Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

alureon virus


  • Please log in to reply
7 replies to this topic

#1 jocose

jocose

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 17 August 2010 - 09:58 PM

Hi,


I have a Windows XP Media Center Edition Version 2002 Service Pack 3. I am using the new Norton Security Antivirus and I have gotten this message:

Infected file: c:\Qoobox\quarantine\CWindows\system32\Drivers\intelide.sys.vir_
(Backdoor.Tidserv!inf)
Manual removal required

My Norton says this is a high risk infection but the Symantec site says :

Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
Modifies Files: Modifies legitimate system files.
DistributionDistribution Level: Low

I am getting a lot of intrusion attempts on my computer and I am worried about what kind of damage this virus has done to my OS.

I have read about doing the combofix and it says you need to back up the computer and only do it with someone trained to do the scan to
avoid losing everything on your computer.

Will backing up my computer also back up the virus?

Thank you,
jocose

BC AdBot (Login to Remove)

 


#2 jocose

jocose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 17 August 2010 - 10:05 PM

Hi again,

I don't know if this helps, but when I get the intrusion attempts, my Norton details says "The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE."

Thanks again,
jocose

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:30 PM

Posted 17 August 2010 - 11:44 PM

Hello and welcome.

Please run the tools in our Removal Guide here How to remove Google Redirects
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

The other log is here... C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 jocose

jocose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 21 August 2010 - 10:43 PM

Hi boopme,

Thanks for the reply. I had taken my computer to my local computer repair shop and got it back on Aug. 13. I thought the problem was taken care of. I kept trying to get rid of the virus and driving myself crazy, when I found this site on Aug. 17. On Aug. 18, I went back to the shop to get my money refunded, since I still had the virus. He said bring it back in and he would work on it. I found out that the virus had been quarantined but was still on my computer. He did get it off and I haven't had any problems since I got it back on Aug. 20. :flowers:

I will still keep your reply, in case it (:thumbsup:) happens again.

Thank you again for your time and advice,

jocose

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:30 PM

Posted 22 August 2010 - 01:46 PM

Hello, thanks for the update.
For yoyur edification please read Clean, Quarantine, or Delete?

Generally speaking, if it's a worm or trojan then the best option is to quarantine or delete. If it's a true virus, the best option is to clean.


Best to start with a clean, If not cleanable quarantine. A quarantined file can no longer harm your PC. This is done in case the file is important to the smotth operation of the PC. Then it can be replaced or cleaned.
'delete' if (a) the antivirus scanner specifically recommends it*, or (:thumbsup: you're absolute certain that it's not a legitimate file, or © there's just no other option
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 jocose

jocose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 22 August 2010 - 03:21 PM

Hi boopme,

Thanks for the link. I never understood the difference between the options. Very good article.
I thought that it was quarantined but I was still getting a lot of intrusion attempts. :flowers:

Since I've gotten my computer back and the virus deleted, the intrusion attempts have stopped. :thumbsup:

Thanks again,

jocose

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:30 PM

Posted 22 August 2010 - 05:05 PM

You're most welcome.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 jocose

jocose
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 22 August 2010 - 07:38 PM

Hi boopme,


Thanks, I've got it done.

I really appreciate all your help. :thumbsup:

Have a good evening,

jocose




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users