Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

boot.tidserv


  • This topic is locked This topic is locked
16 replies to this topic

#1 Eric12334

Eric12334

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 16 April 2012 - 07:58 PM

Hello:

My computer is infected with the boot.tidserv virus. It was detected by Norton and beside it was obvious. My computer is basicaly locked. I cannot use Iexplorer, Taskmager is disabled, all the system tools are discabled, I cannot save the changes when I turn off the computer (I need to do a forced shut with the power button on the machine)

I am of course typing this from an other computer.

I ran TSSK software. It renoved an item (a disk managment file) and after that Norton shows the virus as removed andthen computer clear when I ran it a second time.

So everything should be fine... exeptthat I still have the symptoms. I cannot go on the internet and most of the system maintenance softwares are blocked. Some, such as iexplorer will actually work after a couple of hours out of nowhere. But if I shut down the computer to save the changes it just stay stuck on "Saving your settings..." and nothing happens until I just shut it down.

I am of course unable to provide you with any logs.

Do you think you might be able to help me.

Thanks.


Eric

Edited by boopme, 16 April 2012 - 08:12 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 PM

Posted 16 April 2012 - 08:18 PM

Hello and welcome.. I moved you here to Am I Infected. What is your operating system?
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.




This can be run off a flash drive or CD.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 17 April 2012 - 04:10 AM

Hltha Nksfall


Thank sf all thanks for answering. Sorry it took me a while to answer I could not find the thread.

The state of the computer might be a little worse than you imagine. It is locked for a couple of hours ( I am still able to use programs like office and such, but no internet, and no malware removal tools, no systems tools, no task manager)
I am able to use the removal tools after a few hours, but the computer crashes when it reboots and doesn't save the changes.

I tried your recommendations:

1. run+inetcpl.cpl: I got the box but it freezes when I hit the connection tab
2. run+cmd+netsh insock reset+enter: I am not sure if something is supposed to show in the DOS window but all I get after I hit enter is the prompt dash. regardless, when I reboot I am in the same situation as discribed above.
3 fix tdss: I ran it at the begining of this ordeal (I have been at it for 3 days) and it crashes. I did not turn off system restore. I could not access it.

I will re-try FiXTDSS will system restore off if I can get it off when the computer finally thraw in a few hours.

In the mean time do you have any idea why I cannot save settings?

when I run both malwarebyte and norton they both come up clean (I still have to retry fixtdss)

Thanks again

#4 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 17 April 2012 - 04:39 AM

Keeping you updated:
The computer unlocked, I was able to turn restor off... and Fixtdss is runing. Great.
It says it will take some time... and I believe it so I will go to bed and post the result tomorow.

Thanks

#5 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 17 April 2012 - 04:15 PM

Following up:
turning off the restor did the trick now the computer is saving settings. I ran fixtdss and it found no virus. (Fixdss was running while the computer was frozen) great.
But I still have the problem of the computer taking 2 hours to boot. And now I can't connect to the internet at all.
I realized my disk was pretty full so I moved some large directory to the other drive and am doing a difrag... But I am not too optimistic it will make much of a difference.
Any idea?


Thanks

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 PM

Posted 17 April 2012 - 07:30 PM

Lets run 2 more scans for malware to be sure its not malware..
WHAT IS THE oPERATING sYSTEM?? xp ,vISTA ETC...

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.





Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 18 April 2012 - 02:15 AM

Hello,

My operating system is XP.
I am not typing on the infected computer, but on my laptop.
I cannot ge onlibe or do anything from the desktop.
I download the program on this one and then transfer them with a USB stick. I also try it on this one to see what the program is supposed to do; and also to be safe since they were on a network.
I will let you know. It takes a while to do that because the desktop is frozen most of the time.

Thanks.

#8 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 18 April 2012 - 05:16 AM

Hello:

Fist of all, my Internetexplorer was turned on work offline. Did I do that by mistake... maybe but I don't think so. Anyway, now I have internet.
I tried the ESET OnlineScan. And as I said in my previous post I did it on both computers. On the infected one the window closed, while the laptop was only at 10% or so... So there was a probleme. I try to go back to ESET site... and I got the redirect virus. I couldn't go yo ESET or Norton or Macafee.
I run Malwarebytes to get rid of this new threat. It pickeup something, and Norton bloked a trojan attack. I don't know if it is related.

To finish the removal Malwarebyte restart the computer... And I am back to waiting for 2 hours for the computer to reboot. If I try to start a program I get the hourglass.... And in a couple of hours they will all stat all together.

I will retry ESET then,


Any idea what is freezing it like that?


Thanks

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 PM

Posted 18 April 2012 - 07:54 PM

Lets move you to Malware Removal as we gavea connection and can get a deeper look with a DDS log.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 18 April 2012 - 08:36 PM

Ok catching up with you.

I ran the ESET online scaner. It found 4 win32 tojans, but they were very old files, and they were program I knew... but anyway I let the program remove them.
And I still have the delay in restarting the computer. It seems NOrton runs a full scan and keeps me from doing anything.
Here are my thoughts. I was thinking of disabling norton, then runing a ckdsk and defrag.

Now the desktop is frozen as soon as I have access I will do the log.

Thanks

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 PM

Posted 18 April 2012 - 09:01 PM

Sounds good. We can remove Norton and run a free AV too and see how it runs..

Let me know.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 19 April 2012 - 01:32 AM

OK Catching up with you:

So I am typing from the infected computer.

To give you an idea of the time it takes for it to start working look at the times on the post. (it unlocked maybe an hour ago) It is not a "slow computer" there is something else going on.

I am going thru the preparation guide. I will do the chksdk and then defrag. (It can't hurt, but at this point I am not over optimistic)

I downloaded the tool box. I am going to download DDS and GMER.

I will send you the log asap (remember that every time there is a re-boot involved we are adding 4 hours)

Also When I tried to get on the Bleeping computer I was redirected toward fake site. So there is still something going on there. I don't understand it all the software are coming up clean now. But I still have the re-direct problem. I was able to get to the forum using the link on your email.

So I will get you the log. And in the mean time if you could think of something that would solve the locking problem that would be great.


And thanks again.

#13 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 19 April 2012 - 08:53 AM

OK, I ran GMER and Toolbox.
DDS would not work. I look for script blockers ae per the guide, but still could not get it to run. The script just opens up in notepad.
It was a dificult process the conputer crashed I got a couple of blue screens.
Do you want to look at the logs or do I post them aper step 9 in the guide?
One entry was showing in red in the GMER scan it was in the norton directory.

Please advise.

Thanks

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:08 PM

Posted 19 April 2012 - 09:06 AM

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Eric12334

Eric12334
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 19 April 2012 - 09:22 AM

OK Boopme, I have OTM, but now the computer is frozen, so I am answering from my laptop again.
I posted the GMER and toolbox logs in a new topic. I will add OTM when I am able to use the computer. That will be in a few hours.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users