Computer

For Online Computer Support, Ask a Computer Technician

Ask a Computer Expert,
Get an Answer ASAP!

B. Rath helped me clear the Tidserv infection on my desktop…

Customer Question
B. Rath helped me clear...
B. Rath helped me clear the Tidserv infection on my desktop June 13, 2010, but it's returned. On June 15 I updated ver 3.8 of Norton 360 to ver 4. Today Norton reported it found Tidserv infection in \windows\system32\ipsec.sys and referred me to their web site for manual removal. ipsec.sys is the same file that Combofix found on June 13, disinfected, and "restored copy from Kitty had a snack :p". Norton's manual process suggests replacing an infected driver by expanding the corresponding file in recovery console. The cmdcons folder Combofix downloaded from Microsoft doesn't contain ipsec.sy_ Should I assume I have a new infection of Tidserv and run Combofix again? Or should I try something else?
Warren Turner
Submitted: 8 years ago.Category: Computer
Show More
Show Less
Ask Your Own Computer Question
Answered in 14 minutes by:
6/21/2010
Tech Support Specialist: DRobertson, Consultant / Technician replied 8 years ago
DRobertson
DRobertson, Consultant / Technician
Category: Computer
Satisfied Customers: 730
Experience: MCTS, MCDST, MCP, A+, Network+, 20+ years in IT. Support for OEMs. Computer repair business owner.
Verified

Hi and thanks for writing us here at JustAnswer.com. Please know that to resolve your question may take some back and forth questions and answers. Help us to help you! We are here to help and will do our best to resolve your issue; we are not here to just make money. Also note that we do NOT work for any company and in no way represent them on their products and/or services.

 

At this point I am wondering if the unit was ever totally clear of the infection. I say this because many viruses are triggered by an event, like the date and time.

 

I recommend we make a bootable anti-virus CD and then after downloading it on another system, and burning it to CD, bot to it on the infected system and let it scan.

 

This will take any and all software out of the loop from running in the background and, has I have seen, interfering from the the anti-virus running like it should.

 

Below are the instructions:

 

Go to another PC and the go to the following link.


http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-3.11.23804.zip


This link will have a file that will automatically start to download when you click the link above. Download it and unzip it, then burn the .iso (this is a disk image file and must be burned thru software that can use a disk image) file to a CD. This is an .iso file, so you do not do anything with the file at all. Your burner software will know how to use it.


You will then want to boot to the new CD on your original PC. You will put the CD in the tray then do a normal reboot. The CD will take over and it will first update itself (trys, but sometimes is not able to do so - not a problem if it can not) then it will do a total scan of your system for viruses and such. Let it run and take note of it finds any of them. When it is done take out the CD and "hard" reboot your system, using the power button.

 

Let me know once done if this does not solve the issue and I will be happy to help more.

Ask Your Own Computer Question
Customer reply replied 8 years ago

My old LT has XP Pro, but only a DVD-CD ROM drive. Do I dare burn the iso image to CD on the infected desktop? Before you answer that, Norton 360 Ver 4 has found a second problem on the desktop - an apparently corrupt Gear driver that Norton uses to backup (one of the features of 360) to CD/DVD. My backups via Norton appear to run normally, but the BU is to the C drive. Norton has given me a two year old routine to fix which goes on for two pages to remove the driver files and the associated registry entries, install Gear (a fresh download), followed by more edits to the registry. Does this have anything to do with the Tidserv problem?

If I need to use a second computer to burn the CD will any computer with a CD-RW drive work?

Warren

Tech Support Specialist: DRobertson, Consultant / Technician replied 8 years ago

I feel that we are looking at two separate issues, but then again, I am only about 68% sure of this.

 

Yes, any unit with a CD burning unit will do. No, do not use the infected unit to burn the CD. Although you may not have an issue with burning it and such, I would rather use another unit and take the possibility totally out of the equation.

 

Leave the other part about Norton and the fix out of this, until we have done the scan of the unit.

Ask Your Own Computer Question
Customer reply replied 8 years ago

As of June 22 I matched a second computer with CD-R drive and burning software, and ended up with the Rescue CD. But the User's Guide contains a warning that using the CD "on a working operating system may rename essential system files and so cause your operating system not to start." It then goes on to describe using the OpSys repair disk to reinstall thereby losing all installed programs and data. I don't have a repair disk, and the Recovery Console downloaded by Combofix (stored in C:\cmdcon) has a minimum number of expandable replacement system files.

 

I'm beginning to think the fix is worse than the problem. Can I run the Rescue CD and get an option as to whether or not to rename an infected file?

 

If I do nothing, I have a smoothly operating system, and I think Norton 360 prevents me from infecting anyone else. Googling Tidserv gives me very little info on the progress of this, currently, mild infection. I ran a complete scan on Norton today and the only infected file was ipsec.sys now renamed ipsec.sys.vir in the quarantine folder. Norton reported that ispec.sys remaining in Windows\sytem32\drivers is uninfected!

Tech Support Specialist: DRobertson, Consultant / Technician replied 8 years ago

Thanks for responding.

 

Since we are so different in our time of day from each other, I am going to opt-out, so that when you are online in the evening, someone that will be online also can work with you on this.

 

I hope all goes well and God bless!

Ask Your Own Computer Question
Customer reply replied 8 years ago

Be glad to have you continue since I'm not trying to solve the issue in real time. But from your response, I assume I'll hear from someone else at Just Answer, and will do nothing further until then.

Thanks for your help, and God bless!

 

Was this answer helpful?

How JustAnswer works

step-image
Describe your issueThe assistant will guide you
step-image
Chat 1:1 with a tech support specialistLicensed Experts are available 24/7
step-image
100% satisfaction guaranteeGet all the answers you need
Ask DRobertson Your Own Question
DRobertson
DRobertson
DRobertson, Consultant / Technician
Category: Computer
Satisfied Customers: 730
730 Satisfied Customers
Experience: MCTS, MCDST, MCP, A+, Network+, 20+ years in IT. Support for OEMs. Computer repair business owner.

DRobertson is online now

A new question is answered every 9 seconds

How JustAnswer works:

  • Ask an ExpertExperts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional AnswerVia email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction GuaranteeRate the answer you receive.

JustAnswer in the News:

Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.

What Customers are Saying:

My Expert answered my question promptly and he resolved the issue totally. This is a great service. I am so glad I found it I will definitely use the service again if needed.

One Happy CustomerNew York

I am very happy with my very fast response. Eric is very knowledgeable in the subject area. Thank you!

RPAustin, TX

Hi John, Thank you for your expertise and, more important, for your kindness because they make me, almost, look forward to my next computer problem. After the next problem comes, I'll be delighted to correspond again with you. I'm told that I excel at programing. But system administration has never been one of my talents. So it's great to have an expert to rely on when the computer decides to stump me. God bless, Bill

Bill M.Schenectady, New York

The Expert answered my Mac question and was patient. He answered in a thorough and timely manner, keeping the response on a level that could understand. Thank you!

FrankCanada

Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help.

Mary C.Freshfield, Liverpool, UK

This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!!

AlexLos Angeles, CA

Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult.

GPHesperia, CA

< Previous | Next >

Meet the Experts:

Andy

Andy

Computer Consultant

5,316 satisfied customers

11yr exp, Comp Engg, Internet expert, Web developer, SEO

Engineer John C.

Engineer John C.

Computer Science Engineer

3,229 satisfied customers

Computer Science Engineer with 10 years of experience in Computer Support, and Microsoft, A+ and Cisco certified

Ryan H.

Ryan H.

Computer Support Specialist

1,741 satisfied customers

A+ Certified Technician - 10 Years experience working with all types of computer systems.

Jane Lefler

Jane Lefler

Sr Prog Analyst / Technician

2 satisfied customers

Computer Programmer / Technician/ Consultant 16+ years

Frederick S.

Frederick S.

Computer Specialist

7,241 satisfied customers

Computer technician and founder of a home PC repair company.

lifesaver

lifesaver

Computer Software Engineer

4,288 satisfied customers

Engineering degree in Computer science,Microsoft Certified Professional.JA computer expert.

Sudipto

Sudipto

Hardware Engineer

4,260 satisfied customers

Certificate Course In Computer Maintenance

< Previous | Next >

Related Computer Questions
Hello, Installing updates screen hangs - win xp Pro -
Hello, "Installing updates" screen hangs - win xp Pro - SP3 - Dell GX-280 - Pentium 4 - 1gig RAM. At Windows Update site, All is good until I click on Express or Custom then the next step hangs and ne… read more
Anthony Brewster
Anthony Brewster
I.T.
High School or GED
5,352 satisfied customers
Had some nasty virus come through, my virus software says its
Had some nasty virus come through, my virus software says it's all clear but seems like some necessary files may have gotten corrupted and/or deleted. The latest problem is my computer sound works (i.… read more
Anthony Brewster
Anthony Brewster
I.T.
High School or GED
5,352 satisfied customers
I keep getting undeliverable mail bouncing back to my AOL email
I keep getting undeliverable mail bouncing back to my AOL email account from mail i'm not sending and which doesn't appear in my sent box. I've changed my password, done virus scans, spyware scans, ma… read more
Frederick S.
Frederick S.
Computer Specialist
High School or GED
7,241 satisfied customers
On Friday the 3rd of Sept I received phone calls from email
On Friday the 3rd of Sept I received phone calls from email contacts on my hotmail list asking about strange emails from myself. I did not send those emails and they are for a i-phone or mp3 website a… read more
Maggie P
Maggie P
HNC Computing
503 satisfied customers
Trying to follow directions to remove trojans. Was told to
Trying to follow directions to remove trojans. Was told to download HijackThis or Spybot or a couple others to fix the problem. When I try to install I get an error..."run time error 50003 unexpected … read more
Ansh P.
Ansh P.
System Analyst
Bachelor\u0027s Degree
6,393 satisfied customers
Ive got a maleware issue I cant get rid of. Ive used Spybot,
I've got a maleware issue I can't get rid of. I've used Spybot, AdAware, and even paid for the full version of Spyhunter. Yet I still have something that redirects my searches, and it blocks chrome fr… read more
Maggie P
Maggie P
HNC Computing
503 satisfied customers
Could you help I have what appears to be a virus in my hotmail
Could you help? I have what appears to be a virus in my hotmail account. When I open the account using IE, IE immediately 'crashes' and a vast number of emails are sent to my contacts entitled Fotos 0… read more
Maggie P
Maggie P
HNC Computing
503 satisfied customers
I suspect my computer is infected. I have run a scan using
I suspect my computer is infected. I have run a scan using hijack this. Is it possible that someone can review the log?… read more
Cris
Cris
62 satisfied customers
Windows XP. Running chkdsk or chkdsk/r, always stops at 71%
Windows XP. Running chkdsk or chkdsk/r, always stops at 71% on stage 4 of 5 stages. Running antiviral program causes blue screen. Is the freezing of chkdsk indicating a bad hard drive or is there some… read more
Maggie P
Maggie P
HNC Computing
503 satisfied customers
My eBay account has been hijacked several times. The first
My eBay account has been hijacked several times. The first time I reported it I was accused or someone in my household was doing it. eBay later apologized. This hijacker keeps using my id, also using … read more
Bryan
Bryan
IT Consultant
8,751 satisfied customers
I have the Banker.FoxA virus and my computer is locked up,
I have the Banker.FoxA virus and my computer is locked up, is there a download you can send me so I can open in safe mode and open up the software removal on a CD?… read more
Anthony Brewster
Anthony Brewster
I.T.
High School or GED
5,352 satisfied customers
I am receiving a Resident Shield Alert error/warning on
I am receiving a "Resident Shield Alert" error/warning on my desktop when I boot up my laptop and the problem is located at this location: C:\WINDOWS\system32\drivers\imap.sys Trojan horse BackDoor Ge… read more
online_help33
online_help33
Bachelor\u0027s Degree
291 satisfied customers
I seem to have a web hijacker. I search with Bing and results
I seem to have a web hijacker. I search with Bing and results I have used before are routed to other web pages. Sometimes it reroutes to a Stopzilla ad. AVG has found nothing. What can I do?… read more
Bryan
Bryan
IT Consultant
8,751 satisfied customers
My computer wont download any antivirus programs. Ive already
My computer won't download any antivirus programs. I've already tried the main ones. The download starts, then stops towards the end & won't finish. I'm pretty sure there's some sort of virus on it, b… read more
Brandon M.
Brandon M.
System Administrator
Vocational, Technical or Trade Scho
2,143 satisfied customers
I just downloaded avast anti-virus. It keeps telling me that
I just downloaded avast anti-virus. It keeps telling me that I have this virus/trojan: C:\Windows\System32\vshost.exe I click on the recommended tasks but the virus shows up every time I run a scan or… read more
Anthony Brewster
Anthony Brewster
I.T.
High School or GED
5,352 satisfied customers
My computer will not go into standby or hibernate It is running
My computer will not go into standby or hibernate It is running MS XP The problem started a few weeks ago. I tried to restore, no help. James Blair [email protected]… read more
Sudipto
Sudipto
Hardware Engineer
High School or GED
4,260 satisfied customers
When I log off of AOL I get a Symantec Tamper Protection Alert Target
When I log off of AOL I get a Symantec Tamper Protection Alert: Target: C:\program Files\Symantec Anti Virus\SmcGui.exe Event Info: Set Information Process Action Taken: Logged Actor Process: C:\Progr… read more
shibaranjan
shibaranjan
had done TCS related projects it college
Master's Degree
82 satisfied customers
laptop crashed theother night since then had problems on boot
laptop crashed theother night since then had problems on boot lights come on fan starts then nothing no error codes sometimes starts with a white screen then goes black and dies. my laptop is an acer … read more
Anthony Brewster
Anthony Brewster
I.T.
High School or GED
5,352 satisfied customers
Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Disclaimer: Information in questions, answers, and other posts on this site ("Posts") comes from individual users, not JustAnswer; JustAnswer is not responsible for Posts. Posts are for general information, are not intended to substitute for informed professional advice (medical, legal, veterinary, financial, etc.), or to establish a professional-client relationship. The site and services are provided "as is" with no warranty or representations by JustAnswer regarding the qualifications of Experts. To see what credentials have been verified by a third-party service, please click on the "Verified" symbol in some Experts' profiles. JustAnswer is not intended or designed for EMERGENCY questions which should be directed immediately by telephone or in-person to qualified professionals.

Show MoreShow Less

Ask Your Question

x