Over 1 million tech questions and answers.

HTTPS TidServ

Q: HTTPS TidServ

Hello,
I come from the Norton community that led me to you about attack of a serious trojan.
Here is a nth case of "HTTPS TidServ" attack that personally I discover being novice in this regard.
I understood that this type of trojan causes serious problems, and belongs to the class of Rootkit, TDSS or TDL3 viruses.
Of course, my system is infected, periodically, Norton indicating attacks,I did a full scan via Norton Internet Security, without result.
I already used Microsoft's Malicious Software Removal Tool, and RegistryBooster-Uniblue to check the system, the first one didn't identify the problem and the second one pointed out problems but I did not try to repair via this program. I did not try any other solution for now.
I wonder what I have to do to eradicate this very serious "nuisance".
Thanks for your help,
Regards,
Thierry

----------------------------
ps: pc endowed with XP.

RELEVANCY SCORE 200
Preferred Solution: HTTPS TidServ

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: HTTPS TidServ

Hi Thierry and welcome to BleepingComputer!Please follow the steps in this guide and see if that fixes your problem.

Read other 7 answers
RELEVANCY SCORE 72.8

Intrusions from two different Ips, one is HTTPS tidserv & other is HTTPS misleading Application detection, how do i get rid of them?

A:PLZ HELP- Intrusions not stopping - HTTPS tidserv & HTTPS misleading application deletection

Hi archie21:

These notifications are what we are seeing on the Norton forum that indicate that you have a TDL3/4 rootkit attempting access to the net. Norton is blocking it.

You will need to ask the Malware Removal Team for assistance.

Read other 2 answers
RELEVANCY SCORE 71.6

Howdy, let me first say THANK YOU to this forum, and the folks that post help. I have used this forum in the past to help my neighbors, and the information has been helpful. Unfortunately, it is now apparently my turn, as my wife's computer is infected.The StoryYesterday (4/8), my wife comes in my office claiming that her computer is in trouble. When I get there, I see that she has windows coming and going, and it appears that she is infected with Antimalware Doctor (appreg70700.exe). I also notice that Norton 360 is not currently running, now sure why it had stopped, but thought I'd mention it.What I didAfter finding the application that was causing the problems, I killed it, and installed a recommended program, Malwarebyte's Anti-Malware. It found several issues, and I followed the cleaning process. I also found registry entries for Antimalware Doctor (using regedit), and removed them. Furthermore, I removed it from the start-up entries. Also, I installed and ran SuperAntispyware, but it only found 3 cookies that were problems.Current IssueI then got Norton 360 running again (updated defs, ran a new scan, etc). Norton isn't finding any issues. However, going through the logs, I am finding multiple entries for:QUOTEHIGH - An intrusion attempt by 61.21.20.132 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXENorton Risk Name: HTTPS Tidserv Request 2Other IP that it lists is 112.121.181.26And,... Read more

A:Tidserv Trojan Infection? (HTTPS Tidserv Request 2)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 49 answers
RELEVANCY SCORE 70

This keeps popping up on my Norton 360 and I have no idea what to do. Is it a site trying to hack into my computer? I followed a few advices on this site but it keeps popping up...GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-22 21:15:53Windows 6.1.7600 Running: cycsd3fr.exe; Driver: C:\Users\Stephen\AppData\Local\Temp\fwddrfoc.sys---- System - GMER 1.0.15 ----SSDT 869C3048 ZwAlertResumeThreadSSDT 86260048 ZwAlertThreadSSDT 86AD0FC0 ZwAllocateVirtualMemorySSDT 85FAD480 ZwAlpcConnectPortSSDT 86950048 ZwAssignProcessToJobObjectSSDT 86ACC210 ZwCreateMutantSSDT 86ACEBA8 ZwCreateSymbolicLinkObjectSSDT 86ACF398 ... Read more

A:HTTPS TIDSERV REQUEST and TIDSERV REQUEST2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.
Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.
Thank you!

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 67.6

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.Below is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Krissy at 16:13:04.32 on 17/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.165 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System3... Read more

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Also, last night, I ran a quick scan on Malwarebytes' Anti-Malware, and it detected "Trojan.Dropper".

Read other 22 answers
RELEVANCY SCORE 67.6

Hello. I was brought here through google search, when looking up information on a problem I am having which seems to be affecting people other than me as of late. I am running a Vaio Laptop on Vista Business, and I have been infected since last night with a stealth rootkit (?) which my antivirus software can't completely remove. I am receiving (blocked) HTTPS attacks from various IP's every 10-20 minutes, as informed by Norton Antivirus. HTTPS TidServ 2 affects SVCHOST.exe, and HTTP TidServ affects Firefox.exe. HTTP TidServ seems to respond when I open up Firefox, and whenever I start it up, Firefox usually informs me that it is restoring data from a crash (even though I shut it down legit on last use). Firefox is currently 3.6.3. Prior to this I did not have the most recent version of Java (Release 17), but since this problem, I have updated it to Release 20. Norton has removed several Trojans and a Downloader from the Java cache files, but I am still getting attacks, and Norton, Malwarebytes, and SuperAntiSpyware don't seem to be picking up on whatever program is sending out signals to my attackers. You guys have helped others with problems extremely similar to mine, so please look at my logs, and tell me what actions I can take to remove this nasty bug in my system. Any advice on how to deal with it would be much appreciated. Thank you.(Note that for my privacy, I have omitted references to my real name, but otherwise, everything in the logs is accu... Read more

A:HTTPS TidServ 2 / HTTP TidServ

Hi Aria, and welcome to Bleeping Computer. * Download the file TDSSKiller.zip and extract it into a folder on the infected PC. * Execute the file TDSSKiller.exe by double-clicking on it. * Wait for the scan and disinfection process to be over. * When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.

Read other 2 answers
RELEVANCY SCORE 66.4

I viewed the Preparation Guide thread. I unfortunately have no way of backing up my files so I'm unfortunately all by myself here. I have a tendency to get viruses a lot and it just baffles me that these programs don't really protect you from the serious stuff. I download quite a lot. I only have basic cable at the moment so if it's not on Hulu, I download it. I also download shows for music video making (hobby of mine) and once in a great while, I get something. I use Norton Security Suite. I've heard it's a horrible program. I've only had the computer for a couple days before I got something. And this all started when Norton notified me that Auto-Protect has detected "Trojan.FakeAV!gen35". Risk Category "Heuristic Virus". Norton says it blocked it but I'm guessing it didn't. Surprise surprise. It says the location of the file name is "c:\documents and settings\administrator\local settings\application data\hwtglcvvq\uxmqbtvtssd.exe". I checked that folder but there is nothing there. But this was just the beginning.After that, I got another notification "2933463.0332615147.exe detected by SONAR". It's been Quarantined. Says it was fully removed even though it gives me the option of restoring it. ? After I got a similar notification "8811cf6b.exe detected by SONAR". Same thing. I got these three within minutes of one another on the 20th of... Read more

A:Trojan.FakeAV!gen35, HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 66.4

I keep getting an alert from Norton saying an Intrusion Attempt has been blocked. How do I stop this thing from attacking in the first place. From other forums I've seen, it may some something to do with a rootkit."An intrusion attempt by m01n83kf7.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE""An intrusion attempt by 202.157.171.207 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE""An intrusion attempt by 91.212.226.59 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"etc..Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Trice at 9:02:51.75 on Tue 05/25/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2356 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Lexmark 2600 Series\lxdnmon.exe... Read more

A:Repeated Intrusion Attempts from HTTP Tidserv Request and HTTPS Tidserv Request 2

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important. You will then need to extract the file(s) from the zipped folder.To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish Close all open programs as a reboot may be required. Go to Start > Run, copy and paste the following into the text box and hit OK:"%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped. If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manuallyPlease post the contents of the log, report.txt, in your next reply.

Read other 11 answers
RELEVANCY SCORE 65.6

Norton 360 has been continually notifying us of intrusion attempts as of late (since about 2 days ago, started almost immediately when Norton's SONAR detected suspicious activity from a file called "fwdd.exe" and quaratined it). Risk names: HTTPS Tidserv Request 2 and HTTP Tidserv Request. We were also redirected when clicking a Google search result (which I believe is a guaranteed sign of malware). Upon looking these symptoms up, we found that they were most likely the result of a rootkit. Any and all help is appreciated to remove this malware, the more explanation of how to get rid of it the better, since this is our first time having to do this. Thank you.Logs: DDS (Ver_10-03-17.01) - NTFSx86 Run by Loozah at 16:05:09.75 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.615 [GMT -7:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Adobe\Photos... Read more

A:HTTPS Tidserv Request 2 and HTTP Tidserv Request Intrusion Attempts

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

Read other 12 answers
RELEVANCY SCORE 65.6

I see various HTTPS Tidserv Request 2 and HTTP Tidserv Request attempts being blocked by my Norton 360."Network traffic from zz87jhfda88.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE."Norton 360 doesn't find the trojan, but there are suspicious files found by GMER.This was after going to Wired to read an article and as some banner ads loaded, Norton started finding some other trojans and viruses being downloaded to my system. Even though Java had been upgraded to version 20, I think the older version code was still somewhere in the path, as I saw the Java splash screen on the Java startup. The alerts come more often when using Google or Yahoo search.I'm sure ComboFix will take care of it, but wanted a second opinion first.Thanks for your help.I've attached the attach.txt and ark.txt files and here is the log from DDS.txt.DDS (Ver_10-03-17.01) - NTFSx86 Run by KyleVogt at 12:12:31.37 on Wed 05/19/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1809 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\... Read more

A:Norton 360 Blocking HTTPS Tidserv Request 2 & HTTP Tidserv Request

Hello,Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 3 answers
RELEVANCY SCORE 64

My computer was infected with trojan this morning, I ran Symantec Endpoint Protection 11, it deleted couple file.Now I am constantly the following two error messages via Symantec Endpoint Protection address line:-[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.I ran the Symantec Endpoint Protection Full Scan come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance.I have pasted and attached the logs that I believe I need to for you to assist .Please advise if I need to do anything else at this moment to helpThanksBarryDDS (Ver_09-06-26.01) - NTFSx86 Run by clejstiege at 15:28:03.94 on Tue 06/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.411 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exesvchost.exeC:\Program Files... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected, Unable to resolve Infection

hi,Your post is a few days old if you still need help simply reply to my post.

Read other 1 answers
RELEVANCY SCORE 63.6

First of all, thanks in advance to those willing to help.A couple of days ago, I was infected with Antimalware Doctor, and XP Antimalware (I think those were the names). I am pretty sure I took care of those. Meanwhile, every time I use Mozilla Firefox, I have a notification from Norton 360 stating that "A recent attempt to attack your computer was blocked." When I look at it in more detail, Norton tells me the risk name is either HTTP Tidserv Request or HTTPS Tidserv Request 2. In addition to the constant attacks, I am redirected when clicking on google links and random tabs open in Firefox to random websites as well.-If the Risk name is HTTP Tidserv Request the application path is \DEVICE\HARDDISKVOLUME2\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE-If the Risk name is HTTPS Tidserv Request 2 the application path is \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXEIn addition to that, Norton 360 has blocked or quarantined the following within the past couple of days:Spyware.KeyloggerTrojan.GenTrojan.FakeAVAntiVirus2010Here is the DDS LOG:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 10:45:47.12 on Fri 04/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.291 [GMT -6:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}===... Read more

A:HTTP Tidserv Request/HTTPS Tidserv Request 2 Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 63.6

Problem:A few days ago my computer was attacked. Norton detected and blocked several downloaders and trojans, however I am having lingering issues with something trying to hijack my browser. Norton appears to be detecting and containing the attacks for now, but full scans from both norton and malware bytes have brought up nothing.As requested I have the DDS log, but I was unable to successfully scan with GMER. I tried 4 times, and my computer froze twice, and BSOD twice.Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Aaron Smith at 23:42:19.71 on Sat 07/10/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1852 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Belkin\F5D7050v3\Belkinwcui.exeC:\WINDOWS\system32\RUNDLL32.EXEC: ... Read more

A:problem with HTTPS Tidserv Request 2 and HTTP Tidserv Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 8 answers
RELEVANCY SCORE 63.6

Norton 360 indicates I am continually getting intrusion attempts and "firewall activities". Tidserv Request and https Tidserv Request 2. Per instructions, ran dds and gmer, logs follow. Need help, have not previously heard of rootkits. Thanks, in advance! DDS (Ver_10-03-17.01) - NTFSx86 Run by Joe at 21:51:27.15 on Sun 06/13/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Linksys\Linksys Updater\bin\L... Read more

A:infected with rootkit tidserv request and https tidserv request 2

Hi joemck,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 13 answers
RELEVANCY SCORE 62.4

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 62

Hello.A colleague seem to have downloaded several viruses onto an often-used work laptop. We are a small non-profit and cannot afford to pay someone to remove this. I googled around looking for a solution before coming here, and I seem to have done some things in the wrong order. She came to me complaining there was a virus. The first problem I noticed was Anti-Malware Doctor or something like that, then another phony spyware finder. Then explorer and firefox windows would shut down with the td-da! sound playing. Other programs wouldn't open, claiming to be infected. I downloaded, updated and ran malwarebytes, spybot search and destroy, superantispyware, cwshredder, tdsskiller, windows defender and stinger. they got rid of a ton of garbage, none of which I noted, sadly. Norton found a few items as well, and deleted or quarantined them. I figured that would clear it up, yet I continually get notices from Norton about blocked attacks from a few different sources. I also notice that occasionally, in firefox, google searches will redirect to benign-looking stubs and ad pages. They're easy to move away from. The final issue is that despite there being very few programs on this laptop, windows notified me that virtual memory is too low. Thanks in advance, I really appreciate the help.(Here is all the info from the DDS, the other one is attached, and I'm having trouble attaching the gmer report, it says the txt is too big, but I can't upload a .zi... Read more

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 75 answers
RELEVANCY SCORE 62

Running Norton Internet Security on a Windows Vista system. I suspected I had a virus, so I ran a full scan. Norton identified and removed two trojans, but I think not everything was removed. Now I am getting pop-ups from Norton while browsing using IE, like this:"A recent attempt to attack your computer was blocked."When I click View Details, I see information like this:"An intrusion attempt by 19js810300z.com was blocked. Application path \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE"The ".com" address changes, but the basic message is the same.I have followed the instructions in the Preparation Guide and hope I did everything correctly. Please let me know if you need more information? Thanks in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Sue at 19:25:30.71 on Tue 06/29/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3325.2002 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRes... Read more

A:HTTPS Tidserv Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow Com... Read more

Read other 11 answers
RELEVANCY SCORE 62

Hi, My dads computer is getting this pop-up from norton all the time, saying either HTTPS Tidserv Request or HTTPS Tidserv Request 2 was blocked. I have run Norton full scan in both normal and safe mode, ran Malware bytes and Registry Mechanic, all have said that everything is now clean but the pop ups keep coming. Also, I have notice that there are 8 of svchost.exe running and sometimes it takes 100% of the CPU usage. Also, it seems like it takes forever to boot!For the first time ever I read what I needed to do before posting here!!!!!! :-)Thanks in advance for the help.ScottDDS (Ver_10-03-17.01) - NTFSx86 Run by Pat Petrola at 17:46:46.59 on Tue 06/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.593 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC... Read more

A:HTTPS Tidserv Request and HTTPS Tidserv Request 2

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 12 answers
RELEVANCY SCORE 62

I have been getting a lot of notifications from my Norton Antivirus that intrusion attempts have been blocked.
For example
"An intrustion attempt by lj1i16b0.com was blocked.
Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"

I scanned my computer and no viruses were found. I downloaded rkill and then ran it while in safe mode and then rescanned my computer. Again no viruses were found.
So far the only problem I am having with my computer is with my Chrome. It will not load any websites.

Thanks in advance

A:HTTPS Tidserv Request 2

HelloIs this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is ... Read more

Read other 12 answers
RELEVANCY SCORE 62

Norton keeps telling me every 30 minutes that it blocked an intrusion attempt by 34jh7alm94.asia for HTTPS Tidserv Request 2, THis happens when I am not using the browser or any program for that matter. I get the same message when I try to load an internet page on iExplorer. This time though, it mentions that the attempt was made by zl091kha644.com. Most web search I perform on google is redirected to other web pages. If I click on a web link such as Wikipedia from a search engine such as google I also get redirected to another page that is a search engine or sometimes a totally unrelated website.

A:HTTPS Tidserv Request 2

I have solved this problem myself.

Read other 2 answers
RELEVANCY SCORE 62

Windows XP SP3 with Norton Internet Security 2009 on a Dell Laptop on a LAN.

On Thursday (6/24/10) Norton started blocking "HTTPS Tidserv Request 2" from both SvcHost.exe and IExplorer.exe to a couple of different IPs 91.212.226.59, 91.212.226.67 and 85.12.46.155. I also noticed that a SVCHOST.EXE process was using a log of CPU and killed it. I updated Norton and ran a full scan and it found Trojan.Zefarch!gen and maybe another Trojan Horse, Norton isn't too clear.

I'm pretty sure that a Java applet on a site was the cause and I found a couple of files with the right time stamp to be involved; one was e.exe and I didn't get the other Norton removed it. A couple of the strings inside e.exe were "MSVCR80.DLL" and KERNEL32.DLL" so I assume it modified them. I see other stuff in Norton's log that I assume isn't of much help.

After reading Bleeping Computer I booted in safe mode and ran another scan it found SpyGuard2008. I also ran the Defogger, dds and gmer.

Please help.

Trace

=== DeFogger ===

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:32 on 25/06/2010 (TTindall)

Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
-=E.O.F=-

A:HTTPS Tidserv Request 2

Hello, Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download li... Read more

Read other 14 answers
RELEVANCY SCORE 62

Every half hour or so my norton tells me they have blocked "an intrusion attempt by 94.228.209.145 was blocked Application Path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SCHOST.EXE

The Risk Name is HTTPS Tidserv Request 2

Ive initially ran Malwarebytes and it found and removed infected items.

Any search for the risk name at google directed me to a nongoogle search page.

I was able to go to the google results by copying shortcut and pasting into a new tab. I found instructions to use SDfix and Smitfraud ive done them successfully but still getting the attack warning.

I need help getting this off of my computer so I wont be attacked.

Thanks for your help. Let me know what I need to do.
 

A:HTTPS Tidserv Request 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:40, on 2/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\nick\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging... Read more

Read other 1 answers
RELEVANCY SCORE 62

Hello im a complete computer dunce and really need some help.my norton has been telling me that it keeps blocking traffic or something. its says soemthing like HTTPS tidserve request blocked.While searching google i found this website and am hoping you can help me.I am currently on my moms laptop and have my laptops wireless switched off (friends advice)I have scanned with Norton, AVG, malebytes (or something like that) windows malicous software removal tool.Only AVG came up with anything and this didnt solve the problem.I have run DDS and tried to run GMER but it stops runnign and crashes.here is the DDS report.DDS (Ver_10-03-17.01) - NTFSx86 Run by Currys at 22:32:53.32 on 22/04/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.1790.1103 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32&#... Read more

A:HTTPS Tidserv request

Ok this should be a more simple request. i have decided to wipe everything off there and make it a fresh laptop.I no longer have any of the CDs for this laptop though.Is there a way to reformat and re-install without CDs?Or shall i buy a new install CD?

Read other 3 answers
RELEVANCY SCORE 62

I run Windows Vista on a HP Pavillion dv7 Notebook. I also have payed for Norton Anti-Virus. Recently i've been getting pop-up warnings from Norton saying that i have a high security risk called a HTTPS Tidserv Request 2. I'm being attacked from ikaturi11.com and the traffic description is TCP, https.

'An intrusion attempt by ikaturi11.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE'

Norton says that the attack was blocked and that no action is required. However, i think i know that the problem is that i have a trojan which is trying to connect with a server from my computer? I don't know how to detect or clear the malware on my computer, which i'd very much like help with please.

A:HTTPS Tidserv Request 2

Hello, I removed that reply as I feel we can fix it like this. Let me know.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you

do not see the file extension, please refer to How to change the file extension

.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o... Read more

Read other 11 answers
RELEVANCY SCORE 62

Many many apologies for reposting this here. I initially posted this issue in the wrong forum so I am trying to correct my mistakes. (It helps when you read the Prep Guide, *note to self -RTFM!)Hey all,New to this forum and am looking for some help. It seems my father-in-law was downloading (or attempting to) and clicked something else, and presto chango...I've got a bug. Norton keeps telling me its blocking attempts from 112.121.181.86 or 61.61.20.132 and the risk name is HTTPS Tidserv Request 2. I initially ran a full system scan and it found two instances of W32.Uruy.A and quarantined them. Although that was handled (not sure if they are related), I am still getting those HTTPS Tidserv attempts being blocked. I have browsed this site and seen the help that has been provided for others regarding this matter and figured I would give it a shot as well. Thanks for the help.... *Again, my apologies for double posting this*DDS (Ver_10-03-17.01) - NTFSx86 Run by Shana-Marie at 13:35:04.77 on Sat 04/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.113 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32... Read more

A:HTTPS Tidserv Request 2

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,ExtremeboyHi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For you... Read more

Read other 2 answers
RELEVANCY SCORE 62

Please Help!

Norton 360 keeps coming up with the following message:

Severity - High
Activity - An intrusion attempt by d45648675.cn was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE
Risk Name - HTTPS Tidserv Request
Source Address - 91.212.226.60
Traffic Description - TCP, https

It has made my computer really slow and when on the internet it diverts links to random websites.

These alerts are happening every half and hour or so.

Thanks in advance for your help.
 

Read other answers
RELEVANCY SCORE 62

Greetings ,My norton anti-virus keeps on comin up every ones and a while ( pretty often i must say ) with intrusion attemps from https tidserv request 2. I scanned my pc with Norton and malwarebytes they both came up with issues , deleted them , but that does not seem to have fixed my problem !! Hoping you guys can help !!Sorry if i didnt post any reports .... here is my dss and for gmr i really tried its askin my pc too much.Merged posts and removed redundant content. ~ OB

A:https tidserv request 2.

QUOTE(goldennbp @ Jun 24 2010, 12:12 PM) Greetings ,My norton anti-virus keeps on comin up every ones and a while ( pretty often i must say ) with intrusion attemps from https tidserv request 2. I scanned my pc with Norton and malwarebytes they both came up with issues , deleted them , but that does not seem to have fixed my problem !! Hoping you guys can help !!Sorry if i didnt post any reports .... here is my dss and for gmr i really tried its askin my pc too much.Merged posts and removed redundant content. ~ OBDelete probleme solved

Read other 2 answers
RELEVANCY SCORE 62

Hi, all,Hope I can get some help removing this from my computer. I'm running Windows XP on my machine.Yesterday, I got one of those nasty fake antivirus malware attacks. I was able to restore the machine to an earlier point and things seemed to work okay. I set about looking to remove the malware entirely, but soon started getting messages that Norton was blocking worm attacks. A typical message:Details: Attempted Intrusion "HTTPS Tidserv Request 2" against your machine was detected and blocked.Intruder: 91.212.226.67(https(443)).Risk Level: High.Protocol: TCP.Attacked IP: DEFAULT-YB2SU9S(192.168.1.2).Attacked Port: 1060. Click the address to trace the attacker. My computer starts to get sluggish when these intrusion attempts start, especially if I have any unattended browser windows. Intrusion messages similar to the one above come every 10 to 30 minutes, it seems.I have tried to run a full system scan with Norton, Malwarebytes and Spyware Doctor. All seem to cause my computer to reboot at some point.I followed the instructions on this form to generate the required logs for review. GMER caused my system to reboot after quite a while of a scan attempt. On subsequent attempts, it causes a reboot a couple minutes into the scanning process. I will try again after posting this message and update if I have better success, but I have included what I have.Thanks in advance for any help. Let me know if I should post any further information.KenEDIT: I still ca... Read more

A:HTTPS Tidserv Request 2

Hi KenHR,Welcome to Virus/Trojan/Spyware/Malware Removal forum. If the problem is not resolved update me on the current condition of your computer.Also please run GMER but uncheck all other option except "Sections" (C: drive should remain checked) and post the log. It should take just a few minutes.

Read other 9 answers
RELEVANCY SCORE 62

I get a Norton intrusion attempt warning at least once every ten minutes. "An intrusion attempt by xxxxx.com was blocked. Application path \device\harddiskvolume1\windows\system32\scvhost.exe"Risk name: "HTTPS Tidserv Request 2"What should I do? Thank you.DDS (Ver_10-03-17.01) - NTFSx86 Run by Danny at 17:57:21.96 on Thu 05/27/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.391 [GMT -7:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Citrix\... Read more

A:HTTPS Tidserv Request 2

Hi amkej,Welcome to our VTSMR forum. It is omportant to refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Open your Malwarebytes' Anti-Malware.First update it, to do that under the Update tab press "Check for Updates".Under Scanner tab select "Perform Quick Scan", then click Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Double-click to run TDLfix.exe, type the following in the command window and press Enter:mbrA log file opens up. please post the content to your reply.

Read other 13 answers
RELEVANCY SCORE 62

Hello:I was referred to this part of the forum for help in resolving and removing HTTPS Tidserv Request and HTTPS Tidserv Request 2. A brief explanation of the problem can be found here, as well as the steps I've taken thus far. However, this is what happened:Last Friday, I went to a website and Norton Download Insight detected the launch of something called skxntv.exe. It quarantined the item. At about the time, Norton also logged an unauthorized access attempt. Roughly thirty minutes later, Norton logged an intrusion attempt by an IP address which contained HTTPS Tidserv Request 2. This attempt was blocked. An hour later, another attempt was blocked. If I remember correctly, I may have launched Norton to scan my computer. It detected fifty low level tracking cookies which were deleted.The next morning, I got up and found that I could no longer use my keyboard. I found a code 38 error in the control panel section for the keyboard. After numerous attempts at rebooting and reinstalling the driver, nothing seemed to work. This went on until Monday morning when I discoverd my keyboard was working again. In between all of this, I researched what could be causing the keyboard to stop working. I have a Nintendo Wii with internet access and an Opera browser, so I used that to do my research. I discovered that one of the causes could be a virus. At some point, these forums were mentioned and that was when I made my first post.For the last few days, I've had my keyboar... Read more

A:HTTPS Tidserv Request and HTTPS Tidserv Request 2

Hi arc14716,Welcome to VTSMR forum. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) as long as we are not done. Doing that might interfere with our fixes.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Double-click to run TDLfix.exe, type the following in the command window and press Enter:mbrA log file opens up. please post the content to your reply.

Read other 9 answers
RELEVANCY SCORE 62

hello i followed the steps discussed in the following topic http://www.bleepingcomputer.com/forums/t/310102/https-tidserv-request-2-infection/ to remove the HTTPS Tidserv Request 2 trojan virus and following file is generated . i am uploading the same for further help.thanks in advance.

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 8 answers
RELEVANCY SCORE 62

Okay, so Norton keeps telling me that it's blocking an attack on my computer call "HTTPS Tidserv C and C Domain." I also have a problem with my Google links redirecting so I think it might be related to this threat.

I just got rid of Internet Security 2010 an hour or so ago using Malware Bytes if that counts for anything. My computer is running faster back I can't seem to shake off this "attempted back door" attack. There has to be something wrong since my goggle links keep redirecting.

Any help is appreciated.

A:HTTPS Tidserv C and C Domain???

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

Read other 11 answers
RELEVANCY SCORE 62

Hi,

I've been noticing Norton security alerts lately, all notifying me of 'an intrusion attempt by 19js810300z.com'. I've heard about this before but my browser hasn't been redirecting me to any fake pages, and the only off thing I've noticed is that my computer runs a little slowly (rarely), i.e. lags when typing in firefox.

Read other answers
RELEVANCY SCORE 62

For a few days now I have been getting alerts from Norton AntiVirus that look like this:I ran multiple full system scans with Norton and then using Malwarebytes' Anti-Malware but they did not find it. When I tried doing the gmer scan, my computer kept shutting down after a few minutes so I was not able to finish and attach it. Also, when on the internet I started getting popups for various spam websites that is probably related since it started at the same time. Also, I tried to do a system restore but I tried all of the recent save points and it said that it couldn't be restored to any of those dates.Thanks in advance!DDS (Ver_10-03-17.01) - NTFSx86 Run by RUStudent at 15:40:04.57 on Sun 05/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1181 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS&... Read more

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

Read other 16 answers
RELEVANCY SCORE 62

About a week ago, Norton has been telling me about attacks made to my computer. I'm thinking its just a regular intrusion attempt until they statred happening more frequently.Every 10 to 30 minutes I would keep getting the same message about how Norton has blocked this intrusion attempt. While looking at the histroy I found out also that not only I'm being attacked by the HTTPS request2 trojan but also the 1st HTTPS request. I've read other people's forum post with the same problem and I'm afraid as well thats getting around my firewall. I tried scanning it but like many other who did, norton didnt find anything. Can somebody help me on what I need to do get rid of it? Thanks in advance. This is very troublesome. So far my computer has trouble going into hibernate and the arrow vanishes has been running slower. Nothing too big yet still worried.DDS (Ver_10-03-17.01) - NTFSx86 Run by Cheryl Underwood at 0:11:05.43 on Sun 06/13/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.202 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDO... Read more

A:HTTPS tidserv reqest 1 and 2

Hi vades2,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please update me on the current condition of your computer.

Read other 7 answers
RELEVANCY SCORE 62

I'm not sure if this is the right section to post in, but I keep getting Norton warnings that "A recent attempt to attack your computer has been blocked." Most of the time, the attack is called "HTTPS Tidserv Request" or something similar. About 4 days ago, while searching google images, IE froze for a second. Something asked for permission to run, and I thought it was a program I recognized so I clicked "Allow". Soon after, Norton spammed me with warnings about things trying to attack my computer.I did a scan, but it detected nothing. After giving up, and being annoyed, I searched google about the attacking URL. A few times, I was redirected to random advertising sites. But it hasn't happened many times. I found out that many people were having the exact same problem, but I couldn't find a solution simple enough that I could understand. I system restored my computer in safe mode, to a date where I did not have this problem. But after a few hours, I began to be attacked again by the same URL's.I've read many threads about this and came to the conclusion to make my own, despite it being a bit confusing to me. I'm hoping this problem can be fixed soon, because I do not know what this infection is doing to my computer, and that scares me. I'm not very good at computer things at all, but here are the DDS and HijackThis logs..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:09:35 PM, on 4/12/2010Platform: Unknown Win... Read more

A:HTTPS Tidserv Request pop-ups

I'm not sure if I forgot to post another log..? Or did I do that right.

Read other 58 answers
RELEVANCY SCORE 62

Help, I keep getting notifications from Norton Internet Security of recent attempts to attack my computer. It comes up as: "HTTPS Tidserv C and C Domain Request"

I also keep getting redirected in firefox while doing internet searches, to various Chinese websites, and ad sites.

Suggestions?

-John

A:redirects and HTTPS Tidserv

Hello cwr56 and welcome to Bleeping Computer! My username is swagger and I'll be helping you. Please read and follow the entire set of instructions below:::MBAM::Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The... Read more

Read other 1 answers
RELEVANCY SCORE 62

Ive been getting that error... Plz help.

A:HTTPS Tidserv Request 2

Hello and welcome..Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM ... Read more

Read other 1 answers
RELEVANCY SCORE 62

I have tried several malware removal programs (Malwarebytes Anti-Malware, Spybot S&D, SUPERAntispyware) and cannot seem to shake whatever is on my system. A fake AV software will load and cause me to be unable to load any other programs or windows (I have to do a hard restart to get moving again). Please help!DDS (Ver_10-03-17.01) - NTFSx86 Run by dgray at 8:47:31.98 on Thu 07/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.274 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\CA\SC\CAM\bin\cam.exeC:\Program Files\USFC\VPN Client�... Read more

A:HTTPS Tidserv Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 31 answers
RELEVANCY SCORE 62

Norton 360 keeps on coming up with a message saying that it is blocking an intrusion attempt. The risk name is HTTPS tidserv request 2. The attacking computer changes and there is at least two device path. When I attempt to run GMER the computer crashes and restarts. I am using Windows Vista Home Premium Service Pack 1. DDS (Ver_10-03-17.01) - NTFSx86 Run by Johnson Yen at 3:53:42.77 on Sat 05/29/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_02Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3006.963 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Cox\InstaLAN\AffinegyService.e... Read more

A:HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 15 answers
RELEVANCY SCORE 62

Hi - Similar to another poster, my Norton continues to pop-up with an alert re: blocking an "intrusion attempt by lj1i16b0.com was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE". I ran a Norton scan and it 'fixed' several Trojans and it says my computer is clear. But I?m still receiving attempted intrusion attack notifications from Norton , like before, which it says it blocked. However, when I do searches my pages are begin re-routed now too. I ran the Rootkit Unhooker and the report is below. What should I do next?RkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #2==============================================>Drivers==============================================0xA98BF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4923392 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)0xB60A0000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4620288 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)0xBF185000 C:\WINDOWS\System32\ati3duag.dll 3207168 bytes (ATI Technologies Inc. , ati3duag.dll)0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)0x804D7000 PnpManager 2150400 bytes0x804D7000 RAW 2150400 bytes0x804D7000 WMIxWDM 215040... Read more

A:HTTPS Tidserv Request 2

Good evening. Will you go here, follow steps 6, 7, and 8 and post accordingly.

Read other 2 answers
RELEVANCY SCORE 62

Hello - need help on a virus removal - Nortons is detecting an intrusion attempt ~every 30 mins that it identifies as "HTTPS Tidserv Request 2". Norton detects the intrusion attempts and also detects "Backdoor.Tidserv.l!inf", but doesn't offer any effective removal instructions. Malwarebyte scans run clean. TDsskiller scans find my 'iastor' driver is infected by TDSS rootkit, but several attempts to remove on reboot have failed.DDS logs and GMER log follow:DDS (Ver_10-03-17.01) - NTFSx86 Run by Kevin Fredrich at 10:13:56.65 on Thu 05/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1366 [GMT -5:00]AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:\Program Files\Privoxy\privoxy.exeC:\Pro... Read more

A:HTTPS Tidserv Request 2

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end. Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

Read other 20 answers
RELEVANCY SCORE 62

Norton keeps popping up that it blocked something called "HTTPS Tidserv C and C Domain." It seems to attack my computer every 15 minutes or so. What can I do to get rid of it?Another problem is that everything I search for in Google gets redirected to random sites. All help is appreciated. LINK to original threadDDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Jacque at 13:13:40.47 on Sun 12/27/2009Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2047.1202 [GMT -6:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k rpcssC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:Windowssystem32svchost.exe -k netsvcsC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k NetworkServiceC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Windowssystem32svchost.exe -k NetworkServiceNetworkRestrictedC:WindowsExplorer.EXEC:Program FilesWindows Media Playerwmpnscfg.exeC:Program FilesLavasoftAd-AwareAAWWSC.exeC:Program FilesLavasoftAd-AwareAAWWSC.e... Read more

A:HTTPS Tidserv C and C Domain

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 17 answers
RELEVANCY SCORE 62

Hey, was wondering if anyone could help me, Norton keeps popping up in my screen saying that a recent attempt to attack my computer has been blocked. It happens like, every 3 minutes and its getting very aggravating. Norton supplies the IP address of the attacking computer and all so I was wondering if there was ANY way to get rid of this persistent pest.

A:Https Tidserv Request 2

Hello and welcome..Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM ... Read more

Read other 3 answers
RELEVANCY SCORE 62

My norton internet security has been recently blocking intrusion attempts from various sites trying to get to both my svchost.exe and iexplore.exe files. From looking here, I probably have a rootkit problem. I'm totally new at handling this so please be patient with me. Thanks for any help you can give me.

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.sc... Read more

Read other 15 answers