Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSoD after removal of Boot.Tidserv with FixTDSS.exe


  • Please log in to reply
1 reply to this topic

#1 Caru93

Caru93

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 02 November 2011 - 08:14 PM

Hopefully I'm posting this in the correct area. If not, please move it to where it is most appropriate.

Recently my computer became infected with the Boot.Tidserv rootkit(or bootkit, whatever you want to call it). It caused no real issues on loading my windows vista OS(64-bit SP2). However, the known issues it DID cause were a redirection of Google links and a more and more frequent BSoD while my computer was idle(Note: this is not my current issue.)

As the BSoD became more and more frequent(began happening maybe once every few days, to once a day, to multiple times in a day randomly), it became more of a bother and definitely needed to be fixed soon. This morning, I did more research on how I could actually fix it and came upon multiple solutions, of which I used FixTDSS.exe as was recommended not only by the Norton site, but also multiple other replies on threads related to the Boot.Tidserv infection.

After running the FixTDSS.exe, it showed that the infection laid within my MBR, and I proceeded to cure the issue(I cannot remember the exact wording of the program, but I basically just continued through the prompts). I was asked to fix my MBR, which I did. Upon restarting my computer, I now cannot load Normal Mode in Windows Vista as it will BSoD directly before the Windows Login screen comes up. It shows the GUI boot screen, my screen goes black for a moment(it always did this), then you can see the mouse load for just a moment. This is where the BSoD occurs.

I get the error code 0x1000007E.

I can boot into safe mode(with networking/cmd) and it loads perfectly fine, however, normal mode does not. I've since made multiple attempts to rewrite my MBR. I used MBRChecker.exe that was recommended from other sites and "successfully" rewrote my MBR. But, I'm currently at a standstill as it still goes straight into the BSoD as it did before.

What else can I attempt to do? Simple Google searches have stopped providing me with possible solutions. I can get any information off my system if needed with whatever programs. And, as far as I can tell, through scanning countless times with FixTDSS.exe again, NBRT, along with TDSSKiller.exe(which never showed any infections to begin with - but that may have been due to still having protected system files hidden, but they are being shown now and it picks up nothing), the infection has been disposed of. So, that shouldn't be the issue. I cannot think of any more solutions myself and, as I said, I cannot find anymore information on what may be causing this to begin with.

I do have this computer dual-booted with Ubuntu, however that has never caused any problems so far, and I can still load into it perfectly fine.

I'm mainly trying to fix this problem without having to reinstall my entire Vista OS. The "repair" disk I have has no cmd option with the DOS commands and ONLY has options to completely reinstall the OS. Through past experience, this also rewrites my ubuntu partition without any real warning - it completely wipes the disk.

So, with all that said... What now?
(I posted this to Symantec forums and was redirected to post it here)

Edited by Caru93, 02 November 2011 - 08:25 PM.


BC AdBot (Login to Remove)

 


#2 Artrooks

Artrooks

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:01:51 PM

Posted 03 November 2011 - 07:39 AM

Hello Caru93,

Since this is a general issue Vista Forum (not malware related), my recommendation is that you go to Bleeping Computer's Virus, Trojan, Spyware, and Malware Removal Forum at this link: Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help. They should be able to help you resolve this issue.

Follow all procedures and post a new malware removal request.

Regards,
Brooks



 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users