 Boot.Tidserv infection |
  |
 7.10.2010 18:01
Post
#1
|
|
|
Newbie  Group: Members Posts: 1 Joined: 7.10.2010  |
An attorney at the law firm I work at brought emailed our help desk saying his laptop would not boot up properly. I was unable to boot into safe mode with the problem system. I tried doing a repair of Windows XP Service Pack 3 and at first that seemed to fix the issue. However, I then began to realize the culprit was a boot.tidserv attached to a svchost.exe in c:\windows\system32. Using a Symantec Endpoint protection Boot disk I got into was able to replace the svchost.exe file. Unfortunately, that has not solved the issue. Every time I connect the laptop to a network connection I get a message from Symantec saying it is blocking an attack from an outside IP address. I need to get this fixed soon. If any one can help me or at least point me in the right direction that would be awesome. I'm including the manual disinfection report as well. Thanks!
Attached File(s)
|
 |
 
|
|
9.10.2010 14:43
Post
#2
|
|
 Forum Elite Group: Moderators Posts: 9288 Joined: 6.04.2006 From: London |
Have you performed a scan using Kaspersky's Virus Removal Tool? If not, do so and post here the results (detection name and filename/directory).
Attach here a link to the systems's GSI Parser. Instructions are shown at the bottom of this post. Download and run Kaspersky's TDSSkiller. Do NOT delete/quarantine Suspicious objects. After the scan has completed, post here the scan log, it should be located in C:\TDSSKiller_Quarantine\... |
|
|
|
|
| Lo-Fi Version | Time is now: 22.05.2013 22:08 |