What a Boot.Tidserv nightmare !

ferrux · Jan 7, 2012

Hi there,
I am experiencing a nightmare with this rootkit, I have done tons of tests but cannot get rid of it :confused

The pc is a HP Desktop Pavilion 1209 with Windows XP Home.

The system boots normally' then after 3,4 minutes the hard drive starts again to work a lot and comes up with the attached screen contained in this set:
https://picasaweb.google.com/109175126296685887586/MBRBOOTVIRUS?authuser=0&feat=directlink

I choose the option to cure within its combo box and the problem seems fixed, only till next boot actually.

Here is only a small part of all tests that I recall:

>NPE
>NPE boot disk
>karpersky removal tool
>bit defender removal tool
>TDSSKiller
>g-data rescue live cd
>bitdefender rootkit new tool
>bitdefender recue live cd
>karsperky rescue live cd
>combofix
>gmer
>mbr.exe
>hitman pro second opinion
>booted from cd and hit the 'R' and successfully run the commands: 'fixboot' and 'fixmbr'.

---
Also, tried enabling and disabling the Windows restore point function
---
Gparted shows a hidden partition, I deleted that but no luck, still the dreadfull Norton notice.
---
Also tried Malwarebytes and Superantispyware, no luck.
---

I am quite desperate, Hope someone can help, I would seriously need to avoid the zerofilling of hard disk and reinstalling everything.

Please en-light me :wave
Thank you
Ferrux

ferrux · Jan 7, 2012

Here is the link to the screenshot:

https://picasaweb.google.com/109175126296685887586/MBRBOOTVIRUS?authuser=0&feat=directlink

TimW · Jan 7, 2012

Go to the below link and follow the instructions for running TDSSKiller from Kaspersky

TDSSkiller - How to run

Be sure to attach your log from TDSSKiller

Please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)

It will show a Black screen with some information that will contain either the below line if no problem is found:

Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.

MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.

Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Next, please follow these instructions:

READ & RUN ME FIRST. Malware Removal Guide

ferrux · Jan 7, 2012

Hi Geeks
yesterday I run a full scan from bitdefender live cd with the latest signature and found no threat, I just wondered how could be that possible since Norton keeped on alerting me.

I read some Norton forums and discovered an old but still present bug in the software, that is the unresolved threat history, in some cases like this may cause false positives, I have no words, I am so sorry I paid for such a crap software,
however I did clean the history and now magically I get no more annoying alert on booting phase.

Hope this may of some help to other people not to waste their and your time

Please consider this incident closed, it was a pleasure, hope to talk to you in future for 'lighter' issues ))

Best regard.
Ferrux

TimW · Jan 7, 2012

Not a problem. Safe surfing.

Log in or Sign up

What a Boot.Tidserv nightmare !

ferrux Private E-2

ferrux Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ferrux Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Log in or Sign up

What a Boot.Tidserv nightmare !

ferrux Private E-2

ferrux Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

ferrux Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Useful Searches