Backdoor.Tidserv!inf

Status
Not open for further replies.

nmea2020

Posts: 13   +0
Hello Kimsland I have this terrible crap in my system
I have the Hijack this. Could you please help me. I am through with Norton
Backdoor.Tidserv!inf
I am in no particular hurry but the kids are getting worried.
 
Good idea
Please Remove Symantec Antivirus (ie Norton)
Whilst you're at it remove SpySweeper too

Also re-open (scan) with HJT and remove the following horrible things
O20 - AppInit_DLLs: gydtxz.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\skwjkshesf.dll
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.pkfans.com/downloads/cinemaquiet-1024x768.jpg
Then Restart

Then run the Norton Removal tool (because it just doesn't un-install!)
Then restart yet again (still no Antivirus installed just yet)

Then do the normal guide idea
Also: Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

But here's the steps I'd like you to take in order:
All of the above (just in case not done yet)
Then CCleaner
Then Malwarebytes (by the way, nothing is removed until you view log at the end, and then next)
Then SuperAntiSpyware
Then install Avira and run a full scan

By that time, all will be ok, but you can post the logs if you like ;)

Entire process ~ say around 3 hrs
But most of this (well 99%) is just scanning, with the screensaver off
Worth it :)
 
Thank you very much for the reply
I have removed Norton and SPY Sweeper
This one i am having troble with
"O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe"
It won't go away
This SPYWARE GUARD 2008 is relentless
How do i get rid of it?

The system is very quirky
 
Thank you
I could not find the “TDSSserv.sys” anywhere
I have attached a screen shot and the log file.
Please let me know what you think

Moderator Edit:
Sorry no Word Docs please (they can carry viruses ;) )
This attachment is now removed


I am running the CCLeaner
 
I removed one of your attachments, see Edit above

Thanks for the update
Not sure what else to say
Under the worst scenario, I have actually removed a HardDrive and plugged it into a Desktop computer (say through a USB adaptor), and scanned from there
This is also a possibility
 
Your idea is wonderful. The only problem I can see is that it would be rather difficult as one of the two computers that are affected by this are using Raid 0.
I actually had to think about as i buit this machine five or six years ago thinking i would eventually reformatt to raid 1. May wind up doing just that
Just out of curiosity how long should Malwarebytes take to run on a 160g setup?
thank you for your time
 
Just out of curiosity how long should Malwarebytes take to run on a 160g setup?
:D

Usually around an hour (obviously depending on used data)

By the way,
hopefully you updated it first
you turned off screen saver
and make sure at the end to view the log, and remove all things found (ie if you don't do this, nothing is removed!)

Another, by the way...
If the scan finds multiple infections (say above 10)
You could run yet another full updated scan! To remove the ones that were hiding.
 
So what are saying is, for it to have already taken 3 1/2 hours, I could be at this all night. I wonder if I should stop the scan and try to do a quick scan?
 
It's your computer
But, I've done a quick scan before too ;)
But if you want us to help with the logs later on, it should be a full scan
And update it, just before starting it everytime
 
Well, I've got nothing but time. So I'll stick with it. Meanwhile, every four or five minutes I have to close the Spyware Guard 2008 that keeps popping up. Relentless pig. But at least I'm able to run the Malwarebytes, unlike some unfortunate users in other threads that I've read.
 
Good point :)

Also I think it will be SuperAntiSpyware that finally rids you of this (also in the guide)
What!?!
Yes that's right, you still have to scan with SuperAntiSpyware (updated of course :p )

Now your p!##ed ! :D
 
oh dear. I still have another computer to get to. Maybe I'll try some more involved multi-tasking. Should I strart a new thread for the other system? ha, ha.
 
Hmm :cool:

I say no, ie lets do one at a time hey
I mean you can multi task
But I'll be helping specifically on one

Having two threads going is not going to help your patience, and everyone's going to think what! With your thread(s) going to the top of the board all the time
Here's that board we all see: https://www.techspot.com/vb/search.php?do=getnew
My name is now the last reply on your thread :p
 
Oh disregard that spammer (reply by him, now removed)
He just got banned :D
If only he attached his logs, oh well
 
I think I may be on to something as the scanning speed and memory usage have appeared to have doubled.
Here is what I did 'cause I got to thinking about the poor souls who can't even run Malwarebyte and how it was suggested to change the name to fake out the system. I went into PROGRAM FILES and changed the name of the SPYWARE GUARD 2008 to SPYf@%tware 2008. It has only been a few minutes but I have hope that at least I can go to work now and let MALWAREBYTES do it's thing. This is awesome. Actually you are awesome. You are a blessing. Even if this doesn't work out, though I'm confident that it will , I have learned enough to be helpful to others( I'll refer them to this forum).
I am a slow typist and i delayed finishing this post and the best i can tell the speed is only slightly faster but no more pop up SPYWARE GUARD...very nice
Now i'm off to do some real work
Thanks again
 
Thanks for the update, and possibly letting others know that we are pretty damn good here ;)

That name you used is a bit outlandish, but hey if it worked... :grinthumb
We had a fixit tool that did this automatically too (ie some users don't really know how to get to Program Files) here it is: https://www.techspot.com/vb/post684649-3.html
It was actually linked up there :rolleyes: under "special case..." but it was in the reply to that original post thread
 
So i 'm almost there as I am installing SUPER ANTI SPYWARE
The MALWAREBYTES took around eight hours to complete the scan ! Whew!
Things seem to be turning around. This is so awesome!
This beats the hell out of giving NORTON $100 and i am learning a few tricks to boot
I will spread the word!
 
Actually that's a bit long for a scan
Make sure at the end you view the log and then remove evverything found (I think it's just "next"

Anyway, if all this has informed you to remove Norton, then you are waaaaay ahead in knowledge now :grinthumb
Some users actually argue it's ok to me !!! <- excessive intentional use of exclamation marks (absolute madness!)
 
Is there any reason not to run Malwarebytes again?
Now that things have sped up a bit it shouldn't take near as long!
 
Status
Not open for further replies.
Back