Boot.tidserv
54 views
Skip to first unread message
mollykellie
Feb 20, 2012, 12:47:21 PM2/20/12
to FreeFixer User Forum
Hi
I recently lost all my files and folders to a virus. I have no idea
what it was but it wiped my computer clean. I re-formatted the hard
drive and re-installed windows.I then updated the O/S to Service pack
3 and downloaded Norton anti-virus 2012. But, following a scan, Norton
found a trojan 'Boot.tidser'. This trojan seems well known on the net
but know one seems to be able to get rid of it. From information on
the internet, it hooks on to the hard drive and is difficult to
detect.I did another re-format but again Norton found the same bug
What puzzles me is, Norton is the only software that found the trojan
and the only ones suffering are folk that run Norton?
I have run Malwarebytes, cc cleaner, microsoft scanner and none of
them show a virus. Freefixer does not mention it but show two errors
that I am not sure about.
I would appreciate any help/advice you can give.
many thanks
Andy
FreeFixer v0.61 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2012-02-20 15:12
Browser Helper Objects (7 whitelisted)
{02478D38-C3F9-4EFB-9B51-7695ECA05670}, Yahoo! Toolbar Helper, C:
\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}, Yahoo! IE Services Button, C:
\PROGRA~1\Yahoo!\Common\yiesrvc.dll
Internet Explorer toolbars (4 whitelisted)
HKLM\..\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo!
Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.google.com/
HKCU\..\Main, Search Page = http://www.google.com
HKLM\..\Main, Search Page =
http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
HKLM\..\Main, Default_Search_URL = http://www.google.com/ie
HKLM\..\Search, SearchAssistant = http://www.google.com/ie
HKCU\..\Desktop\General, Wallpaper = C:\WINDOWS\web\wallpaper
\Bliss.bmp
Registry Startups (6 whitelisted)
HKLM\..\Run, btbb_McciTrayApp = "C:\Program Files\BT Broadband Desktop
Help\btbb\BTHelpNotifier.exe"
HKLM\..\Run, btbb_wcm_McciTrayApp = "C:\Program Files\BT Broadband
Desktop Help\btbb_wcm\McciTrayApp.exe" (file is missing)
Autostart shortcuts (1 whitelisted)
Wireless Utility.lnk, , C:\Program Files\EDIMAX\Common\RaUI.exe
Processes (28 whitelisted)
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\FreeFixer\freefixer.exe
Services (38 whitelisted)
McciCMService, McciCMService, c:\program files\common files\motive
\mccicmservice.exe
Svchost.exe Modules (170 whitelisted)
c:\program files\hp\digital imaging\bin\hpqddsvc.dll
c:\program files\hp\digital imaging\bin\hpqddcmn.dll
c:\program files\hp\digital imaging\bin\hpqcxs08.dll
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
c:\program files\hp\digital imaging\bin\hpslpsvc32.dll
c:\windows\system32\hpzipm12.dll
C:\WINDOWS\System32\HPZidr12.dll
Drivers (31 whitelisted)
AegisP, AEGIS Protocol (IEEE 802.1x) v3.7.5.0, C:\WINDOWS
\system32\drivers\aegisp.sys
OMCI, OMCI, C:\WINDOWS\system32\drivers\omci.sys
Windows XP Firewall authorized apps (8 whitelisted)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
Recently created/modified files (28 whitelisted)
14 minutes, c:\Program Files\FreeFixer\Uninstall.exe
14 minutes, c:\Documents and Settings\Owner\My Documents\Downloads
\freefixersetup.exe
Csrss.exe virtual memory files (32 whitelisted)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\My Documents\Downloads
\freefixersetup.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
The following errors occurred during the scan:
Problems opening folder 'c:\Documents and Settings\All Users
\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP
\SrtETmp' to enumerate files. FindFirstFile failed. System error
message: Access is denied. Error code: 5.
An unexpected exception occurred in the Firefox Extension Plugin:
Error when using the FindFirstFile system call.
The error occured when opening a find file handle. Initial file/
folder: C:\Documents and Settings\Owner\Application Data\Mozilla
\Firefox\Profiles\dikfhjdy.default\extensions
System error message: The system cannot find the path specified. Error
code: 3.
End of FreeFixer log
I recently lost all my files and folders to a virus. I have no idea
what it was but it wiped my computer clean. I re-formatted the hard
drive and re-installed windows.I then updated the O/S to Service pack
3 and downloaded Norton anti-virus 2012. But, following a scan, Norton
found a trojan 'Boot.tidser'. This trojan seems well known on the net
but know one seems to be able to get rid of it. From information on
the internet, it hooks on to the hard drive and is difficult to
detect.I did another re-format but again Norton found the same bug
What puzzles me is, Norton is the only software that found the trojan
and the only ones suffering are folk that run Norton?
I have run Malwarebytes, cc cleaner, microsoft scanner and none of
them show a virus. Freefixer does not mention it but show two errors
that I am not sure about.
I would appreciate any help/advice you can give.
many thanks
Andy
FreeFixer v0.61 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2012-02-20 15:12
Browser Helper Objects (7 whitelisted)
{02478D38-C3F9-4EFB-9B51-7695ECA05670}, Yahoo! Toolbar Helper, C:
\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}, Yahoo! IE Services Button, C:
\PROGRA~1\Yahoo!\Common\yiesrvc.dll
Internet Explorer toolbars (4 whitelisted)
HKLM\..\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo!
Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.google.com/
HKCU\..\Main, Search Page = http://www.google.com
HKLM\..\Main, Search Page =
http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
HKLM\..\Main, Default_Search_URL = http://www.google.com/ie
HKLM\..\Search, SearchAssistant = http://www.google.com/ie
HKCU\..\Desktop\General, Wallpaper = C:\WINDOWS\web\wallpaper
\Bliss.bmp
Registry Startups (6 whitelisted)
HKLM\..\Run, btbb_McciTrayApp = "C:\Program Files\BT Broadband Desktop
Help\btbb\BTHelpNotifier.exe"
HKLM\..\Run, btbb_wcm_McciTrayApp = "C:\Program Files\BT Broadband
Desktop Help\btbb_wcm\McciTrayApp.exe" (file is missing)
Autostart shortcuts (1 whitelisted)
Wireless Utility.lnk, , C:\Program Files\EDIMAX\Common\RaUI.exe
Processes (28 whitelisted)
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\FreeFixer\freefixer.exe
Services (38 whitelisted)
McciCMService, McciCMService, c:\program files\common files\motive
\mccicmservice.exe
Svchost.exe Modules (170 whitelisted)
c:\program files\hp\digital imaging\bin\hpqddsvc.dll
c:\program files\hp\digital imaging\bin\hpqddcmn.dll
c:\program files\hp\digital imaging\bin\hpqcxs08.dll
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
c:\program files\hp\digital imaging\bin\hpslpsvc32.dll
c:\windows\system32\hpzipm12.dll
C:\WINDOWS\System32\HPZidr12.dll
Drivers (31 whitelisted)
AegisP, AEGIS Protocol (IEEE 802.1x) v3.7.5.0, C:\WINDOWS
\system32\drivers\aegisp.sys
OMCI, OMCI, C:\WINDOWS\system32\drivers\omci.sys
Windows XP Firewall authorized apps (8 whitelisted)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
Recently created/modified files (28 whitelisted)
14 minutes, c:\Program Files\FreeFixer\Uninstall.exe
14 minutes, c:\Documents and Settings\Owner\My Documents\Downloads
\freefixersetup.exe
Csrss.exe virtual memory files (32 whitelisted)
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\My Documents\Downloads
\freefixersetup.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
The following errors occurred during the scan:
Problems opening folder 'c:\Documents and Settings\All Users
\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP
\SrtETmp' to enumerate files. FindFirstFile failed. System error
message: Access is denied. Error code: 5.
An unexpected exception occurred in the Firefox Extension Plugin:
Error when using the FindFirstFile system call.
The error occured when opening a find file handle. Initial file/
folder: C:\Documents and Settings\Owner\Application Data\Mozilla
\Firefox\Profiles\dikfhjdy.default\extensions
System error message: The system cannot find the path specified. Error
code: 3.
End of FreeFixer log
Roger Karlsson
Feb 28, 2012, 1:36:31 AM2/28/12
to freefix...@googlegroups.com
Hello MollyKellie,
Boot.Tidserv is a detection name used by Symantec's products for a
modified Master Boot Record (MBR). Unfortunately, FreeFixer does not
currently have any support to inspect or repair the Master Boot Record.
After some browsing I found that Kaspersky offers a free tool that
claims to remove the Tidserv malware:
http://support.kaspersky.com/viruses/solutions?qid=208280684
Did that solve the problem?
/Roger
Hi
End of FreeFixer log
--
You received this message because you are subscribed to the Google
Groups "FreeFixer User Forum" group. To post to this group, send email
to freefix...@googlegroups.com. To unsubscribe from this group,
send email to freefixer-for...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freefixer-forum?hl=en.
Reply all
Reply to author
Forward
0 new messages