Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 planthead


  • Members
  • 1 posts
  • Local time:06:05 AM

Posted 03 October 2010 - 03:38 PM

Hello, I have a Dell Latitude D820 that Norton 360 has identified the Backdoor.Tideserv.I!inf virus on and has said that it requires manual removal. I have tried using Norton in safe mode as well and it is still unable to remove it. I have used the suggestions on the Norton website also and turned off system restore and again tried to remove it with no help. I have attempted to do the recommended procedures for posting on the Malwarebytes forum. Malware Bytes does not find any infected files. Ran DDS with no problem. However, when attempting to run GMER, every time shortly after starting the scan two copies of ccSvcHst.eve (one for System and one for the current user) begin taking up 100% of the CPU Usage, which prevents the scan from completing (sometimes crashes, once blue screen, sometimes save button does not appear, etc). These processes can't be stopped (Access is Denied).
When trying to run the GMER scan in safe mode, it wil scan but due to the screen resolution, the save button cannot be seen, and no amount of resizing, repositioning allows it to be seen. The screen resolution option does not appear to be available in safe mode. When examining the start up programs, there are two that cannot be removed, they are NvCpl and ctfmon. They cannot even be removed in safe mode as it states that must be logged in as an admin even if logged in as an admin.
I have tried to use the Norton Bootable Recovery Tool for Norton 360, but am given an error that Windows failed to start because file (\windows\system 32\boot\winload.exe) with status (0xc0000001) was missing or corrupt, after pressing enter it then says file (\Boot\BCD) status (0xc0000001) had an error while trying to read the boot configuration data. After hitting enter again it just attempts too reboot. It tells you to use the repair settings on the Windows install disk. When selecting the R, it then just proceeds to load windows normally. We would just wipe the thing and start over except there is a piece of software that was a nightmare to install (do to it being a piece of crap) that has a large amount of important data on it that we need access to, so we are hoping to find a way to recover this. Does anyone have any suggestions? Thanks in advance...

Edited by boopme, 03 October 2010 - 11:37 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,744 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:05 AM

Posted 04 October 2010 - 09:29 AM

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users