Boot.Tidserv

31 August 2010 3 Comments

Boot.Tidserv is a detection for a variant of Tidserv Trojan that is capable of infecting 64-bit Windows operating systems. Boot.Tidserv targets the Master Boot Record (MBR) of the compromised computer. MBR will be replaced with an infected version that may result to system crashes.

Alias:

Damage Level: Low

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Boot.Tidserv

1. If using Windows Me/XP, System Restore must be disabled to prevent the threat from restoring itself. [how to]
2. Database, pattern and definition files of installed antivirus programs must be updated.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Restart Windows in normal mode.

Kaspersky Bootable USB Flash Drive
A tool from Kaspersky will allow you to create a boo-table virus scanner that can be run from any computer. This can be boot and run from media drives such as CD, DVD or USB Flash Drive. Download and follow the procedures here.

How to Protect Computer From Boot.Tidserv

Computer Security Recommendations:
- Install antivirus and firewall program. A combination of these two may prevent virus and hacking attack.
- Use complex passwords on every aspect that requires it. Hard to crack passwords containing alpha-numeric characters and not less than eight characters long will help prevent further damage on infected computer.
- Disable Autoplay of USB drives to avoid automatic launching of virus that is run via Autorun.Inf file

Internet Precautions:
- Configure email clients to block incoming emails that contains attached files with .vbs, .bat, .exe, .pif and .scr extensions.
- Be wise in opening e-mail attachments. Spam messages that pretend to be from a known source may contain infected attached files.
- Never click on a suspicious link sent through instant messaging programs.