Resolved Netbt.sys (Backdoor.Tidserv!inf) virus/malware

Status
Not open for further replies.
S

swc

Hi,

The Symantec Antivirus Detection program on my computer recently picked up the following risk - Netbt.sys. The risk description is Backdoor.Tidserv!inf. I have tried removing it through Symantec Antivirus, however, it reappears once the computer restarts.

I've followed the instructions under the "8-step Viruses/Spyware/Malware Preliminary Removal Instructions" thread, and have attached the files requested.

Please advise how this can be removed. Thanks!!
 

Attachments

  • mbam-log-2010-08-02 (20-29-51).txt
    3.1 KB · Views: 1
  • GMER.log
    21.6 KB · Views: 1
  • DDS.txt
    23.1 KB · Views: 1
  • Attach.zip
    3.1 KB · Views: 1
This seems to be the 'Norton Find of the Month'! Fortunately, it frequently isn't accurate. Let's check it out:

Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
Re-enable your Antivirus software.
=======================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.(OK to attach this one)

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Yeh, I know! I've seen a few other threads with similar issues...

I've attached the two logs from ComboFix and Eset Online. Hopefully you can help!

Thanks alot!
 

Attachments

  • ComboFix.txt
    28.8 KB · Views: 1
  • log.txt
    3.5 KB · Views: 1
Your log indicates a pirated program:

2010-04-04 12:53 . 2010-04-04 12:52 5158831 ----a-w- c:\program files\Adobe.Photoshop.CS4.Extended.Keygen.zip

We do not support piracy. In order for support to continue, this program will have to be removed.

You are also using Web Thunder which is a sharing network, a potentially unwanted program, that should be removed.

I am going to close this thread. If you decide to remove the pirated program and still have problems, please start a new thread with reference to this one:
https://www.techspot.com/vb/topic150978.html.

Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
 
Status
Not open for further replies.

Similar threads

S
Solved Windows Task Manager crashes after opening
2
Replies
32
Views
10K
Broni
Broni
A
Solved My computer was hit by unknown malware
2
Replies
30
Views
11K
Broni
Broni
Y
  • Locked
Inactive-A Amazon assistant pop ups
Replies
9
Views
3K
Broni
Broni

Latest posts

Back