I have an XP Pro box that is infected. I run Symantec AV and the auto protect detects this bug in the D: partition which is the recovery partition. Symantec does a partial cleanup on the bug, but cannot remove the files infected. I have run ESET and Malwarebytes. I will now run GMER and DDS and post the result logs.
Solved Backdoor.Tidserv!Inf Virus
- Thread starter hammer1
- Start date
- Status
Broni
Posts: 56,041 +516
Upload the file here: http://www.virustotal.com/ for security check.
Broni
Posts: 56,041 +516
Since this is locked recovery partition, there is really not much of a chance for any malicious program to write into it.
Recovery partition contains everything what came preinstalled on your computer.
It may be some game, which contains some adware (pretty common), so I really would worry much about it.
Let's run one extra scan...
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Go to Kaspersky website and perform an online antivirus scan.
1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Post fresh HijackThis log as well.
Recovery partition contains everything what came preinstalled on your computer.
It may be some game, which contains some adware (pretty common), so I really would worry much about it.
Let's run one extra scan...
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.
2. Go to Kaspersky website and perform an online antivirus scan.
1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Post fresh HijackThis log as well.
Broni
I ran the Kasperski scan and it did not find anything. Every single scan that I have run does not hit on this! I went forward and cleaned out the restore points other than the current... I did the restore point clean on both the C: and D: drives.
Fingers crossed, but I believe this has removed it. I have not had another Symantec hit since I did the restore point cleanup on Friday. I am still not fully understanding this PC Angel. Even though it is "locked", it still places restore info into that partition?
Thanks again Broni for your assistance. This was a bizarre one!
I ran the Kasperski scan and it did not find anything. Every single scan that I have run does not hit on this! I went forward and cleaned out the restore points other than the current... I did the restore point clean on both the C: and D: drives.
Fingers crossed, but I believe this has removed it. I have not had another Symantec hit since I did the restore point cleanup on Friday. I am still not fully understanding this PC Angel. Even though it is "locked", it still places restore info into that partition?
Thanks again Broni for your assistance. This was a bizarre one!
Broni
Posts: 56,041 +516
First of all, as instructions say, you shouldn't be doing anything on your own.
For instance, we reset restore points at the very end, when we're 100% sure, the computer is clean.
In your case, the computer seems to be clean, so no harm done, though
Good luck and stay safe
For instance, we reset restore points at the very end, when we're 100% sure, the computer is clean.
In your case, the computer seems to be clean, so no harm done, though
Good luck and stay safe
- Status
Similar threads
Latest posts
-
What should i do?- bruno167573 replied
-
Ryzen 7 5800X3D vs. Ryzen 7 7800X3D, Ryzen 9 7900X3D and 7950X3D- Lew Zealand replied
-
AMD Radeon RX 5700 XT Revisit: How Does It Compare Against the 7700 XT?- i like foxes replied
