Backdoor.Tidserv.I!inf
Backdoor.Tidserv.I!inf is a generic identification for a legitimate MS Windows system driver files that have been modified by Backdoor.Tidserv. By loading the compromised files into system’s memory, the Trojan has full potential to initiate other components that are already stored on the computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
When Backdoor.Tidserv.I!inf is executed, it loads itself in memory and initiate other modules. The Trojan may remain undetected with its advance rootkit techniques. It injects code to legitimate system driver in order to hide its process and activities on the computer. The primary purpose of this Trojan is to assist other components that attempts to generate revenue for the attackers. As a result, victims may suffer from browser redirects that hijacks search result page to a web site of an endorsed product. Additionally, compromised systems may receive extensive pop-up advertisements and promotional desktop wallpaper.
Distribution
The Trojan commonly propagates by various ways that also applies for other identified threats. An observation illustrate that Trojan may use web sites with high traffic like blogs and forums that has open discussion feature. A response with exaggerated content is added by attacker which assert to direct victims to a malicious page containing the full story, video or supplementary substance.
Malware attacker also sees an opportunity to propagate Backdoor.Tidserv through pirated software, cracked programs and key generators. Since the network for this type of file-sharing activity is deregulated, most of these public files can conceal the Trojan.
How to Remove Backdoor.Tidserv.I!inf
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Backdoor.Tidserv.I!inf, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Additional virus removal tool like Norton Power Eraser provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.
5. Go to Norton Power Eraser web page and download the tool.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
10. Now click on Fix to start removing the threats including Backdoor.Tidserv.I!inf remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.