Help - Backdoor.Tidserv.i!inf - can't boot

View previous topic View next topic Go down

Help - Backdoor.Tidserv.i!inf - can't boot

Post by BarryS on Mon Dec 07, 2009 5:10 pm

Help - I have a virus problem.

I have Norton 360 (2009 version) installed, running on Windows XP (SP2, with all updates) on a Dell PC.

I was fooled into running an executable (I know this was stupid, but it had been a long day, and it was well disguised as being from a legitimate source). I did run a Norton scan on the file, it said it was OK. However, when it ran it rebooted the PC.

Obviously I was suspicious so immediately ran a full scan overnight. The scan reported 1 threat and needed to reboot to complete the fix. I let it reboot. The computer failed to boot, with a blue screen and a Stop message (code 7B hex). Safe mode would also not reboot – same blue screen. Selecting “reboot using last safe settings” did boot. I checked the Norton log. The scan found one virus – Backdoor.Tidserv.i!inf, which it claimed to have resolved. However auto-protect also reported finding the same virus a bit later, again claiming to have resolved it. Rebooting again resulted in the same blue screen, this time in all types of boot, including last safe settings. I'm now unable to boot at all.

Any suggestions on how to proceed? I would like to avoid completely reformatting the disc and reinstalling Windows if possible because it's a lot of work. I do have backups of personal data etc, but I'd like to avoid this if possible.

The first thing I planned to try was booting from my original Windows CD (original Windows Home pre SP2) and doing a repair. Or would booting from the Norton 360 installation CD be likely to allow me to clear this?

Any suggestions gratefully received.

Barry

BarryS
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25653
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by Belahzur on Mon Dec 07, 2009 8:53 pm

Try doing a repair install first, let me know what happens.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by BarryS on Tue Dec 08, 2009 7:15 pm

Thanks - I probably won't have time until the weekend, but will let you know once I have.

BTW, my Windows XP Home CD is the original, pre service packs, but I assume once I've run repair (if it works) Windows will know what updates it needs again? (I am assumming a repair is like a reinstall but without overwritting the registry, but I could be wrong).

Barry

BarryS
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25653
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by Belahzur on Tue Dec 08, 2009 9:17 pm

Yes, that's the theory, just when it does the updates, it could take hours LMBO or ROFL


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by BarryS on Tue Dec 15, 2009 10:56 am

Had to go to London on Saturday, but had a go at this on Sunday - only limited success.

I used a Knoppix boot CD and copied lots of data to a USB disk. Between that and my backups I should be well covered (though there's bound to be something somewhere that I'll want in 2 years time :-) )

Then I tried the Windows installation disk. I was able to get into the recovery console, but didn't really know what to do with it.

Then I went into the Repair Windows installation option. All seemed to be going well, but some way in to the setup it started reporting that it couldn't copy various files. These were a large number of files of types DL_ and EX_. In each case I was given the choice of Retry, which would just represent the error, or Cancel, which would allow me to skip the file, or Browse which would allow me to see the file it was refusing to copy! I tried using cancel and skipping the files, but once it had asked about 20 or 30 I lost patience; I powered it down in mid installation - on reboot it new it was in the middle of an installation, it resumed but produced the same errors again. At this point I gave up, and powered down again.

It's an original SP2 CD (though not the original installation CD, as Dell don't supply these, it's from another PC that I built, and is an OEM version). I did use the serial number from the Dell installation. I also have available a XP Home upgrade CD (pre service pack) but I haven't tried this.

I've no idea what the problem is here. Is this possibly some problem with the C drive partition, or the Windows directory, or file attributes? The disc wasn't anywhere close to full before all this happenned, and I rebooted with Knoppix and it still seems to have 13GB free. (OK - it was a long trip the day before, so by late Sunday I admit I may have missed something obvious)

Any suggestions? I'd still like to avoid a re-install, but I'm starting to resign myself to it.

Is it time to give in, and just completely reinstall XP? If so do I need to do anything special to wipe the disk? Will just the partition with Windows do, or should I do something with the other partitions, especially the hȋdden diagnostic partitions Dell pre-installs? Do I need to wipe the Master Boot Record, and if so what is the easiest way to do this? Do I need to go as far as Darik's Boot and Nuke, or something similar to completely blat the disk?

If a reformat or reinstall are needed, are there any files such as logs that might be useful to you that I can get via Knoppix?

Thank's for your help so far.

Barry

BarryS
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25653
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by Belahzur on Wed Dec 16, 2009 12:02 am

Slow down there, formatting isn't too hard once you think about it. No need to go as far as killing the MBR so to speak, just deleting the partition does the trick, then write a new partition to install Windows on.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by BarryS on Wed Dec 16, 2009 6:55 pm

Thanks - I may have been getting over paranoid!

I really don't understand why so many files failed on the repair. I was worried this might have been something to do with the virus, but I guess it's more likely to be some more mundane issue.

I may have a go at repair with a different Windows disk, but if that doesn't work I'll delete and recreate the partition, and install re-install (though it will have to wait to the weekend again)

Thanks

BarryS
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25653
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by BarryS on Wed Dec 23, 2009 8:53 am

Made progress at the weekend. The repair install would not work - it repeatedly refused to copy files that were present on the CD. I tried this with an SP2 OEM disk and an SP1 retail upgrade disk. (I also tried versions of these with SP3 slipstreamed but these wouldn't accept a key code.) Recovery console did not help, as the system was stuck thinking it was in the middle of an install. I gave up and went for a full install. I removed the system partition (C:), recreated it, fully formatted and did the install (using the OEM SP2 disk), followed by various upgrades from Microsoft (including SP3). I also obtained some drivers from the Dell website.

Basically it all works, although part way through this the system decided to start booting very slowly - 2 minutes to the login screen, then 2 minutes between drawing the wallpaper and explorer being ready (almost like it's waiting for a disk or something that isn't there). I'm pretty sure this isn't malware, I think it must be a driver issue - it's annoying but can be investigated over time.

I re-installed Norton 360 and did a full scan, which came up clear (other than a cookie). I also installed the free version of Malwarebytes and ran an update and full scan, which also came up clear.

Is this sufficient - can I rely on this being clear of the virus, or are there any other checks I should use?

Thanks for all the help along the way.

Barry

BarryS
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25653
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by BarryS on Wed Dec 23, 2009 6:33 pm

I should have made it clear, my disk is partitioned, with the system on C: and my documents on D:. I deleted and reformatted the C: partition and reinstalled Win XP, but did not reformat D:. Hopefully that's sufficient.

BarryS
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25653
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by Belahzur on Wed Dec 23, 2009 7:09 pm

Yep, that sounds right.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Help - Backdoor.Tidserv.i!inf - can't boot

Post by BarryS on Wed Dec 23, 2009 9:19 pm

Phew!

Thanks again

Barry

BarryS
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-12-07
OS OS : XP
Points Points : 25653
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum