Endpoint Protection Small Business Edition

Last week I installed SEP Small Business at a client of mine.  On one of the PCs there is a virus or malware that Symantec cannot remove because it is attached to atapi.sys file. It tries and tries.  A message keeps on coming up to restart the PC to fix the infected file. And it can't do it. This is a horrible run around.  The virus is the Backdoor.Tidserv!.inf.  Right now the PC is removed from its network. I brought it back to my shop to try and fix. 

I was able to uninstall SEP.  I plan to put it back.  It just I don't know how to fix this file.  I ran Combofix.  That didn't find anything. I am at a lose. 

Any suggestions?

Thanks

submit the file to symantec security response team.

https://submit.symantec.com/websubmit/essential.cgi or the support you have.

Follow Pete's suggestion.

Here are some additional links:

Backdoor.Tidserv!inf - Technical details:

http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99&tabid=2

Backdoor.Tidserv!inf - Removal

http://www.symantec.com/security_response/writeup.jsp?docid=2008-111113-1112-99&tabid=3

Thread about Backdoor.Tidserv!inf:

http://www.symantec.com/connect/forums/how-fix-backdoortidservinf

Good luck!

Hello,

I agree with greg's Suggestion above, however in your case, you would have to;

1) Run the Scan on the machine in Safe mode  OR

2) Run the Symantec Power Eraser to remove this Threat.

To acquire the tool, follow this link: The Symantec Endpoint Protection Support Tool.

3) You can also Run the Symantec Endpoint Recovery Tool which may also help.

Hope this tools help!