Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.
PhillyTech

Boot.Tidserv infection

Recommended Posts

An attorney at the law firm I work at brought emailed our help desk saying his laptop would not boot up properly. I was unable to boot into safe mode with the problem system. I tried doing a repair of Windows XP Service Pack 3 and at first that seemed to fix the issue. However, I then began to realize the culprit was a boot.tidserv attached to a svchost.exe in c:\windows\system32. Using a Symantec Endpoint protection Boot disk I got into was able to replace the svchost.exe file. Unfortunately, that has not solved the issue. Every time I connect the laptop to a network connection I get a message from Symantec saying it is blocking an attack from an outside IP address. I need to get this fixed soon. If any one can help me or at least point me in the right direction that would be awesome. I'm including the manual disinfection report as well. Thanks!

 

 

avptool_sysinfo.zip

Share this post


Link to post

Have you performed a scan using Kaspersky's Virus Removal Tool? If not, do so and post here the results (detection name and filename/directory).

 

Attach here a link to the systems's GSI Parser. Instructions are shown at the bottom of this post.

 

Download and run Kaspersky's TDSSkiller. Do NOT delete/quarantine Suspicious objects.

After the scan has completed, post here the scan log, it should be located in C:\TDSSKiller_Quarantine\...

 

Share this post


Link to post
Guest
This topic is now closed to further replies.

×