TechSpot

Backdoor.Tidserv!inf

By nmea2020
Dec 20, 2008
Topic Status:
Not open for further replies.
  1. Hello Kimsland I have this terrible crap in my system
    I have the Hijack this. Could you please help me. I am through with Norton
    Backdoor.Tidserv!inf
    I am in no particular hurry but the kids are getting worried.
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Good idea
    Please Remove Symantec Antivirus (ie Norton)
    Whilst you're at it remove SpySweeper too

    Also re-open (scan) with HJT and remove the following horrible things
    Then Restart

    Then run the Norton Removal tool (because it just doesn't un-install!)
    Then restart yet again (still no Antivirus installed just yet)

    Then do the normal guide idea
    Also: Special case where after installing MBAM and SAS they will not update or run
    Read here: http://www.techspot.com/vb/topic116603.html

    But here's the steps I'd like you to take in order:
    All of the above (just in case not done yet)
    Then CCleaner
    Then Malwarebytes (by the way, nothing is removed until you view log at the end, and then next)
    Then SuperAntiSpyware
    Then install Avira and run a full scan

    By that time, all will be ok, but you can post the logs if you like ;)

    Entire process ~ say around 3 hrs
    But most of this (well 99%) is just scanning, with the screensaver off
    Worth it :)
     
  3. nmea2020

    nmea2020 TS Rookie Topic Starter

    Thank you very much for the reply
    I have removed Norton and SPY Sweeper
    This one i am having troble with
    "O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe"
    It won't go away
    This SPYWARE GUARD 2008 is relentless
    How do i get rid of it?

    The system is very quirky
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  5. nmea2020

    nmea2020 TS Rookie Topic Starter

    Thank you
    I could not find the “TDSSserv.sys” anywhere
    I have attached a screen shot and the log file.
    Please let me know what you think

    Moderator Edit:
    Sorry no Word Docs please (they can carry viruses ;) )
    This attachment is now removed


    I am running the CCLeaner
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I removed one of your attachments, see Edit above

    Thanks for the update
    Not sure what else to say
    Under the worst scenario, I have actually removed a HardDrive and plugged it into a Desktop computer (say through a USB adaptor), and scanned from there
    This is also a possibility
     
  7. nmea2020

    nmea2020 TS Rookie Topic Starter

    Your idea is wonderful. The only problem I can see is that it would be rather difficult as one of the two computers that are affected by this are using Raid 0.
    I actually had to think about as i buit this machine five or six years ago thinking i would eventually reformatt to raid 1. May wind up doing just that
    Just out of curiosity how long should Malwarebytes take to run on a 160g setup?
    thank you for your time
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    :D

    Usually around an hour (obviously depending on used data)

    By the way,
    hopefully you updated it first
    you turned off screen saver
    and make sure at the end to view the log, and remove all things found (ie if you don't do this, nothing is removed!)

    Another, by the way...
    If the scan finds multiple infections (say above 10)
    You could run yet another full updated scan! To remove the ones that were hiding.
     
  9. nmea2020

    nmea2020 TS Rookie Topic Starter

    So what are saying is, for it to have already taken 3 1/2 hours, I could be at this all night. I wonder if I should stop the scan and try to do a quick scan?
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    It's your computer
    But, I've done a quick scan before too ;)
    But if you want us to help with the logs later on, it should be a full scan
    And update it, just before starting it everytime
     
  11. nmea2020

    nmea2020 TS Rookie Topic Starter

    Well, I've got nothing but time. So I'll stick with it. Meanwhile, every four or five minutes I have to close the Spyware Guard 2008 that keeps popping up. Relentless pig. But at least I'm able to run the Malwarebytes, unlike some unfortunate users in other threads that I've read.
     
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Good point :)

    Also I think it will be SuperAntiSpyware that finally rids you of this (also in the guide)
    What!?!
    Yes that's right, you still have to scan with SuperAntiSpyware (updated of course :p )

    Now your p!##ed ! :D
     
  13. nmea2020

    nmea2020 TS Rookie Topic Starter

    oh dear. I still have another computer to get to. Maybe I'll try some more involved multi-tasking. Should I strart a new thread for the other system? ha, ha.
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Hmm :cool:

    I say no, ie lets do one at a time hey
    I mean you can multi task
    But I'll be helping specifically on one

    Having two threads going is not going to help your patience, and everyone's going to think what! With your thread(s) going to the top of the board all the time
    Here's that board we all see: http://www.techspot.com/vb/search.php?do=getnew
    My name is now the last reply on your thread :p
     
  15. nmea2020

    nmea2020 TS Rookie Topic Starter

    that's fine. I'm kinda chillin' anyway. at least until I have another cup of coffee.
     
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Oh disregard that spammer (reply by him, now removed)
    He just got banned :D
    If only he attached his logs, oh well
     
  17. nmea2020

    nmea2020 TS Rookie Topic Starter

    I think I may be on to something as the scanning speed and memory usage have appeared to have doubled.
    Here is what I did 'cause I got to thinking about the poor souls who can't even run Malwarebyte and how it was suggested to change the name to fake out the system. I went into PROGRAM FILES and changed the name of the SPYWARE GUARD 2008 to SPYf@%tware 2008. It has only been a few minutes but I have hope that at least I can go to work now and let MALWAREBYTES do it's thing. This is awesome. Actually you are awesome. You are a blessing. Even if this doesn't work out, though I'm confident that it will , I have learned enough to be helpful to others( I'll refer them to this forum).
    I am a slow typist and i delayed finishing this post and the best i can tell the speed is only slightly faster but no more pop up SPYWARE GUARD...very nice
    Now i'm off to do some real work
    Thanks again
     
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Thanks for the update, and possibly letting others know that we are pretty damn good here ;)

    That name you used is a bit outlandish, but hey if it worked... :grinthumb
    We had a fixit tool that did this automatically too (ie some users don't really know how to get to Program Files) here it is: http://www.techspot.com/vb/post684649-3.html
    It was actually linked up there :rolleyes: under "special case..." but it was in the reply to that original post thread
     
  19. nmea2020

    nmea2020 TS Rookie Topic Starter

    So i 'm almost there as I am installing SUPER ANTI SPYWARE
    The MALWAREBYTES took around eight hours to complete the scan ! Whew!
    Things seem to be turning around. This is so awesome!
    This beats the hell out of giving NORTON $100 and i am learning a few tricks to boot
    I will spread the word!
     
  20. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Actually that's a bit long for a scan
    Make sure at the end you view the log and then remove evverything found (I think it's just "next"

    Anyway, if all this has informed you to remove Norton, then you are waaaaay ahead in knowledge now :grinthumb
    Some users actually argue it's ok to me !!! <- excessive intentional use of exclamation marks (absolute madness!)
     
  21. nmea2020

    nmea2020 TS Rookie Topic Starter

    Is there any reason not to run Malwarebytes again?
    Now that things have sped up a bit it shouldn't take near as long!
     
  22. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    If you have the time
    Good idea to :grinthumb
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.