Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP laptop not booting, Norton AV CD detects Boot.Tidserv.B


  • Please log in to reply
10 replies to this topic

#1 Ram Doma

Ram Doma

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 05 June 2011 - 04:15 PM

I am trying to fix a Sony VAIO VGN-C140G laptop with Win XP Media Center Edition 2008. It starts booting and displays the low resolution Microsoft Windows XP logo with a black background and a progress bar at the bottom, then the screen changes to a high resolution Windows XP logo with a blue background and shows the hour glass working beside the cursor. After a few seconds, the hour glass disappears and all disk activity stops and it is stuck at this screen and the only thing I can do is move the cursor around. ALT+TAB does not show that there are any windows in the background waiting
for user input. I am not able to boot into safe mode either.

When I had problems in the past, I simply use the recovery partition to re-image the machine but this time that doesn't
work. I used the Norton Boot CD and it detected Boot.Tidserv.B but could not clean it. I used Kaspersky Rescue CD and
BitDefender USB also, but they did not detect any malware. I'd appreciate it if you could help me fix the system without
removing the recovery partition -thanks for your time!

BC AdBot (Login to Remove)

 


#2 Ram Doma

Ram Doma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 05 July 2011 - 11:20 AM

At: http://community.norton.com/t5/Norton-Internet-Security-Norton/Boot-tidserv-b-A-NASTY-virus/m-p/413088#M151085

It says "Try booting from clean CD(even from NBRT) then open command line and write fixmbr \Device\HardDisk0 it will completely overwrite your current(infected) MBR with default Microsoft MBR."

Would executing the fixmbr \Device\HardDisk0 command from the NBRT effect the Sony VAIO VGN-C140G laptop recovery partition on the hard disk in any manner? If it doesn't effect the recovery process, I'll just go ahead and restore the MBR. Once the system boots, I can do a clean install from the recovery partition.

Thanks, Ram.

Edited by Ram Doma, 05 July 2011 - 11:31 AM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:57 AM

Posted 08 July 2011 - 02:08 AM

Hi Ram, a recovery partition may indeed be affected by doing this. Can you still access it at this point (Tidserv overwrites existing MBR and can already cause trouble accessing a recovery partition).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Ram Doma

Ram Doma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 08 July 2011 - 10:03 AM

Hi Elise! You are right, I cannot access the recovery partition by pressing F10 on bootup.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:57 AM

Posted 08 July 2011 - 10:36 AM

In that case you can go ahead fixing the MBR anyway, as it will make no difference for the Recovery Partition, but it will at least fix the infection.

Please let me know if you need detailed instructions on how to do this. Afterwards verify if the recovery partition is accessible. If not, we'll have a look if it can be fixed manually.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Ram Doma

Ram Doma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 08 July 2011 - 01:23 PM

Thanks for your prompt reply Elise! I will try restoring the MBR this evening using NBRT and update you. If NBRT doesn't work, is there any other way to restore the MBR using a flash drive?

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:57 AM

Posted 08 July 2011 - 01:48 PM

Yes, there is, just let me know how it goes. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Ram Doma

Ram Doma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 09 July 2011 - 12:26 PM

NBRT from USB did not have fixmbr, so I used TestDisk from Hiren's Boot CD to restore the MBR. I rebooted the system and noticed that it was still getting stuck midway through the boot process like before. Just to be safe, I restored the MBR again and booted off the recovery partition using Hiren's BootCD and restored the C: drive.

The computer is booting fine now and I have access to the recovery partition by pressing F10 :) I am going to install the recovery console to make this a little easier next time and will backup the hard drive image onto an external drive.

BTW, the computer had AVG Free when it got infected. Any recommendations for a good free AV or AV/Anti-Spyware combo to install that is light on system resources.

Thanks for all your help Elise!

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:57 AM

Posted 09 July 2011 - 01:47 PM

Hi, I am glad to hear that! TestDisk is indeed an excellent tool to fix these things, especially to make partitions accessible again.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Ram Doma

Ram Doma
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 10 July 2011 - 09:10 AM

Thanks Elise!

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:57 AM

Posted 10 July 2011 - 09:14 AM

You are welcome, happy computing! :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users