Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What a Boot.tidserv nightmare !


  • This topic is locked This topic is locked
3 replies to this topic

#1 ferrux

ferrux

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 07 January 2012 - 04:15 AM

Hi there,
I am experiencing a nightmare with this rootkit, I have done tons of tests but cannot get rid of it,

The pc is a HP Desktop Pavilion 1209 with Windows XP Home.

The system boots normally' then after 3,4 minutes the hard drive starts again to work a lot and comes up with the attached screen contained in this set:
https://picasaweb.google.com/109175126296685887586​/MBRBOOTVIRUS?authuser=0&feat=directlink

I choose the option to cure within its combo box and the problem seems fixed, only till next boot actually.


Here is only a small part of all tests that I recall:

>NPE
>NPE boot disk
>karpersky removal tool
>bit defender removal tool
>TDSSKiller
>g-data rescue live cd
>bitdefender rootkit new tool
>bitdefender recue live cd
>karsperky rescue live cd
>combofix
>gmer
>mbr.exe
>hitman pro second opinion
>booted from cd and hit the 'R' and successfully run the commands: 'fixboot' and 'fixmbr'.

---
Also, tried enabling and disabling the Windows restore point function
---
Gparted shows a hidden partition, I deleted that but no luck, still the dreadfull Norton notice.
---

I am quite desperate, Hope someone can help, I would seriously need to avoid the zerofilling of hard disk and reinstalling everything.

Please en-light me :-)

Thank you
Ferrux

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:52 AM

Posted 07 January 2012 - 04:00 PM

Good evening. :)

Please follow steps six, seven and eight here and then post accordingly into this thread.

Also, your link is 404 NOT_FOUND.

So long, and thanks for all the fish.

 

 


#3 ferrux

ferrux
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:52 AM

Posted 07 January 2012 - 05:07 PM

Hi
yesterday I run a full scan from bitdefender live cd with the latest signature and found no threat,
I just wondered how could be that possible since Norton keeped on alerting me.

I read some Norton forums and discovered an old but still present bug in the software, that is the unresolved threat history,
in some cases like this may cause false positives, I have no words, I am so sorry I paid for such a crap software,
however I did clean the history and now magically I get no more annoying alert on booting phase.

Hope this may of some help to other people not to waste their and your time :-)

Please consider this incident closed, it was a pleasure, hope to talk to you in future for 'lighter' issues :-)))

Best regards.
Ferrux

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:52 AM

Posted 07 January 2012 - 06:05 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users