Backdoor.Tidserv!inf and atapi.sys
Threat Name: Backdoor.Tidserv!inf
Spread Method:
File Creation
External Storage Device (USB Device etc.)
External Storage Device (USB Device etc.)
Threat type:Backdoor
Backdoor.Tidserv!inf first detected:2010-02-26
Virus file known is PE EXE file written in Basic
File Size:417K Bytes.
Behavior:places the file shown below in the root of the disk:
Level of Spread:6
Level of Threat:4
Reported Path:D:\Winnt\
MD5:BaNMI5k6OEHqCLxP3Bu75pLs71iR16Fw
SHA1..:j3VupQ6AwfJ8dt2WKj1DQ8t0EM5aL0h16JedxyBc
Alias:
McAfee :AdWare.Win32.SuperJuan.dfc
AVG7 :Backdoor.Win32.Agent.ojg
Report Countries:
Argentina
Costa Rica
Faroe Islands
Mexico
Qatar
Backdoor.Tidserv!inf Removal instructions:
Run a whole scan
How to remove Backdoor.Tidserv!inf :
1.Download killbox delete Backdoor.Tidserv!inf virus files.
2.Update your antivirus database and run a full scan.
run the following script:
CODE
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
Need help? Post you problem on Free Malware Remove Help forum
Backdoor.Tidserv!inf and atapi.sys Summary
1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte Backdoor.Tidserv!inf and atapi.sys virus files and kill Backdoor.Tidserv!inf and atapi.sys file task process(if have);4.Delete/Modify any values added to the registry by Backdoor.Tidserv!inf and atapi.sys ;5.delete IE temp files,restart the computer and run a whole scan with DrWeb, TrendMicro. Backdoor.Tidserv!inf and atapi.sys virus files as following: