If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
tidserv backdoor rouge virus on netbook
i have recently had problems connecting to internet, using backup recovery,
system restore and enabling my norton anti-virus software. Eventually i got my norton internet security connected to the internet and managed to download updates and run a scan in safe mode. The scan reported the following risks: gasfkymlijaoaq.dll (backdoor.tidserv) c\documents and settings\username\desktop\casino.url c\recycled\boot.com c\windows\system32\dll.dll norton actions were to fix c drive issues and restart pc to resolve backdoor virus. Once the pc had restarted all security issues seemed resolved and healthy. But when running A full scan again, all risks were reinstated. Whats the best way of removing tidserv backdoor rouge virus ? regards shaun |
Ads |
#2
|
|||
|
|||
tidserv backdoor rouge virus on netbook
From: "shaun"
| i have recently had problems connecting to internet, using backup recovery, | system restore and enabling my norton anti-virus software. Eventually i got | my norton internet security connected to the internet and managed to download | updates and run a scan in safe mode. | The scan reported the following risks: | gasfkymlijaoaq.dll (backdoor.tidserv) | c\documents and settings\username\desktop\casino.url | c\recycled\boot.com | c\windows\system32\dll.dll | norton actions were to fix c drive issues and restart pc to resolve backdoor | virus. | Once the pc had restarted all security issues seemed resolved and healthy. | But when running A full scan again, all risks were reinstated. | Whats the best way of removing tidserv backdoor rouge virus ? | regards | shaun It is not a virus. It is a trojan Rootkit. It is not rouge, it is a "rogue" :-) Scan with Gmer anti RootKit - http://www.gmer.net/#files and back it up with Malwarebytes' Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#3
|
|||
|
|||
tidserv backdoor rouge virus on netbook
thanks David for that information.
what and why am i backing it up with Malwarebytes' Anti-Malware regards shaun "David H. Lipman" wrote: From: "shaun" | i have recently had problems connecting to internet, using backup recovery, | system restore and enabling my norton anti-virus software. Eventually i got | my norton internet security connected to the internet and managed to download | updates and run a scan in safe mode. | The scan reported the following risks: | gasfkymlijaoaq.dll (backdoor.tidserv) | c\documents and settings\username\desktop\casino.url | c\recycled\boot.com | c\windows\system32\dll.dll | norton actions were to fix c drive issues and restart pc to resolve backdoor | virus. | Once the pc had restarted all security issues seemed resolved and healthy. | But when running A full scan again, all risks were reinstated. | Whats the best way of removing tidserv backdoor rouge virus ? | regards | shaun It is not a virus. It is a trojan Rootkit. It is not rouge, it is a "rogue" :-) Scan with Gmer anti RootKit - http://www.gmer.net/#files and back it up with Malwarebytes' Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#4
|
|||
|
|||
tidserv backdoor rouge virus on netbook
hi David
i have just scanned using Gmer anti RootKit and no hidden have been identified. i had previous removed parts of the personal antivirus rogue software from my notebook and wondering wether this is hidding file regards shaun "David H. Lipman" wrote: From: "shaun" | i have recently had problems connecting to internet, using backup recovery, | system restore and enabling my norton anti-virus software. Eventually i got | my norton internet security connected to the internet and managed to download | updates and run a scan in safe mode. | The scan reported the following risks: | gasfkymlijaoaq.dll (backdoor.tidserv) | c\documents and settings\username\desktop\casino.url | c\recycled\boot.com | c\windows\system32\dll.dll | norton actions were to fix c drive issues and restart pc to resolve backdoor | virus. | Once the pc had restarted all security issues seemed resolved and healthy. | But when running A full scan again, all risks were reinstated. | Whats the best way of removing tidserv backdoor rouge virus ? | regards | shaun It is not a virus. It is a trojan Rootkit. It is not rouge, it is a "rogue" :-) Scan with Gmer anti RootKit - http://www.gmer.net/#files and back it up with Malwarebytes' Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#5
|
|||
|
|||
tidserv backdoor rouge virus on netbook
From: "shaun"
| hi David | i have just scanned using Gmer anti RootKit and no hidden have been | identified. | i had previous removed parts of the personal antivirus rogue software from | my notebook and wondering wether this is hidding file | regards | shaun Did you run MBAM like I suggested ? and back it up with Malwarebytes' Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#7
|
|||
|
|||
tidserv backdoor rouge virus on netbook
From: "shaun"
| yes i did run MBAM like you suggested, but no hidden files appeared in report | list. I have run norton antivirus scan again and the tidserv high security | risk has been cleared though, so something good is happening. | All that seems to be remaining now is 4 cookies which are removed after | norton scan, but reappear after netbook restart. | / - not detected | / - not detected | / - not detected | Orphan cookie cleanup - removed | are these cookies a serious threat | regards and many thanks | shaun No. They aren't. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#8
|
|||
|
|||
tidserv backdoor rouge virus on netbook
thanks
for your support "David H. Lipman" wrote: From: "shaun" | yes i did run MBAM like you suggested, but no hidden files appeared in report | list. I have run norton antivirus scan again and the tidserv high security | risk has been cleared though, so something good is happening. | All that seems to be remaining now is 4 cookies which are removed after | norton scan, but reappear after netbook restart. | / - not detected | / - not detected | / - not detected | Orphan cookie cleanup - removed | are these cookies a serious threat | regards and many thanks | shaun No. They aren't. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#9
|
|||
|
|||
tidserv backdoor rouge virus on netbook
http://www.cookiecentral.com/faq/#2.6
"shaun" wrote in message ... : yes i did run MBAM like you suggested, but no hidden files appeared in report : list. I have run norton antivirus scan again and the tidserv high security : risk has been cleared though, so something good is happening. : All that seems to be remaining now is 4 cookies which are removed after : norton scan, but reappear after netbook restart. : : / - not detected : / - not detected : / - not detected : Orphan cookie cleanup - removed : : are these cookies a serious threat : : regards and many thanks : : shaun : : "David H. Lipman" wrote: : : From: "shaun" : : | hi David : : | i have just scanned using Gmer anti RootKit and no hidden have been : | identified. : | i had previous removed parts of the personal antivirus rogue software from : | my notebook and wondering wether this is hidding file : | regards : | shaun : : : Did you run MBAM like I suggested ? : : and back it up with Malwarebytes' Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe : : : : -- : Dave : http://www.claymania.com/removal-trojan-adware.html : Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp : : : |
#10
|
|||
|
|||
tidserv backdoor rouge virus on netbook
Don't overlook the possibility that this might be a false alarm. If you can identify a suspect file, upload this to http://virustotal.com for verification. If you do have a rootkit then you need to disinfect from a bootable CD such as http://www.ubcd4win.com/ as attempting to do so with the rootkit active may not succeed. Malwarebytes is probably the best disinfector. Sysinternals' rootkit revealer is also useful. Oh, and let this be a salutary lesson on what happens if you place your trust in a preinstalled 'forced sale' antivirus to protect your computer. Avira, AVG, Eset all work well, as do most other reputable products. The two to avoid are the ones which you find aggressively demanding registration the moment you turn your new computer on. They got there not because they are any good, but because the system-builder was paid to put them there. "shaun" wrote: i have recently had problems connecting to internet, using backup recovery, system restore and enabling my norton anti-virus software. Eventually i got my norton internet security connected to the internet and managed to download updates and run a scan in safe mode. The scan reported the following risks: gasfkymlijaoaq.dll (backdoor.tidserv) c\documents and settings\username\desktop\casino.url c\recycled\boot.com c\windows\system32\dll.dll norton actions were to fix c drive issues and restart pc to resolve backdoor virus. Once the pc had restarted all security issues seemed resolved and healthy. But when running A full scan again, all risks were reinstated. Whats the best way of removing tidserv backdoor rouge virus ? regards shaun |
Thread Tools | |
Display Modes | |
|
|