Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv Activity


  • Please log in to reply
2 replies to this topic

#1 Woolley

Woolley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 26 October 2011 - 07:46 AM

Ok, so here's the rundown.

Two days ago i received a notification from Norton360 saying "Threat requiring manual removal detected: System Infected: Tidserv Activity 2.". I followed the link provided and proceeded to run Backdorr.Tidserv Removal tool and Norton Power Eraser, to no avail. I called Norton, and they remotely accessed my computer in an attempt to eradicate the threat. All seem fine afterwards, but then the message appeared again. So again the following day I called Norton, they tried again, and failed. I have scoured forums and ran TDSSKiller, installed new versions of antivirus software, tried restoring my PC to a pervious backup, and no success whatsoever.

Please Help! I have no idea where to go from here.

BC AdBot (Login to Remove)

 


#2 Woolley

Woolley
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 26 October 2011 - 07:49 AM

Also, my operating system is Windows 7.0 on an Acer Aspire Notebook.

#3 Guest_sundar7701_*

Guest_sundar7701_*

  • Guests
  • OFFLINE
  •  

Posted 26 October 2011 - 07:50 AM

Norton warning tidserve activity is a symptom of 64 bit zaccess rootki

Check for C:/WINDOWS/SYSTEM64 (not the sysWOW64 folder)

if u have it then i can confirm that is a 64 bit zaccess rootkit.Pity that Norton support doesnot even notice this.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.

http://www.bleepingcomputer.com/forums/topic34773.html


Then start a new thread HERE and include or required logs.

http://www.bleepingcomputer.com/forums/forum22.html

Including a link to this thread will be helpful.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users