[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1143
  • Last Modified:


I recently installed Symantec Endpoint and all seemed to be running fine. One of my clients detected Backdoor.Tidserv!inf but endpoint it will only log it and I want to get rid of it. I went to the client machine and turned on Quarantine first  and then delet if first fails. Any suggestions
  • 3
  • 2
1 Solution

Try to do a full scan in Safe Mode

A Symantec Certified Specialist @ your service
Either MalwareBytes or Combofix will remove TDSS variants. You need to rename the file before saving to your desktop.

Download Malwarebytes' Anti-Malware to your desktop,

Please download ComboFix by sUBs:

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
marquisrhAuthor Commented:
I just got done running the comoputer in safe mode. Before I started I went in to make sure that it was setup to quarintine and then delete the file. It still logged only
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

If you can't access MBAM and Combofix links, use the link and instruction from this thread -->
marquisrhAuthor Commented:
I used the malwarebytes link you gave me and it got rid of Backdoor.Tidserv!inf I still have tracking cookie which keeps coming back. Endpoint deletes this file when it finds it which is just about every scan
Glad to know it got rid of it.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now