rootkit Scanner
   MBRCheck.exe
   Norton Power Erase
   Malwarebyte Anti-Malware
   Norton Internet Security (obviously)

Instead, I used the command FIXMBR.EXE, and this overwrote the MBR. Problem solved.

One caveat: the command warns that this may delete partitions. This did not happen in my case (my second partition survived just fine), but I did copy everything over to another disk before using this command *just in case.*

delphinium · November 20, 2011, 4:45pm

Rootkit removal can be very risky to the system which is why most security software is not allowed to remove it. If the sofware simply deletes the infected file, and it happens to be a crucial windows file, or part of the MBR the machine becomes useless. Special tools are generally needed along with an educated idea of how to safely fix it.

vigilante · November 23, 2011, 5:34am

Thanks for the warning.

pop · October 21, 2012, 10:53pm

Why will my Norton not fix this problem. I was under the impression that is why I spent the money for the Norton

Nerimash · October 22, 2012, 12:49pm

it's only current engine limitations for Threat-removal Layer

Cheers

Boot.Tidserv

Announcements