IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Boot.Tidserv infection
PhillyTech
post 7.10.2010 18:01
Post #1


Newbie
*

Group: Members
Posts: 1
Joined: 7.10.2010




An attorney at the law firm I work at brought emailed our help desk saying his laptop would not boot up properly. I was unable to boot into safe mode with the problem system. I tried doing a repair of Windows XP Service Pack 3 and at first that seemed to fix the issue. However, I then began to realize the culprit was a boot.tidserv attached to a svchost.exe in c:\windows\system32. Using a Symantec Endpoint protection Boot disk I got into was able to replace the svchost.exe file. Unfortunately, that has not solved the issue. Every time I connect the laptop to a network connection I get a message from Symantec saying it is blocking an attack from an outside IP address. I need to get this fixed soon. If any one can help me or at least point me in the right direction that would be awesome. I'm including the manual disinfection report as well. Thanks!



Attached File(s)
Attached File  avptool_sysinfo.zip ( 45,42K ) Number of downloads: 6
 
Go to the top of the page
 
+Quote Post
dawgg
post 9.10.2010 14:43
Post #2


Forum Elite
**************

Group: Moderators
Posts: 9300
Joined: 6.04.2006
From: London




Have you performed a scan using Kaspersky's Virus Removal Tool? If not, do so and post here the results (detection name and filename/directory).

Attach here a link to the systems's GSI Parser. Instructions are shown at the bottom of this post.

Download and run Kaspersky's TDSSkiller. Do NOT delete/quarantine Suspicious objects.
After the scan has completed, post here the scan log, it should be located in C:\TDSSKiller_Quarantine\...
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 23.08.2014 07:31