Hahaha
On testing I infected with TDL3 /4 and ran Norton Power Eraser, It detected the driver, but it also detected legit files so I don't know the actual reason for the detection or if it just happened to be a fuke in between the False Positives
NPE restarted the PC an preceeded to deleted or try and delete the driver and Controlset registry entry for it. Like Norton previously trying to or succeeding to delete the driver like "atapi.sys"
<Remediate DateAndTime="Saturday, 26 June 2010 Time: 09:52">
- <Infections_Selected_For_Remediation>
- <DRIVERS Count="1">
- <Driver ID="1">
- <File_Information>
<Path>D:\WINDOWS\system32\DRIVERS\intelppm.sys</Path>
<FileVersion><></FileVersion>
<ProductVersion><></ProductVersion>
<ProductName><></ProductName>
<Company><></Company>
<Copyrights><></Copyrights>
<MD5>27FDB47F3F2EFE36F72C0971A03406C0</MD5>
<SHA256>D2C269B6686A9B8769BB5546FC711FDE33FBA400 9B96863D241CD6B9D64506CB</SHA256>
<FileSize>36352 bytes</FileSize>
</File_Information>
- <SideEffects Count="2">
<File>D:\WINDOWS\system32\DRIVERS\intelppm.sys</File>
<RegistryKey>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\intelppm</RegistryKey>
</SideEffects>
</Driver>
</DRIVERS>
<SERVICES Count="0" />
<PROCESSES Count="0" />
<LAYERED_SERVICE_PROVIDERS Count="0" />
<DESKTOP_SHORTCUTS Count="0" />
<AUTORUN_FILES Count="0" />
<STARTUP_ITEMS Count="0" />
<BROWSER_HELPER_OBJECTS Count="0" />
<BROWSER_TOOLBARS Count="0" />
<BROWSER_PLUGINS Count="0" />
<SHELL_EXTENSIONS Count="0" />
<EXPLORER_PLUGINS Count="0" />
<DIRECTORIES Count="0" />
<FILES Count="0" />
<SYSTEM_SETTINGS Count="0" />
</Infections_Selected_For_Remediation>
</Remediate>
- <RemediationStatusPostReboot DateAndTime="Saturday, 26 June 2010 Time: 09:54">
- <Infections_Remediated>
- <DRIVERS Count="1">
- <Driver ID="1">
- <File_Information>
<Path>D:\WINDOWS\system32\DRIVERS\intelppm.sys</Path>
<FileVersion><></FileVersion>
<ProductVersion><></ProductVersion>
<ProductName><></ProductName>
<Company><></Company>
<Copyrights><></Copyrights>
<MD5>27FDB47F3F2EFE36F72C0971A03406C0</MD5>
<SHA256>D2C269B6686A9B8769BB5546FC711FDE33FBA400 9B96863D241CD6B9D64506CB</SHA256>
<FileSize><></FileSize>
</File_Information>
- <SideEffects Count="2" Status="Remediate_Failed">
<File>D:\WINDOWS\system32\DRIVERS\intelppm.sys</File>
<RegistryKey>\REGISTRY\MACHINE\SYSTEM\CurrentCon trolSet\Services\intelppm</RegistryKey>
</SideEffects>
On checking I found that actually the driver had gone, So I placed it all back.
intelppm.sys = Intel Processor Driver
BSOD territory as we know from people on the forum previously and why Norton won't remove the driver for ".........Tidserv!inf" or shouldn't, unless a definition has been added causing the removal problem again
If Malware that infects /patches legit system files etc. is suspected, Tidserv is just one group, zeloaces is one other off the top of my head. it is not advised to use Norton Power Eraser to remove the types of infections as bigger problems can occur with removing drivers Windows needs.
Quads