I’ve been having problems with my PC. I noticed it slowed down when booting up all of a sudden. I had been using AVG and it said everything was ok. So I tried using Norton Antivirus and it keeps saying after I boot my computer I have threat called “boot.tideserv”…The best I can tell this affects the Master Boot Record and changes things and slows down the pc. Norton is the only one that detects it. I’ve tried AVAST and several others and they can’t find it. I’ve ran boot scans and nothing. I am at a complete loss as to what to do.
follow this guide and attach (not copy and paste) logs from Malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0
when done a malware remover will be notified: It may take sveral hours before one arrive so be patient
Anti Malware bytes did not find anything…but Norton is still saying it is there…
Malwarebytes is not geared for that type of infection
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
THEN
Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://dl.dropbox.com/u/73555776/aswMBRscan.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://dl.dropbox.com/u/73555776/aswMBRlog.png
FINALLY
Please download the following tool
Run the tool, click Scan and post the log (Result.txt) it makes.
Ok!..Another problem…Every time I run OTL and it says it is scanning Firefox settings…it freezes…Now what?
Ok!..I could not get OTL to run without freezing but I got aswMBR to run…
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-22 13:32:54
13:32:54.015 OS Version: Windows 5.1.2600 Service Pack 3
13:32:54.015 Number of processors: 1 586 0x1601
13:32:54.015 ComputerName: RYAN UserName:
13:33:01.500 Initialize success
13:33:01.671 AVAST engine defs: 12072101
13:33:33.187 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP2T0L0-e
13:33:33.187 Disk 0 Vendor: WDC_WD2500BPVT-22ZEST0 01.01A01 Size: 238475MB BusType: 3
13:33:33.203 Disk 0 MBR read successfully
13:33:33.203 Disk 0 MBR scan
13:33:33.203 Disk 0 Windows XP default MBR code
13:33:33.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
13:33:33.250 Disk 0 scanning sectors +488376000
13:33:33.453 Disk 0 scanning C:\WINDOWS\system32\drivers
13:34:17.406 Service scanning
13:35:06.765 Modules scanning
13:35:30.562 Disk 0 trace - called modules:
13:35:30.578 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:35:30.578 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x89b9eab8]
13:35:30.937 3 CLASSPNP.SYS[f7637fd7] → nt!IofCallDriver → [0x89b7e948]
13:35:30.937 5 PCTCore.sys[f784e82d] → nt!IofCallDriver → \Device\00000077[0x89b399e8]
13:35:30.937 7 ACPI.sys[f758e620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP2T0L0-e[0x89b83940]
13:35:36.390 AVAST engine scan C:\WINDOWS
13:36:01.843 AVAST engine scan C:\WINDOWS\system32
13:46:30.125 AVAST engine scan C:\WINDOWS\system32\drivers
13:47:16.671 AVAST engine scan C:\Documents and Settings\candice
13:54:36.265 AVAST engine scan C:\Documents and Settings\All Users
13:57:10.250 Scan finished successfully
13:57:55.687 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\candice\My Documents\MBR.dat”
13:57:55.750 The log file has been saved successfully to “C:\Documents and Settings\candice\My Documents\aswMBR.txt”
Avast is not showing an MBR problem either
Did listparts run ?
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
http://dl.dropbox.com/u/73555776/TDSSFront.JPG
[*]Then click on Change parameters.
http://dl.dropbox.com/u/73555776/TDSSConfig.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
http://dl.dropbox.com/u/73555776/TDSSFound.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
http://dl.dropbox.com/u/73555776/TDSSEnd.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Everything here looks fine…
ListParts by Farbar Version: 20-07-2012
Ran by candice (administrator) on 22-07-2012 at 17:13:41
Windows XP (X86)
Running From: C:\Documents and Settings\candice\My Documents\Downloads
Language: 0409
========================= Memory info ======================
Percentage of memory in use: 38%
Total physical RAM: 2037.95 MB
Available physical RAM: 1246.09 MB
Total Pagefile: 4942.08 MB
Available Pagefile: 4210.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 2004.43 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:232.88 GB) (Free:214.53 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (windows xp sp3) (CDROM) (Total:0.31 GB) (Free:0 GB) UDF
Disk ### Status Size Free Dyn Gpt
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
Partition ### Type Size Offset
Partition 1 Primary 233 GB 32 KB
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
- Volume 1 C NTFS Partition 233 GB Healthy System (partition with boot components)
======================================================================================================
****** End Of Log ******
TDSSKILLER…found these two things…“DRVAGENT32”…and “GIVEIO”
OK those are legit… Could you attach the Norton log so that I can see exactly what it is reporting
ok!..Now Norton is not finding anything…But my computer did not start acting up or slow down a lot until I got this “boot.tideserv”…Also windows now will not load from “ACHI”…It i will only boot up under “IDE”…Never had that problem before…