Over 1 million tech questions and answers.

Boot.TidServ.B virus on computer, unable to boot

Q: Boot.TidServ.B virus on computer, unable to boot

Dear All,

My computer has been infected with a Boot.TidServ.B virus.

Norton Recovery Tool has detected it, but can't fix it. Is Norton Power Eraser likely to be able to kill this kind of virus? What other options are available? NB the computer can't boot up, including in Safe Mode, so any solution would have to be run from CD/DVD ROM.

I've done a bit of research and come across an application called "TDSSkiller" from Kaspersky - is this likely to work? Note that, again, it would have to be run-able from CDROM.

Thanks in advance for your help.

RELEVANCY SCORE 200
Preferred Solution: Boot.TidServ.B virus on computer, unable to boot

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Boot.TidServ.B virus on computer, unable to boot

dantilley & MarrzlHello and to the BC forums.Please sit tight and be patient.I have requested that an experienced helper who specialises in un-bootable computers respond to your topic.Thank you.

Read other 14 answers
RELEVANCY SCORE 78.8

Hi, I ran Norton 360 and it keeps saying that boot.tidserv remove failed. I've tried using various methods to remove it and nothing seems to help. I was infected about a week ago with privacy protection and I ended up having to reinstall windows 7. I've run a few different scans and it's not showing, but I don't know if that's gone. I followed the uninstall instructions on this website, so I hope it's gone. Now I have the other problem. I'm afraid to use my computer. Please help!

Thanks.

Dawn

A:Unable to Remove boot.tidserv

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 17 answers
RELEVANCY SCORE 78

My machine has been infected with Boot.Tidserv.B as well. I am unable to boot the machine into Windows, including Safe Mode. Is there a bootable removal tool I can use to correct this issue? Any help would be greatly appreciated.

A:Tidserv, unable to boot [split topic]

Hi, what happens when you try to start your computer? How far does it boot up? Do you still see the Windows Splash screen? Does tapping F8 bring up the advanced boot options menu?

Also, what version of Windows is this and do you have the Windows CD/DVD at hand?

Read other 14 answers
RELEVANCY SCORE 74.4

Does anyone know know i can safely remove it from my laptop? Thanks in advance for your help.
Watson.

A:Boot.Tidserv virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 74.4

Hey guys my cousin asked me to remove the virus from his laptop running windows 7. it is the Boot.Tidserv.B trojan. norton detected it but cant seem to remove it and now im trying to do it myself but i cant seem to find it anywhere. any help?

A:Boot.Tidserv.B virus What do i do?

Before doing anything, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.How and Where to backup your files in XP or VistaHow to Backup and Restore in Windows 7How to use Ubuntu Live CD to Backup Files from your dead Windows ComputerPlease follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.Any objects found, will show in the Scan results - Select action for found objects and offer three options.If an infected file is detected, the default action will be Cure...do not change it.
Click Continue > Reboot now to finish the cleaning process.<- Important!!
If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.A log file named TDSSKiller_version_date_time_log.txt ... Read more

Read other 3 answers
RELEVANCY SCORE 74.4

Hi,
I have a Window XP Professional computer that is linked to many other computers in network. IT person at our company couldn't remove it but she is known to be pretty bad with computers (ironically). So, I ran Symantec, and its FIXTDSS and Powereraser but none of them worked. I also tried TDSS Killer but with no avail. In my Symantec endpoint projection, it says following information:

Filename: MasterBoot Record for Physical drive 0
Risk: Boot.Tidserv
Action: Log only

I tried to run D.D.S. but it freezes before completing the scan in addition to taking more than 15 minutes to run. Can I please get help? I am afraid that this computer will spread the virus to other computers.

A:Boot.Tidserv Virus won't go away!!! Plz help!

Hello purple lotus ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.We need to get the mbr dump for analysis.Make sure TDSSKiller.exe is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK."%userprofile%\Desktop\TDSSKiller.exe" -qmbrA folder will appear called TDSSKiller_Quarantine in the C:\ drive.Please zip up that folder and attach it... Read more

Read other 3 answers
RELEVANCY SCORE 74.4

Hi...My avast antivirus got expired..and viruses attacked
Now unable to boot ( i hav xp , vista and fedora ) in my computer.
what can be done.. unable to format also..because it is not getting swithced on so that
i can put the xp cd and install fresh copy again
Is there any way to get back data

A:virus - unable to boot my computer

Try safe mode with the f8 key on the key board and check wether the computer boots up or no it it boots up back up the data

Read other 1 answers
RELEVANCY SCORE 73.6

Hello,

I came here after reading from the Norton Antivirus forums. On my other computer I have 2 of these viruses, "Boot.Tidserv" that is detected using Norton.

Norton can't remove them. I tried the NPE program offered through them, still a no go. Will reformatting help? If not, or if their is an easier way I would appreciate it.

A few people have been directed here but I couldn't find the topic so I'm sorry if this was answered many times.

Thanks

A:Removing Boot.Tidserv virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 73.6

My Norton 360 Antivirus detects the boot.tidserv virus but will not remove it. I tried the get help section which said to disable the system restore, update the virus definitions in the Antivirus and rescan and it still didn't work and I even re-scaned in Safe Mode. How do I get rid of the boot.tidserv virus?

A:Removal of Boot.tidserv virus

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the I... Read more

Read other 1 answers
RELEVANCY SCORE 73.6

I was infected with a trojan virus about a month ago. My computer was still working for about 3 weeks then it failed to boot. Even when I tried to rid the virus it would stay and even AVG was disabled or was unable to perform scans with this virus.

So now I am here and this is the scan I performed from OTLE. I got a little ahead of myself and deleted the files I knew had been corrupted or were being replicated by the virus since my computer was infected on Jan 23, 2010. These files were around 5-6 digits and were exe files (e.g. 15437.exe).

Hopefully you guys can help me.

Thanks

OTL logfile created on: 2/16/2010 1:16:44 PM - Run
OTLPE by OldTimer - Version 3.1.29.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 62.44 Gb Total Space | 1.71 Gb Free Space | 2.75% Space Free | Partition Type: NTFS
Drive D: | 12.08 Gb Total Space | 1.42 Gb Free Space | 11.79% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not pr... Read more

A:Unable to boot computer with Trojan Virus on XP

Save the following text to your USB stick as fix.txt It must be named this, or the automated fix won't work.


.Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


Quote:




:OTL
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon32.exe) - C:\WINDOWS\System32\winlogon32.exe File not found
[2010/01/23 18:52:29 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/23 18:43:51 | 000,042,496 | ---- | M] () -- C:\ytlmlfc.exe
[2010/01/23 18:43:45 | 000,020,480 | ---- | M] (IpVOPqgs) -- C:\kkalf.exe
[2010/01/23 18:43:43 | 000,029,184 | ---- | M] () -- C:\dqccpnq.exe
[2010/01/23 18:43:42 | 000,016,384 | ---- | M] () -- C:\duehpow.exe
[2010/01/23 18:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jason\Application Data\AntiVirus Plus
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
:commands
[emptytemp]




Please double-click OTLPE.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator)
Click the red Run Fix button.
You should be presented with a message "No Fix has been Provided! Do you want to load it from a file? Click Yes.
Browse to the fix.txt file on your USB stick, and click Op... Read more

Read other 19 answers
RELEVANCY SCORE 73.6

I also posted this in the 'am I infected' forum, but I think this might be the more appropriate location.

This morning I restarted my computer after completing a MBAB scan. All objects were said to have been found/deleted and a restart was required to finish the process. On the restart, I got a blue screen that flashed briefly (<1second) before rebooting. I can't boot into safe mode/run last good config/etc. I chose 'don't restart on error' to see the error message, but I am not at home right now and don't remember the error codes. I tried to put the install disc in to run chkdsk /r and repair, but the message 'volume appears to contain one or more unrecoverable problems' appears. It does not even start the process, just pops that message up instantly. Also, there are no recognizable partitions. Any ideas for this? It appears that one or more of the quarantined/deleted files were vital to the computers operation, or, perhaps, the virus itself messed with the boot sector(s) / HD.

A:Ran a virus scan, now unable to boot the computer

If there is any way to get to a dos command, try sfc /scannow have the win xp cd ready it will be needed.
Another one to try is fixmbr but again you have to be at the run cmd..

It does seem that MBAM removed some bad boys that mucked up your system files pretty good.

Read other 6 answers
RELEVANCY SCORE 72

Hi,I have recently been infected by this virus it shows up in my norton internet security every time i turn on my computer on.I have been working with some guys in the computer tech section of 2 plus 2 forum too try and fix it so ill post the link too that thread if you view that link it will show all screen shots and logs including the combo fix log and others, i will still post combo fix log below aswell,and it will show you wat i have done so far for this virus nothing has worked so far. here is the link - 2p2 Thread what ive done so far too ged rid of thisAs requeted below is my dds logfile - DDS (Ver_10-12-12.02) - NTFSx86 Run by jmartin at 18:55:24.40 on Sat 22/01/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1787.862 [GMT 11:00]AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\system32\atiesrxx.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestricte... Read more

A:Boot.tidserv.B Virus Norton Picking Up but cant Remove it !

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 72

Hello,

Norton antivirus is telling me that my Windows 7 pc is infected with Boot.Tidserv. I was experiencing some of the usual symptoms - search engine redirects, etc - and was not able to remove with either Norton, NPE, FixTDSS, or MBAM. A Norton technician advised me to wipe the hard drive and reinstall the OS. I did this, and after reinstalling Norton a full scan revealed Boot.Tidserv still infecting the PC. Norton directed me to try NPE and FixTDSS again, which were ineffective. I am also running the full version of MBAM and a full scan does not register the infection. I have also tried Kaspersky's tdsskiller which also does not register the infection.

I am not experiencing any overt symptoms but Norton scans continue to show it as an infection. I understand that Boot.Tidserv can survive OS reinstalls and I have been unable to resolve it with any of my usual tools. I have copied below and attached the DDS files as requested; please note that I am running 64 bit so did not run GMER. Any advice is greatly appreciated - thanks very much!

Thanks,
Jeremy

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jeremy at 14:03:54 on 2011-12-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1413 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Update... Read more

A:Infected with Boot.Tidserv TDSS rootkit virus

Hi jwil,Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. My name is sundavis, I will be helping you to deal with your Malware problems today.Over Win7 Start logo > type diskmgmt.msc in search box and press enter > Disk-Management should prompt.Take a whole Disk Management Window screenshot and attach that picture in your next reply. For more info:This thread . We will start from that. Thanks

Read other 6 answers
RELEVANCY SCORE 72

Hello,

I was browsing the internet when suddenly this supposed antivirus scan just popped up in the middle of my screen and started detecting trojans and things within seconds. The icon in the system tray was a fake Windows shield and my suspicion that it was fake was confirmed when I tried to exit the program and it prompted me each time telling me I had to register. I tried to access my control panel and couldn't access the Start menu at all (when I clicked it it would do nothing). I didn't want this program to keep doing whatever it was doing on there so I just held the power button until it restarted.

Now when I go to turn the computer on, I get a message saying the following:

"Windows could not start because of an error in the software. Please report this problem as : load needed DLLs for kernel. Please contact your support person to report this problem."

I have no idea what that means. Google has yielded results on both topics (The "virus scan" is this program here apparently http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor), but way too many for me to be sure what my next course of action should be. I have Windows XP, I use an Acer PC...Not sure what other details would be helpful but whatever I can provide please let me know. All help is appreciated!
 

Read other answers
RELEVANCY SCORE 66.4

Got this tidserv virus nothing i try is working i even tried norton power eraser and it failed to do the job. I am running on Windows XP home and professional. I have tried to delete it via command prompt but unfortunately im not very good at it (trying to learn from youtube). I am having trouble rebooting which is what i think may be causeing the power erase to fail. Is there anything i can do besides wiping the system and starting over. Any help would be greatly appreciated.

Thanks,
Fuzzywall

A:Tidserv Avtivity 2 Boot.Tidserv.B

Hello,Please go here....Preparation Guide ,do steps.Create a DDS log and post it in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

Read other 5 answers
RELEVANCY SCORE 66

Win 7x64
Acer-5251
Everything seems to be working fine, but as the title suggests, when i tap F8 the Advanced boot options DO appear, but when i engage "Repair Windows" it just goes into a normal boot. Ive tried booting from my installation CD that i've purchased from Acer, but does nothing. And Yes My CD Drive is working, as well having this set as top priority in BIOS and CD is in good condition.

In addition to this, ive tried using the "Advanced Recovery options" from within Windows itself but when i go to click restart computer, i get an error message, with red-x, stating windows is unable to restart.

Additional info that may be relevant, is that a few months ago, i had a friend work on my computer, because windows wouldnt boot at all. When My laptop was returned to me, everything was fresh, but there was missing programs etc...He said, he had to format the hard drive to get it up and running again.

Anyway i appreciate any help as to what i should i do next, or answer any questions you may have-Thank-you!

A:Unable to access System Recovery in Boot Menu, and unable to boot disk

Quote:
He said, he had to format the hard drive to get it up and running again.


What type of Windows DVD was used?

Read other 6 answers
RELEVANCY SCORE 62.8

Computer won't boot "Reboot and Select proper Boot device or Insert Boot Media in selected Boot device and press a key." everytime i turn on the computer a black screen pop up saying
"Intel UNDI, PXE-2.1 (build 083)
Copyright (c) 1997-2000 Intel Corporation
This product is covered by one or more of the following patents:
US5,307,459, US5,434,872, US5,732,094, US6,570,884, US^,115,776 and
US6,327,625
Realtek PCIe FE Family Controller Series v1.27 (10/31/11)
PXE-E61: Media Test Failure, Check Cable
PXE-M0F: Exiting PXE Rom.
Reboot and Select proper Boot device
or Insert Boot Media in selected Boot device and press a key."
i can't even do anything on the computer and when trying to use the media disk it stays on a black screen.

Read other answers
RELEVANCY SCORE 62

Hello, I have an older dell laptop with windows xp and it has a really bad virus on it.

Normally i use trendmicro housecall and ive had it fix 99% of my problems with virues over the past several years. Their virus scan software wasnt working the other day, so i decided to do an online virus scan at kaspersky.com. After doing this virus scan it said it had removed a coupple of virues and decided to reboot. Ever since then i recieve a blue screen error message witn i try to boot into windows, safe mode, or safe mode with command prompt.

if it helps at all the blue screen message is Stop: 0x0000007B.

From what i have found is that it seems to be a virus effecting the master boot record. At this point i am able to use the windows xp cd to access the command console. from here i have ran chksdk which hasnt provided me with any info or repaired anything.

i have gone into the windows/system32/restore folder to run rstrui.exe and its says invalid command.
ive tried enable rstrui.exe and it says the registry entry for this service cannot be located.

ive read that i could try doing a /fixmbr to replace the master boot record but it says there is a posibility that once this is done, you cannot acess the partition, and i really would like to save the data on this drive and be able to at least transfer the data off of there before i do anything. doing a search on /fixmbr says its best to do a virus scan first but that was my first step and i dont have any antivirus software install... Read more

Read other answers
RELEVANCY SCORE 61.2

Hi I hope you can help with this, I have a gateway running vista and running Norton
on start up Norton pops up with a window that says that I have Boot.TidServ.B and it
cannot get rid of it. So I went out to Norton site and downloaded the tools they say
will take care of the virus and when I ran it it comes back and tells me that
backdoor.tidserv was not found on my system. So I don't know what to do, one part of
Norton tells me I have it and another part tells me I don't please help. Thank you

DDS (Ver_10-12-12.02) - NTFSx86
Run by Tom at 19:46:26.17 on Wed 03/09/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.1137 [GMT -5:00]

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:Help with Boot.Tidserv.B

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

Hello!! This is my first post. Norton Internet Security found that I am infected with trojan boot.tidserv.b. I have run Norton scan several times, but trojan remains. I have also run Norton Power Eraser. Still not removed. I re-ran Norton scan in Safe Mode. Not successful. I have attached a screen shot of the Norton message as a JPEG file. OS is Windows 7. Can you help me?

A:boot.tidserv.b

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please dow... Read more

Read other 3 answers
RELEVANCY SCORE 61.2

My Grandsons computer was hit by this Boot.Tidserv virus, Window will not boot, He has a lot of music on his hard drive that he does not want to loose should if a system recovery has to be done. The computer is running Windows 7, and Norton 360 Anti Virus. I downloaded the Bootable Recorery Tool from Norton which got windows to boot so the recovery tool could do a scan to find the virus, which it did but could not fix it. Any ideas as to how to procede?

A:Boot.Tidserv

Please post the exact content of the error message from the Norton Recovery Tool.

Does the system boot in safe mode?

Does the system boot without use of the Norton tool?

System manufacturer and model?

Louis

Read other 3 answers
RELEVANCY SCORE 61.2

I have been unable to remove the virus Boot.Tidserv.B. Norton detects it but cannot remove it.

A:Boot.Tidserv.B

Hello, first I moved this to the Am I Infected forum as we do not have the proper logs posted her.But I think we can get yhis like this.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it ... Read more

Read other 1 answers
RELEVANCY SCORE 61.2

Norton detects that my computer is infected with the Boot.Tidserv and will not repair. I can only boot using the Norton bootable recovery and scan the computer but it will not repair. Any help would be great.

A:Boot.Tidserv

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 61.2

Hi,

I have an HP laptop with Windows Vista that is infected with Boot.Tidserv. Despite many efforts, even following some of the solutions on this board, I cannot get rid of it. Norton blocks and quarantines the virus when the computer is started, but every time I reboot it has to clean it up again. Even though Norton seems to keep it at bay, I want to remove all traces of the virus to eliminate all potential for issues.

Thanks for any help you can provide, and let me know what information I can provide to expedite the process.

Jim

A:Boot.Tidserv won't go away!

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 61.2

I have a Windows Vista Home Premium with Norton 360 that has been infected by a germ called Boot.Tidserv. Based on hits from the internet others had had this problem as well, with the same results (or lack thereof as I have).

Three days ago is was online doing usual stuff and suddenly a message came from Norton saying something tried to attach, but was blocked. I will add that the message was red and had an X in it as if the trouble was not resolved. Seconds later another message saying something in the computer was acting suspiciously. The the computer started to react to the problem. Half my desktop icons were gone and I was panicked.

I did a system restore setting it back 24 hours and it seemed to do the trick. I did not....at least I don't think so. I got another red message saying Boot.Tidserve had infected and I needed to get rid of it.

I did a full system scan, per a Norton page I had gone to and nothing. I downloaded their power eraser...nothing. I tried Malewarebyte anti-malware....nothing. After a reboot I got the same Norton message and in exasperation I hit "fix it" and "apply all" one more time. Surprisingly I got a green check mark saying it had been fixed. A red X message followed as soon as I went back online. I called Norton and got nowhere (of course).

Online research suggested that there is a chance the problem was solved but Norton simply doesn't know it since it might not have been their product that eradicate... Read more

A:Boot.Tidserv (Help!)

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

Read other 8 answers
RELEVANCY SCORE 61.2

Two days ago I started getting a popup warning from Norton 360 warning about a threat labeled Boot.tidserv. When I asked Norton to fix the problem it came back and said that it could not remove it. I tried to do a restore yesterday (3/14) going back to 3/10 which was before I started receiving the warning. However, the warning still existed and when I selected to undo the restore, Windows was not able to undo the restore and now I can only get to the Windows login screen and then it goes to a blue screen saying windows has a problem and has to shutdown. I use this computer for my livelihood and while I have some files backed up, there are still others on this computer that I need. Please help I don't know where to start since I can't login. I am running Windows 7 Home Premium 64-bit on a laptop that does not have a disk drive, but i have a dvd drive and 2 usb ports.

A:Boot.tidserv Help!!

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 14 answers
RELEVANCY SCORE 61.2

Hey guys.

A buddy of mine asked me to reformat his hard drive for him on my computer. I threw in the hard drive and without opening it, I threw a Norton Virus scan on it. It came up with Boot.Tidserv.B and that it could not remove it. I formatted the drive. Now my Norton still continues to come up with Boot.Tidserv.B. I ran Norton Power Eraser and nothing came up and I also ran Norton FixTDSS as well nothing came up. The computer that the hard drive was from was a 32bit XP and my computer is a 64bit Windows 7. Is there a way i can be certain this virus did not make it to my computer? I am not to worried because I dont believe it did.

This is a copy of what Norton is saying.

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Boot.Tidserv.B
Type: Master Boot Record
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Remove Failed
-----------
1 System Action
Drive 0x83 - Infected

As well I might add, my scans are coming up clean with a current up to date Norton as well it says removal failed when I go into Norton > Security History > Unresolved risks.

Thanks for your help and let me know if you need additional information.

Read other answers
RELEVANCY SCORE 61.2

I ran a full scan of my pc and I am infected with Boot.Tidserv.B, Norton could not remove it. So I went to thier site to download removal tools, I tried the backdoor removal tool and this did not work so I was in the process of downloading the power eraser tool, which required a reboot. During the reboot my computer said I had 58 updates to apply and began the process and said not to turn off until done (I'm on Vista home), when that was finished it began to reboot, I got to the start up that said it has 0 of 3 updates to be applied and began applying, I then got a blue screen saying it had to shut down to protect my data and it started to reboot itself, I am then given the option to start again in normal mode/safe mode/ safe mode with networking or safe mode with computer prompts. I have tried all of them and I just keeping looping from the 0 of 3 updates to apply to the blue screen back to the screen asking me which mode to start in. Nothing works and I can't break this loop. HELP!!!

A:Boot.Tidserv.B

Hi jenns81027,

Welcome to Bleeping Computer.

Do you have one of the followings options:

Use F8 at Windows startup to get to Advance Boot Options menu. See if you have "Repair Your Computer" there. Just tell me if you have that option.

Or

Vista DVD.

Read other 23 answers
RELEVANCY SCORE 61.2

Hi,

I have a problem with Boot.Tidserv on our computer. Norton blocks and quarantines it every time we reboot, but it's never fully resolved. We have an HP Pavilion laptop running Vista. I've tried multiple malware and virus removal programs without success, so I thought I would try the forum here. Thanks so much for any assistance you can provide.

Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Lisa at 17:04:30 on 2012-01-14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2974.1434 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C... Read more

A:Cannot get rid of Boot.Tidserv

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

Read other 46 answers
RELEVANCY SCORE 61.2

I been having problems with Boot. Tidserv. C and was just wondering if i had followed hte instructions correctly in order for it to be able to be erased from my computer.

A:Boot. Tidserv. C

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 61.2

Operating system: Win 7 64 bit. I am working on a friend's computer that won't boot up and cannot be retored. I removed his hard drive and connected it to my laptop computer using an external cable adapter converter. As soon as Win 7 reconignized the drive Norton Antivirus displayed a warning that it had found Boot.tidserv virus and it could not remove it. I immediately disconnected the infected drive from my computer and ran a scan to make sure that I didn't infect my computer. The scan showed no infection. How can I remove the infection from my friend's computer when all I can do is boot his computer to the command prompt?

Tommy

A:Boot.tidserv

How were you able to boot to the command prompt? Throughout the Repair Console? Via Win 7 boot CD?

Read other 8 answers
RELEVANCY SCORE 61.2

Hello:

My computer is infected with the boot.tidserv virus. It was detected by Norton and beside it was obvious. My computer is basicaly locked. I cannot use Iexplorer, Taskmager is disabled, all the system tools are discabled, I cannot save the changes when I turn off the computer (I need to do a forced shut with the power button on the machine)

I am of course typing this from an other computer.

I ran TSSK software. It renoved an item (a disk managment file) and after that Norton shows the virus as removed andthen computer clear when I ran it a second time.

So everything should be fine... exeptthat I still have the symptoms. I cannot go on the internet and most of the system maintenance softwares are blocked. Some, such as iexplorer will actually work after a couple of hours out of nowhere. But if I shut down the computer to save the changes it just stay stuck on "Saving your settings..." and nothing happens until I just shut it down.

I am of course unable to provide you with any logs.

Do you think you might be able to help me.

Thanks.
Eric

A:boot.tidserv

Hello and welcome.. I moved you here to Am I Infected. What is your operating system?For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process.If needed : type these one line at a time, press enter after each line. See if it works after each.This can be run off a flash drive or CD.Download the FixTDSS.exeSave the file to your Windows desktop.Close all running programs.If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System RestoreDouble-click the FixTDSS.exe file to start the removal tool.Click Start to begin the process, and then allow the tool to run.Restart the computer when prompted by the tool.After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)If you are running Windows XP, re-enable System Restore.

Read other 16 answers
RELEVANCY SCORE 61.2

hello,

I have norton 360 and it keeps telling me it detected and removed boot.tidserv from my computer. everytime i restart my computer it says this. how do i really get rid of this? thanks

A:boot.tidserv

Hello and welcome.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved ... Read more

Read other 5 answers
RELEVANCY SCORE 61.2

I just purchased norton internet security and it keeps displaying a message saying it cannot remove boot.tidserv. I've tried all their recommended steps to no avail. Also, google keeps redirecting. I would greatly appreciate any help you could offer on the matter. I've attached the log as requested. Thanks in advance.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_13
Run by Lauren at 15:23:43 on 2011-08-11
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.767.188 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system... Read more

A:Boot.Tidserv

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 5 answers
RELEVANCY SCORE 61.2

Hi All,

I've got the same issue as dantilley... Used Norton Bootable Recovery Tool to discover I had this, but it can't remove it.

Boot the system (Win XP Pro 32bit), boots ok to login screen, click on user name and the system goes straight to logoff and then shutdown.

A:Tidserv B No Boot

Hello, do you have an XP CD at hand?

Read other 9 answers
RELEVANCY SCORE 61.2

I know its probably on this site already somewhere but I can't find it on here.
I have a BOOT.TIDSERV problem on my computer. Norton did not pick it up on the system scan. I ran CC Cleaner, Malwarebytes, Norton Power Eraser, Boot.Tidserv Removal Tool, Norton Bootable Recovery Tool(as the Norton tech advised this would be all that is needed to fix the problem or pay $100 for them to do it). I am currenyl running the computer from another hard drive in it. I checked various websites and tried the removal tools they suggest to no avail. Am I stuck Redoing the hard drive from scratch?

A:BOOT.TIDSERV

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)If TDSSkiller scan comes out clean ,try thisDownloadFIXTDSSLaunch it ,It may ask for restart,reboot the PCOn reboot let me know what it findsPress Windows+R key and typediskmgmt.msc and click okCan you post a screenshot of your disk management?Also norton should have specified a location of boot.tidserv,can you check its detailsThanks

Read other 1 answers
RELEVANCY SCORE 61.2

hello,
this is my first post here,and I'd appreciate any help.
Norton 360 found I'm infected with Boot.Tidserv.b
I couldn't see any problem expect bluescreens-shutdown-restart,the last two weeks.
sometimes it happens repeatedly,sometimes once or twice per day.
I tried Norton's special tool (FixTDSS.exe) which didn't find anything.
But I wasn't able to turn system restore off,before that,according to instructions ,
because I can't check the box(it's grey),and I can't set a new restore point too.
I hope you can help,
Nikos

A:about Boot.Tidserv.b

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 61.2

Norton has found Boot.Tidserv and will not remove it. What should I do?


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by mike at 16:28:11 on 2011-12-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2005.1357 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Fi... Read more

A:Boot.Tidserv

Hi mikeedfeem,

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. You may want to print and/or save the following instructions in Notepad as this webpage will not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back it up now just as a precaution.

-----------------... Read more

Read other 19 answers
RELEVANCY SCORE 61.2

I had a post regarding this problem in the "Am I infected? What do I do?" After some back and forth, I was told to post on this forum.

Here is a link to the other thread:

http://www.bleepingcomputer.com/forums/topic414291.html/page__st__15

Rather than reposting all of the history again, please refer to the other thread which has all of the steps I did and the output.

Where do I go from here?

If this virus is in the MBR, can't I just rewrite the MBR using Windows 7 Repair Services Bootrec.exe (http://support.microsoft.com/kb/927392)? Just a thought I'll throw out there...

Your help is greatly appreciated! Thanks!

A:Boot.Tidserv

Oops - my bad. Here you go:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Lindsey at 23:43:34 on 2011-08-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6005.3201 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\syst... Read more

Read other 34 answers
RELEVANCY SCORE 61.2

Hi Guys

I just got a brand new HP PC, activated Norton and "BANG" I already have a virus. Norton can't remove it and the guys at Norton Forums said you all were the experts....

What can I do??? Any help would be REALLY appreciated!!

A:Boot.Tidserv.B

I probably should have said I am running Windows 7...

Read other 2 answers
RELEVANCY SCORE 61.2

HELP, Please I some how got boot:tidserv. I have used Norton Power Eraser but still showing up at boot up. After using Power Eraser I can now get on line but still lots of problems. I am using Windows XP. HELP
Thanks

A:Boot:Tidserv

Hello again..Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.>>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Steal... Read more

Read other 3 answers
RELEVANCY SCORE 61.2

Norton has reported that I am infected with Boot.Tidserv, and that it cannot remove it.
Norton Security Suite
Version: 5.1.0.29

I tried running TDSS Fix Tool 2.1.3, which I downloaded from Norton. The results of it's scan was "No infections were found", so this did me no good.

I did not try Norton Power Erase (NPE).

I am running Windows 7 Home Premium.

A little history.... The machine became unbootable. I did not know why, but I assumed it was a virus that caused it. However, I was able to boot to a diskcopy program and make a mirror image of the drive. I did this so that I could recover all of my data. Dell was kind enough to send me a new hard drive, preloaded with Windows 7. I started this up, and the first thing I did then was to download Norton Security Suite from Comcast (Xfinity). At this point, all was good with the world. Then, I made my mistake - I plugged the drive image in with a USB adapter. This is when Norton reported the Boot.Tidserv infection. I unplugged the hard drive and rebooted, but Norton still reported the infection. Apparently it copied itself from the external HDD?

The machine will boot, but the infection is reported, and I do not want to proceed further reloading all my software and data until I get the internal and external drives cleaned of this thing.

Actually, if I can clean the external HDD, I can put this back into my computer and get right back to where I was before all this happened, with all my programs and data in... Read more

A:Boot.Tidserv

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

Read other 19 answers
RELEVANCY SCORE 61.2

Hello,This is my 1st post. Thanks for this forum and any help you provide with my issue.I have a laptop infected with Boot.Tidserv.B (as identified by Norton Recovery tools). I have read your post in http://www.bleepingcomputer.com/forums/topic376474.html which gives pretty specific advice. I will follow those instructions, but needed to start a new topic in order to post the logs from the applications referenced.Thanks for your helpMOD EDIT: Post your logs here in a reply and I will clean your topic up. Let's try to get at least a DDS log this way the Tech can get what they need (they will guide you) when they respond. Error on running the defogger.Just to be clear. I booted the computer from USB with Norton Recovery Tools. Went to the command prompt and copied defogger.exe, dds.scr and RKUnhookerLE.exe to the D: partition of the computer's HD.I ran defoggger from the D: (not the USB boot device) Contents of Defogger_disable.logdefogger_disable by jpshortstuff (23.02.10.1)Log created at 14:46 on 07/02/2011 (SYSTEM)Checking for autostart values...Unable to open HKCU\~\Run key (2)HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=-Content of DDS.txt - DDS (Ver_10-12-12.02) - NTFSx86 Run by grwinega at 15:51:26.02 on Mon 02/07/2011Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1314 [GMT -7:00]AV: Symantec AntiVirus Co... Read more

A:Boot.Tidserv.B

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It... Read more

Read other 18 answers
RELEVANCY SCORE 61.2

Norton Internet Security keep showing message window saying that it can't remove boot.tidserv, which is very annoing. I proceed all the steps they recommend but... the same results:zero. I hope you will help me to get rid of this malware.

A:boot.tidserv

Hi, Please download MBRCheck.exe to your Desktop. Run the application.If no infection is found, it will produce a report on the desktop. Post that report in your next reply.If an infection is found, you will be presented with the following dialog:Enter 'Y' and hit ENTER for more options, or 'N' to exit:Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Read other 26 answers
RELEVANCY SCORE 61.2

Hope I'm at the right place...

Norton can't remove the Boot.TidServ.B

I ran Avast and Norton and nothing

Any help to get rid of this would be appreciated.

A:Boot.TidServ.B

Hello and welcome,yes this is good.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to t... Read more

Read other 12 answers
RELEVANCY SCORE 61.2

TDSSkiller Did this and del it Launch it.Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) If TDSSkiller scan comes out clean ,try this Download FIXTDSS Did this said all is fine Launch it ,It may ask for restart,reboot the PC On reboot let me know what it finds Press Windows+R key and type diskmgmt.msc and click ok Can you post a screenshot of your disk management? Also norton should have specified a location of boot.tidserv,can you check its detailsI had norton remove it but it keeps popping up. I lost all my pics and games cause of this.Can i get them back or no? Plus my comp wont let me have a wallpaper it keeps saying access denied

A:BOOT.TIDSERV

01:05:51.0193 0544 ============================================================
01:05:51.0193 0544 Scan finished
01:05:51.0193 0544 ============================================================
01:05:51.0209 5076 Detected object count: 1
01:05:51.0209 5076 Actual detected object count: 1
01:06:02.0285 5076 c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll - copied to quarantine
01:06:02.0300 5076 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
01:06:02.0316 5076 HKLM\SYSTEM\ControlSet002\services\Akamai - will be deleted on reboot
01:06:02.0347 5076 HKLM\SYSTEM\ControlSet003\services\Akamai - will be deleted on reboot
01:06:02.0550 5076 c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll - will be deleted on reboot
01:06:02.0550 5076 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
01:06:13.0985 1300 Deinitialize success

Read other 14 answers