Tidserv. Does that make you cringe? Cower in fear? Hug your puter protectively? It should. It's nasty. Tidserv is a trojan horse virus, full name something like Backdoor.Tidserv!inf and it's designed to leave your computer functional as long as you don't attempt to remove it, so it can deliver other parasites to mine your info. But if you attempt to remove it, it attacks your computer. I of course did not know this when I discovered the nasty thing on my laptop. I tried using Norton Antivirus and kept getting the result that the virus had been quarantined and no further action was required. But I also kept getting almost hourly notices that a new intrusion attempt had been blocked, and subsequent virus scans turned up new backdoor trojans. Someone suggested I call Norton Live and for about a hundred bucks I could get them to remotely remove the garbage. Sounded like a good deal to me. I spent last Tuesday (Feb. 23) watching technicians (probably in India) take over my computer with my permission. The people I talked with were all very nice, very polite and following a very specific script. I told them the virus on my laptop was tidserv. Among other things. Their first attempt to remove the thing took less than 2 hours. Me being a bit of skeptic at times, I had to run a full virus scan as soon as I got control of my machine again.
Ummmm... why did it find tidserv again, along with two other trojans? And why were the intrusion attempts continuing? Called Norton Live again. Another technician took control of my machine. He listened to my explanation, reviewed the notes from the previous techs, then assured me he could clean up the computer and it would take about 45 minutes, followed by a full system scan to ensure it was clean, which would take another hour. And then he took remote control of my laptop again. It's a bit disconcerting to watch your laptop under remote control by someone you don't know. Especially when suddenly, your email program is opening. Thankfully no, he didn't read my emails. The hour and 45 minute estimate was off by about 3 hours.
The remote clean up went horribly awry. Tidserv did what it does. It disabled my laptop. By Thursday morning, all the laptop would do is open to the Dell screen giving me various safe mode options. Each option only took me right back to that screen. Another call to Norton Live. This time, the tech said "this is a hardware problem. Call Dell." Ummmm... noooo. To be fair, the techs at Norton Live did clean up some stuff that no one else has been able to. Just not tidserv.
With no other option available, on Thursday, I took the laptop to a local computer repair shop. He listened and then said, yeah, that's what happens. Norton can't remove the virus remotely. He promised he could, and he'd save my data. In about a day. For about $80. I handed over the laptop and crossed my fingers.
He lived up to his promise. By sometime Friday, he left a message that my laptop was ready. I couldn't pick it up until Monday afternoon but since then, it's running better than it has in a very long time. What a relief! I did of course immediately back up my important files (rabbit pedigrees, for instance) to a flash drive. Turns out, the flash drive I bought is not big enough so I need to get another one to back up the less important files.
One issue remains: there is ample information all over the internet that tidserv cannot be removed by Norton Live, nor by home users using Norton antivirus (and probably many other antivirus programs too), that the attempt will result in exactly what happened to my laptop. So isn't taking my money with the promise they can get rid of tidserv pretty much fraud? Again, to be fair, the local repair guy still recommends Norton antivirus as a good protection package, just not for tidserv. I've demanded a refund from Symantec (Norton's parent). My hope and my expectation on the result of that demand are at odds with each other. I'll let you know what happens.
Get a Mac. We never have these issues. Sorry you had to go through all of that.
Posted by: Manise | March 02, 2010 at 10:03 AM