Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help removing backdoor.tidserv


  • Please log in to reply

#1
Sassy101

Sassy101

    New Member

  • Member
  • Pip
  • 3 posts
I received a pop up from symantec norton security saying...

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Backdoor.Tidserv
can not remove threat must be
removed manually

I ran a full scan and found nothing. I updated my norton security and ran full scan. still found nothing. When I go online I have webpages randomly pop up and when I click on a link it takes me to the wrong webpage. My computer is also running super slow and I keep getting nortons performance alerts saying "High CPU usage by: TCP/IP ping command", "High memory usage by TCP/IP ping command", "High disc read usuage: by host process for windows services". I don't know if this is related to the backdoor.tidserv virus but thought I should mention it.

I followed the instructions under How to fix Google Redirects but couldn't get past step 1. I did all up to the click "Move It" (in the OTM) in the middle of this my system said the program had stopped working and that windows would search for a solution/close program. I waited for a while but nothing was working so I clicked on close and had to restart my computer. I'm going to try again and see if it works this time...

Please help me find a way to remove this virus from my computer!!! Thanks
  • 0

Advertisements


#2
Sassy101

Sassy101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
The OTM ran properly the 2nd time around below are the Results from it... (Going to next step now)



All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Purvis\Desktop\cmd.bat deleted successfully.
C:\Users\Purvis\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Family
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Purvis
->Temp folder emptied: 48409 bytes
->Temporary Internet Files folder emptied: 13910278 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1319233 bytes
->Flash cache emptied: 758698 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1232610896 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63111748 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 12878694 bytes
RecycleBin emptied: 19668311 bytes

Total Files Cleaned = 1,282.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Family
->Flash cache emptied: 0 bytes

User: Public

User: Purvis
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 12042011_225554

Files moved on Reboot...
File C:\Windows\temp\hsperfdata_PURVIS-PC$\2140 not found!
File C:\Windows\temp\fla1EA4.tmp not found!
File C:\Windows\temp\fla8393.tmp not found!
File C:\Windows\temp\fla96FB.tmp not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SRCVDISU\login_status[2].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S4OGR40\-WzdRTzRa5k6HlJK6-dK9Q[1].eot moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8S4OGR40\articles-2[1].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#3
Sassy101

Sassy101

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I followed all of the steps in the "How to fix Google Redirects" I think successufully... After running Goored Fix (Info from it below)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:11 on 04/12/2011 (Purvis)
Firefox version [Unable to determine]

========== GooredScan ==========

Removing Orphan:
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [17:03 09/11/2007]
{3112ca9c-de6d-4884-a869-9855de68056c} [17:03 09/11/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:03 09/11/2007]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [14:52 20/06/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [10:07 05/09/2008]

C:\Users\Purvis\Application Data\Mozilla\Firefox\Profiles\ww6sxqvm.default\extensions\
{3112ca9c-de6d-4884-a869-9855de68056c} [12:13 02/10/2008]
{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [19:15 29/05/2010]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [19:15 29/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:19 30/01/2009]
"{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}"="C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox" [20:07 17/10/2010]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\" [03:56 04/12/2011]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\" [04:01 05/12/2011]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [08:02 30/11/2010]
"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\" [08:02 30/11/2010]

-=E.O.F=-


then I ran TDSKiller it said it found Malicious object Rootkit.Win32.TDSS.tdl3 just as the example shows and I clicked cure and finished following instructions. Then, I downloaded Malwarebytes Anti-Malware and rans scan. Found and removed threats. Ran again no threats were found. How can I be sure all is good now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP