Boot.tidserv

54 views
Skip to first unread message

mollykellie

unread,
Feb 20, 2012, 12:47:21 PM2/20/12
to FreeFixer User Forum
Hi

I recently lost all my files and folders to a virus. I have no idea
what it was but it wiped my computer clean. I re-formatted the hard
drive and re-installed windows.I then updated the O/S to Service pack
3 and downloaded Norton anti-virus 2012. But, following a scan, Norton
found a trojan 'Boot.tidser'. This trojan seems well known on the net
but know one seems to be able to get rid of it. From information on
the internet, it hooks on to the hard drive and is difficult to
detect.I did another re-format but again Norton found the same bug
What puzzles me is, Norton is the only software that found the trojan
and the only ones suffering are folk that run Norton?
I have run Malwarebytes, cc cleaner, microsoft scanner and none of
them show a virus. Freefixer does not mention it but show two errors
that I am not sure about.
I would appreciate any help/advice you can give.
many thanks
Andy

FreeFixer v0.61 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2012-02-20 15:12


Browser Helper Objects (7 whitelisted)
{02478D38-C3F9-4EFB-9B51-7695ECA05670}, Yahoo! Toolbar Helper, C:
\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}, Yahoo! IE Services Button, C:
\PROGRA~1\Yahoo!\Common\yiesrvc.dll

Internet Explorer toolbars (4 whitelisted)
HKLM\..\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo!
Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.google.com/
HKCU\..\Main, Search Page = http://www.google.com
HKLM\..\Main, Search Page =
http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
HKLM\..\Main, Default_Search_URL = http://www.google.com/ie
HKLM\..\Search, SearchAssistant = http://www.google.com/ie
HKCU\..\Desktop\General, Wallpaper = C:\WINDOWS\web\wallpaper
\Bliss.bmp

Registry Startups (6 whitelisted)
HKLM\..\Run, btbb_McciTrayApp = "C:\Program Files\BT Broadband Desktop
Help\btbb\BTHelpNotifier.exe"
HKLM\..\Run, btbb_wcm_McciTrayApp = "C:\Program Files\BT Broadband
Desktop Help\btbb_wcm\McciTrayApp.exe" (file is missing)

Autostart shortcuts (1 whitelisted)
Wireless Utility.lnk, , C:\Program Files\EDIMAX\Common\RaUI.exe

Processes (28 whitelisted)
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\FreeFixer\freefixer.exe

Services (38 whitelisted)
McciCMService, McciCMService, c:\program files\common files\motive
\mccicmservice.exe

Svchost.exe Modules (170 whitelisted)
c:\program files\hp\digital imaging\bin\hpqddsvc.dll
c:\program files\hp\digital imaging\bin\hpqddcmn.dll
c:\program files\hp\digital imaging\bin\hpqcxs08.dll
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
c:\program files\hp\digital imaging\bin\hpslpsvc32.dll
c:\windows\system32\hpzipm12.dll
C:\WINDOWS\System32\HPZidr12.dll

Drivers (31 whitelisted)
AegisP, AEGIS Protocol (IEEE 802.1x) v3.7.5.0, C:\WINDOWS
\system32\drivers\aegisp.sys
OMCI, OMCI, C:\WINDOWS\system32\drivers\omci.sys

Windows XP Firewall authorized apps (8 whitelisted)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

Recently created/modified files (28 whitelisted)
14 minutes, c:\Program Files\FreeFixer\Uninstall.exe
14 minutes, c:\Documents and Settings\Owner\My Documents\Downloads
\freefixersetup.exe

Csrss.exe virtual memory files (32 whitelisted)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\My Documents\Downloads
\freefixersetup.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll

The following errors occurred during the scan:
Problems opening folder 'c:\Documents and Settings\All Users
\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP
\SrtETmp' to enumerate files. FindFirstFile failed. System error
message: Access is denied. Error code: 5.
An unexpected exception occurred in the Firefox Extension Plugin:
Error when using the FindFirstFile system call.
The error occured when opening a find file handle. Initial file/
folder: C:\Documents and Settings\Owner\Application Data\Mozilla
\Firefox\Profiles\dikfhjdy.default\extensions

System error message: The system cannot find the path specified. Error
code: 3.

End of FreeFixer log

Roger Karlsson

unread,
Feb 28, 2012, 1:36:31 AM2/28/12
to freefix...@googlegroups.com
Hello MollyKellie,

Boot.Tidserv is a detection name used by Symantec's products for a
modified Master Boot Record (MBR). Unfortunately, FreeFixer does not
currently have any support to inspect or repair the Master Boot Record.

After some browsing I found that Kaspersky offers a free tool that
claims to remove the Tidserv malware:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Did that solve the problem?

/Roger


Hi

End of FreeFixer log

--
You received this message because you are subscribed to the Google
Groups "FreeFixer User Forum" group. To post to this group, send email
to freefix...@googlegroups.com. To unsubscribe from this group,
send email to freefixer-for...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freefixer-forum?hl=en.

Reply all
Reply to author
Forward
0 new messages