From: "Martin said:
Yes Norton did pick a the Virus, but it tells me that it
has to be manual removed. If i remove the virus myself as
the file is cdrom.sys (C Drive, Windows, System32, Drivers
and cdrom.sys).
What will happen to my cdroms if i do remove it. I am also
running Windows Defender and Microsoft Windows Malicious
Software Removal Tool v3.6, but they don't pick up the
virus.
Is it safe to remove the virus or not?
Do you read and NOT comprehend ?
Did you run the Norman's TDSS Cleaner as I prescribed ?
This was not and is NOT a "virus".
Tidserv (aka; TDSS/TDL3 and Alureon) is a RootKit and is in
the trojan sub-class of malware.
http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99
"Discovered: September 18, 2008
Updated: September 18, 2008 4:01:39 PM
Also Known As: Backdoor:W32/TDSS [F-Secure], BKDR_TDSS
[Trend], Win32/Alureon [Microsoft] Type: Trojan"
Not all malware are viruses but all viruses are malware.
Here is the list of malware that MRT targets.
http://www.microsoft.com/security/malwareremove/families.aspx
Alureon is the name of the TDSS/TDL3 given by Microsoft
(also shown in the cross-reference in the Symantec writeup).
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32/Alureon
Why it doesn't catch it is unkown but that's the case and
as for Windows Defender, it is geared for the
Adware/Spyware class of malware which also non-viral.
It could be Symantec falsely accuses it of being the TDSS.
The following is poor nomenclature..
(C Drive, Windows, System32, Drivers and cdrom.sys).
This is the correct noenclature...
c:\windows\system32\drivers\cdrom.sys
or alternatively...
%windir%\system32\drivers\cdrom.sys
You won't able to delete CDROM.SYS if is was trojanized by
TDSS in Normal or Safe Mode operation. But you can if the
drive was on a surrogate PC or if you loaded the Recovery
Console.
Once it is deleted you will need it and restoring it is not
hard if you have the Windows XP distrubution disk or if the
i386 folder from a XP distribution disk was ported to the
computer such as; c:\i386
The following commandline would restore the file...
expand c:\i386\cdrom.sy_
%windir%\system32\drivers\cdrom.sys