Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton can't remove backdoor.tidserv!inf from atapi.sys


  • This topic is locked This topic is locked
5 replies to this topic

#1 Brett C

Brett C

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 16 August 2010 - 01:58 PM

Hello I'm new here looking for help, any would be greatly appreciated. Also I'm a novice at computer troubleshooting. That being said...

I've been having a problem with Norton 360 detecting the above mentioned virus. It requires manual removal from atapi.sys but never gets removed. Could this be a false positive? Attached are two ComboFix logs. Log1 was run before Log2. This has not solved the problem. I have two other computers on XP with "clean" atapi files. Would I just be able to take the relevant files from the C://WINDOWS or not? If not, where can I get a clean version of atapi.sys. I'm very hesitant to do anything involving the Recovery disk. Please reply and thank you very much for any time you take to help me.

Brett C.

Attached Files


Edited by hamluis, 16 August 2010 - 02:44 PM.
Moved from Xp forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:54 PM

Posted 17 August 2010 - 04:29 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Nowand ensure that your machine does so.

  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. smile.gif


So long, and thanks for all the fish.

 

 


#3 Brett C

Brett C
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 18 August 2010 - 12:11 AM

It says it cured it. Did it really cure it? Thanks very much for your help. The log is attached below. Is that TDSSKiller regularly updated?

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:54 PM

Posted 18 August 2010 - 02:58 PM

Good evening. smile.gif

QUOTE
It says it cured it. Did it really cure it?

Probably - are you still suffering from any symptoms?

QUOTE
Is that TDSSKiller regularly updated?

Possibly - I don't know for sure.

I think we'll have alittle scan as a second opinion:

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Let me have the MBAM log, a fresh DDS log including Attach.txt ( see step 7 here), AND a description of how your PC is behaving.

So long, and thanks for all the fish.

 

 


#5 Brett C

Brett C
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 18 August 2010 - 04:55 PM

I have had Malwarebytes on here, but it never picked up on that file. I haven't had any more symptoms so I think all is well. Thank you very much for the suggestion and your time. thumbup.gif

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:54 PM

Posted 21 August 2010 - 03:26 PM

As this issue appears to have been resolved this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users