Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help removing boot.tid serv virus [Closed]


  • This topic is locked This topic is locked

#16
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hey want2fixmypc,

I am glad that everything is running better. Let's make sure that everything is indeed gone!

Step 1:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2:

Please run a free online scan with the ESET Online Scanner
Note: This scan can be run with Internet Explorer, Chrome or Firefox (If Chrome of Firefox are used, it will ask you to install a small utility. Please allow it)
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 3:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply please include the following logs:
  • MBAM Log
  • ESET Log
  • Farbar Service Scanner Log

Thanks
Cruise
  • 0

Advertisements


#17
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Cruise,
I'm glad you sent me some more steps. Last night when I was completing the previous steps, I ran a quick Norton scan which showed all issues had been resolved. This morning I did a full scan and it still shows the boot.tidserv virus is there.

Here is the MBAM log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.06.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHNS_LAPTOP [administrator]

Protection: Enabled

11/6/2012 2:42:25 PM
mbam-log-2012-11-06 (14-42-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194467
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#18
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi There,

Did Norton by chance produce a log file? If so, can I see it please. Also, if you are not sure how to find the logs this may help.

Thanks
Cruise
  • 0

#19
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the eset online txt file:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
  • 0

#20
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the Farbar log:

Farbar Service Scanner Version: 07-11-2012
Ran by John (administrator) on 06-11-2012 at 19:17:23
Running from "C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y76PFRHT"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-11 11:10] - [2012-06-01 19:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2011-09-23 11:11] - [2008-01-19 02:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#21
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the Norton log:

Category: Scan Results
Date & Time,Risk,Activity,Status,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Virus,Misleading Application,Tracking Cookies,Total Security Risks Resolved,Misleading Application Resolved,Tracking Cookies Resolved,Total Security Risks Requiring Attention,Virus Unresolved,Heuristic Virus,Heuristic Virus Resolved
2012-11-06 14:36:41,Info,Full System Scan results,Completed,0:01:23:55,"523,466","515,482",358,"5,110","2,504",12,"5,095","8,160",4,1,2,1,3,2,1,1,1,,
2012-11-06 13:41:09,Info,Quick Scan results,Completed,0:00:05:47,"10,183","3,233",358,"5,061","1,519",12,971,0,0,,,,0,,,0,,,
2012-11-06 11:03:02,Info,Quick Scan results,Completed,0:00:08:01,"10,093","3,225",358,"4,979","1,519",12,963,125,0,,,,0,,,0,,,
2012-11-05 15:55:23,Info,Quick Scan results,Completed,0:00:05:27,"10,366","3,198",370,"5,280","1,506",12,949,118,0,,,,0,,,0,,,
2012-10-30 12:51:13,Info,Quick Scan results,Completed,0:00:07:17,"11,069","3,286",370,"5,908","1,493",12,911,0,0,,,,0,,,0,,,
2012-10-29 18:12:09,Info,Quick Scan results,Completed,0:00:17:09,"10,751","3,271",372,"5,618","1,482",8,863,162,0,,,,0,,,0,,,
2012-10-29 15:33:08,Info,Full System Scan results,Completed,0:01:40:13,"525,604","517,333",370,"5,495","2,398",8,"1,925","8,676",3,,,1,3,,1,0,,2,2

I didn't know what GUI was, so what I did to obtain the Norton log is I clicked on Scan Results, clicked on export file, & saved it as a .txt file.

Let me know if there is anything else i need to do. As of now, I've completed all the steps that you posted last night.
  • 0

#22
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hello,

Can you please do a scan with Norton Anti-Virus and when it alerts you to the virus, explain to me exactly what it is saying that is infected. If you can take a screenshot of it, that would be great!This page should help you create a screenshot if you are not sure how to do it.


Thanks
Cruise
  • 0

#23
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Cruise,
I logged on to my laptop & this is the screen that appears: (I copied on the snipping tool & pasted into a Word doc but couldn't paste it back into this email so I'm attaching it to this email, but the error message is not permitting me to attach it.

The message says that there is the boot.tidserv virus on my laptop, Boot.tid serv file failed to remove, Risk: High , Status: Remove failed Action required: rescan

When I click on the rescan button, it comes back with all issues resolved message, but when I first log in, it shows that I still have the boot.tidserv virus.

Any suggestions?
  • 0

#24
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi,

What error message is preventing you from attaching it? With the snipping tool you can save it to paint as a picture and attach. Does the message say which file and the location that is causing the problem?


Thanks
Cruise
  • 0

#25
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
on the geekstogo site, I click on attach file, then I get an error message saying you do not have permission to do this.

I will try to put it in MS paint.
  • 0

Advertisements


#26
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here you go, Norton error message:

Attached Thumbnails

  • norton message.JPG

  • 0

#27
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hey

Can you please hit export results and see of that gives me any more information. If that doesn't work we will try something else!!

Thanks
Cruise
  • 0

#28
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here you go:

esolved Threats:
No risks have been resolved

Unresolved Threats:
Boot.Tidserv
Type: Master Boot Record
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Remove Failed
-----------
1 System Action
Drive 0x80 - Infected
  • 0

#29
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hey,

Before we try the next thing, can you please tell me of you are having any outstanding problems with your computer?

Thanks
Cruise
  • 0

#30
want2fixmypc

want2fixmypc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
no not that I've seen other than the Norton message. When I finished all the downloads & scans, the only thing left is for me to restore my wallpaper.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP