Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Tidserv!inf


  • This topic is locked This topic is locked
4 replies to this topic

#1 Just Mercury

Just Mercury

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:28 PM

Posted 15 May 2010 - 02:03 AM

Having found the Backdoor.Tidserv!inf Trojan on my computer, by running Norton 360 Version 3. I have attempted to remove it using the process described on the Symantec Security Response page.

It describes the removal as Easy.

Removal is apparently done in 4 steps as follows:

1 Restart computer using Windows Recovery Console.
2 Disable System Restore.
3 Update the virus definitions.
4 Run a full system scan.

I've done this, following the steps in more detail as the page then describes, but Norton 360 still finds the infection is on my computer.

What is the next step that i can try?

I'm just glad removal was not described as Hard as i've been at this for about a week now on and off.

Any ideas,suggestions greatfully received
when i grow up i want to be..................all growed up!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:28 AM

Posted 15 May 2010 - 02:11 PM

Hello,

If you still have System Restore disabled, please reenable it now. Disabling System Restore as the first step when attempting to clean a system or when scanning for malware is not advisable. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice. This is really not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. If an incident renders your system problematic or unbootable, you can use System Restore to return it to a previous working state. Without a restore point to fall back on, you are left with a limited means of restoring your system to a usable condition. Disabling this feature could mean having to perform a repair install (or reformat in worst case scenarios) if you're unable to fix any problems which System Restore may be able to correct. Although System Restore is not always 100% guaranteed to work all the time, it at least gives you another option before resorting to more drastic measures.

"System Restore and malware removal - what is best practice?"
"Should I purge all my restore point BEFORE removing infection?"

From what you describe you have a rootkit aboard which will require specialized tools to remove. Please follow the instructions in ==>This Guide<== starting from step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues.

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Just Mercury

Just Mercury
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:28 PM

Posted 16 May 2010 - 07:58 AM

Hi Orange Blossom,
I downloaded DDs.scr This opened as an AutoCad File type and not a screensaver type, so the notepad file created was just a mass of (possibly Autocad) Symbols.
GMER created a Blank Window Screen and blanked out the guide too.
Where to next?
when i grow up i want to be..................all growed up!

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:28 AM

Posted 16 May 2010 - 03:42 PM

Hello,

Since you were unable to run DDS or GMER, please try this:

Download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Please start a new topic and post your log in the HijackThis Logs and Malware Removal forum, NOT here.
  • Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:28 AM

Posted 17 May 2010 - 06:54 PM

Hello,

I see that you were successful in running RSIT.

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/317283/backdoortidservinf/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users