Backdoor.tidserv remove it help I have win7

View previous topic View next topic Go down

Backdoor.tidserv remove it help I have win7

Post by eagle4lou on Thu 07 Oct 2010, 8:00 am


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2010 10:06:01 PM
System Uptime: 10/6/2010 1:31:43 PM (0 hours ago)

Motherboard: Acer | | F690GVM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2194/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 83.704 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 111.133 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&18D45AA6&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&18D45AA6&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Microsoft .NET Framework 4 Client Profile
Norton 360

==== Event Viewer Messages From Past Week ========

10/6/2010 2:21:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/6/2010 2:21:36 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/6/2010 2:21:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
10/6/2010 1:32:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/6/2010 1:32:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/6/2010 1:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/6/2010 1:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/6/2010 1:32:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/6/2010 1:32:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/6/2010 1:32:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP discache eeCtrl IDSVix86 spldr SRTSPX SymIRON Wanarpv6

==== End Of File ===========================

eagle4lou

Unborn
Unborn

Posts : 2
Joined : 2010-10-07
Operating System : windows7

View user profile

Back to top Go down

Re: Backdoor.tidserv remove it help I have win7

Post by Belahzur on Thu 07 Oct 2010, 8:28 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor.tidserv remove it help I have win7

Post by eagle4lou on Thu 07 Oct 2010, 9:26 am

eagle4lou wrote:
DDS (Ver_09-09-29.01) - NTFSx86 NETWORK
Run by eagle4lou at 13:53:56.75 on Wed 10/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.767.431 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\eagle4lou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMN3CWAD\dds[1].com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.1.0.32\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-10-6 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-10-6 173104]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-10-2 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-10-6 501888]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20101005.004\IDSvix86.sys [2010-10-6 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-10-6 116784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-10-6 126392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-6 102448]
S3 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0401000.020\symtdiv.sys [2010-10-5 340016]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-6 1343400]

=============== Created Last 30 ================

2010-10-06 03:00 --dsh--- c:\windows\Installer
2010-10-06 03:00 --d----- c:\windows\system32\Wat
2010-10-05 23:21 1,130,824 a------- c:\windows\system32\dfshim.dll
2010-10-05 23:21 297,808 a------- c:\windows\system32\mscoree.dll
2010-10-05 23:21 295,264 a------- c:\windows\system32\PresentationHost.exe
2010-10-05 23:21 99,176 a------- c:\windows\system32\PresentationHostProxy.dll
2010-10-05 23:21 49,472 a------- c:\windows\system32\netfxperf.dll
2010-10-05 23:19 190,976 a------- c:\windows\system32\drivers\ks.sys
2010-10-05 23:18 2,048 a------- c:\windows\system32\tzres.dll
2010-10-05 23:16 316,928 a------- c:\windows\system32\spoolsv.exe
2010-10-05 23:15 292,864 a------- c:\windows\system32\apphelp.dll
2010-10-05 22:52 --d----- c:\windows\Panther
2010-10-05 22:52 8,192 a--shr-- C:\BOOTSECT.BAK
2010-10-05 22:52 383,562 a--shr-- C:\bootmgr
2010-10-05 22:52 --dsh--- C:\Boot
2010-10-05 22:43 107,368 a----r-- c:\windows\system32\GEARAspi.dll
2010-10-05 22:43 26,600 a----r-- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-05 22:43 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-05 22:43 7,443 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2010-10-05 22:43 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2010-10-05 22:43 --d----- c:\program files\Symantec
2010-10-05 22:43 --d----- c:\program files\common files\Symantec Shared
2010-10-05 22:42 --d----- c:\windows\system32\drivers\N360
2010-10-05 22:42 --d----- C:\Windows.old
2010-10-05 22:41 --d----- c:\program files\Norton 360
2010-10-05 22:40 --d----- c:\programdata\Norton
2010-10-05 22:40 --d----- c:\progra~2\Norton
2010-10-05 22:29 221,568 -------- c:\windows\system32\MpSigStub.exe
2010-10-05 22:12 --d----- c:\programdata\NortonInstaller
2010-10-05 22:12 --d----- c:\program files\NortonInstaller
2010-10-05 22:12 --d----- c:\progra~2\NortonInstaller
2010-10-05 22:07 737,238 a------- c:\windows\system32\PerfStringBackup.INI
2010-10-05 22:07 --d----- c:\windows\system32\wbem\Performance
2010-10-05 22:06 --d----- c:\users\eagle4lou
2010-10-05 22:05 --dsh--- C:\Recovery
2010-10-05 21:55 0 a------- c:\windows\system32\atiicdxx.dat
2010-10-05 21:55 0 a------- c:\windows\ativpsrm.bin
2010-10-05 21:55 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-10-04 11:17 --d-h--- C:\$AVG
2010-09-24 08:42 --d----- C:\ATI
2010-09-22 20:34 355 a--shr-- C:\Boot.ini.saved
2010-09-06 17:53 753 a------- c:\windows\system32\RTSLCS.dll
2010-09-06 17:43 1,233,920 a------- c:\windows\system32\msxml3.dll
2010-09-06 17:43 37,376 a------- c:\windows\system32\rtutils.dll
2010-09-06 17:43 197,632 a------- c:\windows\system32\ir32_32.dll
2010-09-06 17:43 82,944 a------- c:\windows\system32\iccvid.dll
2010-09-06 17:42 310,784 a------- c:\windows\system32\drivers\srv.sys
2010-09-06 17:42 307,200 a------- c:\windows\system32\drivers\srv2.sys
2010-09-06 17:42 113,664 a------- c:\windows\system32\drivers\srvnet.sys
2010-09-06 17:42 571,904 a------- c:\windows\system32\oleaut32.dll
2010-09-06 17:41 3,955,080 a------- c:\windows\system32\ntkrnlpa.exe
2010-09-06 17:41 3,899,784 a------- c:\windows\system32\ntoskrnl.exe
2010-09-06 17:40 427,520 a------- c:\windows\system32\vbscript.dll
2010-09-06 17:40 641,536 a------- c:\windows\system32\CPFilters.dll
2010-09-06 17:40 465,408 a------- c:\windows\system32\psisdecd.dll
2010-09-06 17:40 417,792 a------- c:\windows\system32\msdri.dll
2010-09-06 17:40 204,288 a------- c:\windows\system32\MSNP.ax
2010-09-06 17:40 199,680 a------- c:\windows\system32\mpg2splt.ax
2010-09-06 17:39 1,286,456 a------- c:\windows\system32\ntdll.dll
2010-09-06 17:39 224,256 a------- c:\windows\system32\schannel.dll
2010-09-06 17:39 1,037,312 a------- c:\windows\system32\lsasrv.dll
2010-09-06 17:39 133,720 a------- c:\windows\system32\drivers\ksecpkg.sys
2010-09-06 17:38 221,696 a------- c:\windows\system32\drivers\mrxsmb10.sys
2010-09-06 17:38 123,392 a------- c:\windows\system32\drivers\mrxsmb.sys
2010-09-06 17:38 95,744 a------- c:\windows\system32\drivers\mrxsmb20.sys
2010-09-06 17:38 293,888 a------- c:\windows\system32\atmfd.dll
2010-09-06 17:38 34,304 a------- c:\windows\system32\atmlib.dll
2010-09-06 17:37 67,584 a------- c:\windows\system32\asycfilt.dll
2010-09-06 17:37 132,608 a------- c:\windows\system32\cabview.dll
2010-09-06 17:36 369,152 a------- c:\windows\system32\secproc.dll
2010-09-06 17:36 365,568 a------- c:\windows\system32\secproc_isv.dll
2010-09-06 17:36 324,608 a------- c:\windows\system32\RMActivate_isv.exe
2010-09-06 17:36 320,512 a------- c:\windows\system32\RMActivate.exe
2010-09-06 17:36 280,064 a------- c:\windows\system32\RMActivate_ssp.exe
2010-09-06 17:36 277,504 a------- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-06 17:36 85,504 a------- c:\windows\system32\secproc_ssp_isv.dll
2010-09-06 17:36 85,504 a------- c:\windows\system32\secproc_ssp.dll
2010-09-06 17:36 1,286,016 a------- c:\windows\system32\drivers\tcpip.sys
2010-09-06 17:36 172,032 a------- c:\windows\system32\wintrust.dll
2010-09-06 17:35 740,864 a------- c:\windows\system32\inetcomm.dll
2010-09-06 17:35 2,614,272 a------- c:\windows\explorer.exe
2010-09-06 17:35 285,696 a------- c:\windows\system32\winlogon.exe
2010-09-06 17:34 12,800 a------- c:\windows\system32\drivers\sffp_sd.sys
2010-09-06 17:34 293,376 a------- c:\windows\system32\browserchoice.exe
2010-09-06 17:33 1,328,640 a------- c:\windows\system32\quartz.dll
2010-09-06 17:33 91,648 a------- c:\windows\system32\avifil32.dll
2010-09-06 17:33 84,480 a------- c:\windows\system32\mciavi32.dll
2010-09-06 17:33 50,176 a------- c:\windows\system32\iyuv_32.dll
2010-09-06 17:33 31,744 a------- c:\windows\system32\msvidc32.dll
2010-09-06 17:33 22,016 a------- c:\windows\system32\msyuv.dll
2010-09-06 17:33 13,312 a------- c:\windows\system32\msrle32.dll
2010-09-06 17:33 12,288 a------- c:\windows\system32\tsbyuv.dll
2010-09-06 17:33 194,488 a------- c:\windows\system32\drivers\fvevol.sys
2010-09-06 17:32 257,024 a------- c:\windows\system32\msv1_0.dll
2010-09-06 17:32 34,816 a------- c:\windows\system32\msasn1.dll
2010-09-06 17:31 12,625,408 a------- c:\windows\system32\wmploc.DLL
2010-09-06 17:31 1,320,960 a------- c:\windows\system32\CertEnroll.dll
2010-09-06 17:31 728,648 a------- c:\windows\system32\drivers\dxgkrnl.sys
2010-09-06 17:31 507,568 a------- c:\windows\system32\winload.exe
2010-09-06 17:31 442,920 a------- c:\windows\system32\winresume.exe
2010-09-06 17:31 108,544 a------- c:\windows\system32\t2embed.dll
2010-09-06 17:31 70,656 a------- c:\windows\system32\fontsub.dll

==================== Find3M ====================

2010-09-06 17:44 978,432 a------- c:\windows\system32\wininet.dll
2010-09-06 17:44 2,326,016 a------- c:\windows\system32\win32k.sys
2009-07-13 21:56 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-13 21:56 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-13 21:56 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-13 21:56 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-13 21:41 174 a--sh--- c:\program files\desktop.ini
2009-07-13 17:34 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 17:34 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 17:34 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 17:34 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 14:26 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2009-07-13 18:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:54:27.62 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2010 10:06:01 PM
System Uptime: 10/6/2010 1:31:43 PM (0 hours ago)

Motherboard: Acer | | F690GVM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2194/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 83.704 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 111.133 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\3&18D45AA6&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\3&18D45AA6&0
Service: i8042prt

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Microsoft .NET Framework 4 Client Profile
Norton 360

==== Event Viewer Messages From Past Week ========

10/6/2010 2:21:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/6/2010 2:21:36 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/6/2010 2:21:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
10/6/2010 1:32:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/6/2010 1:32:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/6/2010 1:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/6/2010 1:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/6/2010 1:32:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/6/2010 1:32:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/6/2010 1:32:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP discache eeCtrl IDSVix86 spldr SRTSPX SymIRON Wanarpv6

==== End Of File ===========================

eagle4lou

Unborn
Unborn

Posts : 2
Joined : 2010-10-07
Operating System : windows7

View user profile

Back to top Go down

Re: Backdoor.tidserv remove it help I have win7

Post by Belahzur on Thu 07 Oct 2010, 9:58 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor.tidserv remove it help I have win7

Post by Sponsored content Today at 11:30 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum