PhillyTech

Boot.Tidserv infection

2 posts in this topic

An attorney at the law firm I work at brought emailed our help desk saying his laptop would not boot up properly. I was unable to boot into safe mode with the problem system. I tried doing a repair of Windows XP Service Pack 3 and at first that seemed to fix the issue. However, I then began to realize the culprit was a boot.tidserv attached to a svchost.exe in c:\windows\system32. Using a Symantec Endpoint protection Boot disk I got into was able to replace the svchost.exe file. Unfortunately, that has not solved the issue. Every time I connect the laptop to a network connection I get a message from Symantec saying it is blocking an attack from an outside IP address. I need to get this fixed soon. If any one can help me or at least point me in the right direction that would be awesome. I'm including the manual disinfection report as well. Thanks!

 

 

avptool_sysinfo.zip

Share this post


Link to post
Share on other sites

Have you performed a scan using Kaspersky's Virus Removal Tool? If not, do so and post here the results (detection name and filename/directory).

 

Attach here a link to the systems's GSI Parser. Instructions are shown at the bottom of this post.

 

Download and run Kaspersky's TDSSkiller. Do NOT delete/quarantine Suspicious objects.

After the scan has completed, post here the scan log, it should be located in C:\TDSSKiller_Quarantine\...

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.