Over 1 million tech questions and answers.

HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Q: HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

Thanks,
Mike
DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewall *Disabled*
FW: Norton Security Suite *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\MCUI32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PPSV\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: mykplan.com\www
Trusted Zone: safetynetrx.org\mail
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ppsv\applic~1\mozilla\firefox\profiles\gvcx576y.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-12-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-12-23 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2011-1-9 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-12-23 501888]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-11-25 86552]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-12-23 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-12-23 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-7 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110112.001\IDSXpx86.sys [2011-1-13 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110113.002\NAVENG.SYS [2011-1-13 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110113.002\NAVEX15.SYS [2011-1-13 1360760]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-11-25 24876]

=============== Created Last 30 ================
==================== Find3M ====================
=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400JD-75HKA1 rev.14.03G14 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89E00EE4]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88636820; SUB DWORD [EBP-0x4], 0x8863612e; PUSH EDI; CALL 0xffffffffffffe10c; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x89EBEAB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x89EF3B00]
[0x89EF3628] -> IRP_MJ_CREATE -> 0x89E00EE4
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD400JD-75HKA1______________________14.03G14#4457572d414d414a353339363831203320202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89E00CE2
user & kernel MBR OK
sectors 78124998 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 12:55:00.43 ===============

RELEVANCY SCORE 200
Preferred Solution: HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on Click on Uncheck this checkbox:
Close/Exit Spybot Search and Destroy2.I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove either Bitdefender Antivirus or Norton Security Suite.3.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.4.Please Run Gmer again and post the resultsThings to include in your next reply::TDSSKILLER logA new Gmer logA new DDS logHow is your machine running now?

Read other 7 answers
RELEVANCY SCORE 166.4

Yesterday I got this threat HTTP Malicious Toolkit Variant Activity 2 and my Norton Internet Security blocked them. I installed Malwarebytes and SuperAntiSpyware, updated them, restarted in safe mode, disconnected from the internet and did a full system scan for both and didnt detect anything. Today I got this threat HTTP SurfAccuracy Config Request.

So I was wondering if my computer is infected with malawares and if someone could give me a hand here.

Any help would be appreciated!

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 AM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\s... Read more

A:HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Hello, gunnersluver
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on ... Read more

Read other 2 answers
RELEVANCY SCORE 154.8

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 152.8

Hi, recently my Norton kept noticing me I'm being under attack from HTTP Nukesploit P4ck Activity under scvhost.exe
I scanned my computer with Norton, NOD32, SUPERantispyware; they all found somethings but the problem didnt improve
Then I used Malwarebytes and it found 2 threats, then norton has not noticed me that message again.
I don't know if my computer is safe or not
here is the log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4948

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

10/25/2010 9:00:06 PM
mbam-log-2010-10-25 (21-00-06).txt

Scan type: Quick scan
Objects scanned: 138543
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\nguyen\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

A:HTTP Nukesploit P4ck Activity

Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.Click the Start button to begin the cleaning process and let it run uninterrupted to completion.TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts including:Administrator.All Users.LocalService.NetworkService.and any other accounts in the user folder.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.Please perform a scan with Eset Online Anti-virus Scanner.This scan requires Internet Explorer to work. If using a different browser, you will be given the option to dow... Read more

Read other 3 answers
RELEVANCY SCORE 152.8

Hi

I have XP pro and today I started to get a warning message from Norton 360 every 2 mins saying attemp to attack you PC was blocked - details say "HTTP Nukesploit P4ck Activity" by SVCHOST.exe - I have turned off system restore and run a full scan and no virus found - warning message still appears every 2 mins - I'm running IE8

Any ideas or suggestions?

many thanks

A:HTTP Nukesploit P4ck Activity

HiI have XP pro and today I started to get a warning message from Norton 360 every 2 mins saying attemp to attack you PC was blocked - details say "HTTP Nukesploit P4ck Activity" by SVCHOST.exe - I have turned off system restore and run a full scan and no virus found - warning message still appears every 2 mins - I'm running IE8Any ideas or suggestions?many thankshere is the N360 error messaage:"an intrusion attempt by PC 11 (my own PC!) was blocked: path: device\harddiskvolume1\windows\system32\svchost.exe""attacker URL: worldhostsdns.com/..........""source address: my own IP address?"Traffic desciption: TCP, Port 3449"many thanks

Read other 2 answers
RELEVANCY SCORE 152.8

I am running Windows xp pro service pack 3, Internet Explorer 8 and Norton internet Security 2010. Had a pop up from Norton saying "a recent attempt to attack your computer has been blocked" upon viewing the details the risk name was found to be HTTP Nukesploit P4ck Activity, with the recommended action being no action required as the status was blocked. The pop up was appearing every three minutes. At this stage the pc would not boot up correctly, it generally took three or four attempts to get it going correctly.Using Norton I carried out a full system scan - the only threats found were tracking cookies - these were removed. Ran live update and carried out a second full system scan - no actions required.Contacted Symantec and explained the problem, I gave them remote access to the pc and after a long winded process of approximately two hours I was told that there was no cause for concern as NIS was blocking the threat. The Symantec guy ran Norton Power Erazer Tool, CHKDSK, and removed all temporary files, whilst doing this he cunningly clicked on the "stop notifying me" button (on the view details panel of the threat) and after a number of restarts claimed to have solved the problem. I told him I disagreed, he got a bit upset so I politely got rid of him.Next day I again had problems booting the pc, I reenabled the notification and the pop up returned. Days later I ran NIS live update again and it quaranteened the virus monmvr32.exe, to date the pop up... Read more

A:HTTP Nukesploit P4ck Activity

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 13 answers
RELEVANCY SCORE 152

Norton Internet Security 2010 stopped HTTP Nukesploit Request twice on Friday, Sept. 24,2010 at 11:59pm. Information on the attack:Risk Name - HTTP Nukesploit Request Attacking Computer - Karen (192.168.1.100,4732Attacker URL - 67.222.8.68.9001/exemple.com/Destination Address - 67.222.8.68,9001Source Address - 192.168.1.100 (192.168.1.100)Traffic Description - TCP, Port 4732The attack was resulted from \Device\Harddisk volume1\Program Files\Internet Explorer\Iexplore.exeI can't upload the 11.6KB ARK file report. It says that the file is larger than the available space. Please help! I think this happened because I tried to upload a photo of the report from Norton. It was to large and it won't let me upload the photo. I'm sorry but I didn't think it would take up room if the upload failed. I hope there is a way to allow me to upload the ARK file.My operating sysytem is Windows XP Professional with Service Pack 3. Thanks,KPhotoDDS (Ver_10-03-17.01) - NTFSx86 Run by KarenB at 21:01:54.68 on Sat 09/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3655.3050 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS ... Read more

A:Infected with HTTP Nukesploit Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 20 answers
RELEVANCY SCORE 151.6

I am continuing to get popups from Norton Internet Security indicating that "A recent attempt to attack your computer has been blocked" with details "HTTP Tidserv Request" and "HTTP Tidserv Request2". I saw a post from xander34 (topic 321701) a few days back, I have the same type of symptoms. I rebooted in non-network safe mode and used both MalwareBytes and Super AntiSpyware. Both those programs and also Norton said that they removed the program, but it still persists. Still get the Norton warning about every 45 minutes or so.So far no other symptoms. Natually I have backed up all data and also am doing no sensitive operations on the internet other than getting email and facebook and thus providing passwords for both --??Norton Details indicate that the attack typically comes from IP 91.212.226.67 or 202.157.171.207 but also occasionally others.I have attached the dds and gmer logs (dds, attach and ark.txt) as per your instructions.Thanks for your help, you have a very nice site. Any help you can give is of course greatly appreciated! I await your insight. I have read pretty nasty things about these rootkit infections, so I am hoping you can help.-- MurrayDDS (Ver_10-03-17.01) - NTFSx86 Run by mlow at 11:06:25.80 on Sun 06/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.329 [GMT -7:00]AV: Norton Internet Security *On-access scanning enabled* (Updated)... Read more

A:Rootkit Infection HTTP TidServ Request/Request2

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 10 answers
RELEVANCY SCORE 149.6

My system is showing this warning
"HTTP Nukesploit P4ck Activity detected [SID:23363]"
 

Read other answers
RELEVANCY SCORE 149.6

Cant seem to get this thing out. Ive scanned it multiple times and after doing some googling on it ive found out that someone is trying to hack me with it. First occured two days ago and norton keeps popping up every 3 minutes and telling me its blocked it from sending info to worldhostdns.com. I really need some help getting rid of it.

A:HTTP Nukesploit P4ck Activity hiding in scvhost.exe

Ok I just ran malwarevyte and it took off 3 infected files. Restarted and norton hasn't alerted to nukesploit yet so I hoped I got it. I'll post the log in a few.

Read other 8 answers
RELEVANCY SCORE 149.6

Hello - Have a laptop running Windows Vista Home Premium 6.0Symantec enpoint protection. Antivirus didn't find anything, but every 2-3 minutes, the following message pops up:Symantec Endpoint Protection[SID:23363] HTTP Nukesploit P4ck Activity detected.Any ideas?Attaching:DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by bcamut at 20:07:54.78 on Sun 08/29/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1991.734 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Windows\system32\svchost.exe -k ... Read more

A:Infected with"HTTP Nukesploit P4ck Activity detected."

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 10 answers
RELEVANCY SCORE 149.6

Yesterday I started seeing a consistend message from my Symantec Endpoint Protection stating
"[SID: 23363] HTTP Nukesploit P4ck Activity detected."

From the Symantec Client Management Security Log, the event type is happening every 3 minutes has a critical severity trying to connect to Remote Host 212.78.230.8 (event type is Intrusion Prevention)

Further info on this problem is:
[SID: 23363] HTTP Nukesploit P4ck Activity detected.
Traffic has been blocked from this application: C:\WINDOWS\system32\svchost.exe

Data from this is (copied from Symantec log)
0000: 43 5B 00 00 : | C[..

I've downloaded all the latest programs and data to run a full virus scan, Spybot Search and Destroy, CC Cleaner, and Malwarebytes Anti-Malware. Nothing has changed the fact that I still receive this message (and log entry) every 3 minutes.

Per Form rules, I am attaching various logs below. Thank you in advance for help in this matter.

Hijackthis.log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:07 AM, on 10/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\... Read more

A:Help with [SID: 23363] HTTP Nukesploit P4ck Activity detected.

Does anyone have any idea how to help with this issue? While my virus scan seems to be blocking data going to the intruder, I really don't want my system trying to connect in the first place.
 

Read other 1 answers
RELEVANCY SCORE 146.4

HTTP Fake Antivirus Install Request 4Intrusion Attempt - High Risk - BlockedNetwork Traffic - 69.42.67.204 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\INTERNETEXPLORER\IEXPLORE.EXEHTTP Malicious IFrame Image RequestIntrusion Attempt - High Risk - BlockedNetwork Traffic - 89.248.179.94 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\MOZILLA\FIREFOX\FIREFOX.EXEDo these events require investigation. Is my system clean.No unusual behavior to report.(May I run DDS and GMER from any user account)Edit > I was pointed to Bleeping by the Norton Community Forum. The Severity Risk for both Attempts is HIGH. HIGH is very unusual for me and Norton wanted me to investigate further at BC as to maybe Rootkit got in DDS (Ver_10-03-17.01) - NTFSx86 Run by BJMS at 17:18:36.39 on Thu 06/03/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1709 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\... Read more

A:HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

bjm_ OP edit I hope my post to Norton Community Forum does not violate bleepingcomputer rules. I did not follow any instructions @ Norton Forum...other than "go to bleepingcomputer" to investigate / post Topic re this issue. ThanksEdit > Does bleeping send automated response by email that my Topic has been received .... and to wait for reply ....and what if no reply after X days ? Expected automated response Topic received with what to do if no reply after X days...understand Forum gets swamped ... just don't know if after 100 reviews I should have received automated response or any response or just too soon. Only one day...so may be too soon for even automated response.

Read other 31 answers
RELEVANCY SCORE 136.4

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 134

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 126.4

I am using Norton 360 on an HP running Windows XP I think SP2. I started getting false infection alerts that I recognized immediatly. A friend was able to remove some of the viruses but not all. At one point when I went to google, I would be redirected to some other site when selecting one of the results. Currently I am getting a message from Norton about every few minutes stating that an intrusion was blocked with the following information: An intrusion attempt by 91.212.226.59 was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXEI also get another alert from Norton: Trojan.Zefarch!gen detected by Auto-ProtectI have followed all of the instruction in the guide before using malware.DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Owner at 22:04:35.14 on Fri 06/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.175 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobil... Read more

A:HTTP Tidserv Request2 & Trojan.Zefarch!gen

Hi DuckDog74,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 14 answers
RELEVANCY SCORE 125.2

IssueWhen using Firefox, I keep encountering a pop-up message from Norton informing me that a recent attempt to attack your computer has been blocked. I view details of the attack and it names it either as a HTTP Tidserv Request 2 or HTTP Tidserv Request. The browser also redirects me to different sites when selecting google search results. Firefox sometimes crashes for no reason and the PC sound has disappeared as well. ActionsI have run a Fully System Scan using Norton twice. It is only picking up cookies after the system scan is complete. I also ran BitDefender scanner and nothing was picked up. I was able to find this site and it looks like a lot of members were able to help on issues such as mine so might as well give it a try. I've read the guidelines for requesting help and followed it to the best that I can. The DDS.txt is below and I have also attached the Attach.txt. I tried running the GMER program twice using the links in the guidelines but a blue screen always appear with the following message.PAGE_FAULT_IN_NONPAGED_AREATechnical Information:STOP: 0x00000050 (0x9973AB30, 0x00000001, 0x99478FA6, 0x00000000)I tried a third time by getting GMER directly at its web site and saving it with a different name but it still did not work. A blue screen still appeared.DDS (Ver_10-03-17.01) - NTFSx86 Run by Meyrick Mataac at 21:39:52.82 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.... Read more

A:PC infected with malware - HTTP Tidserv Request 2, HTTP Tidserv Request,

Hi parokyano,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 28 answers
RELEVANCY SCORE 125.2

Hi.I'd really appreciate some help here.4 days ago, I started to get the following messages from my Norton:Network traffic from 213.163.89.104 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXENetwork traffic from 60.12.117.145 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENetwork traffic from a57990057.cn matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENorton identifies the first one as HTTP Tidserv Request and the next two as HTTP Tidserv Request 2 respectively.It blocks those attempts but won't let me take any action to remove (says no action required).I've run DDS and downloaded GMER. Tried running GMER several times but it only gets as far as the devices and then freezes my computer. I have to unplug it just to restart it.Also, I have Firefox, Google Chrome, and Internet Explorer on my Computer. At random times, new tabs in these browsers will automatically open taking me to sites advertising products and Congratulations! You are the 1,000,000th visitor or something like that. Click here to claim your prize.No matter which search engine I use in any of these browsers, when I click on a search result, it does the same thing as stated in the previous pa... Read more

A:Infected with HTTP Tidserv Request and HTTP Tidserv Request 2 and can't run GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other 12 answers
RELEVANCY SCORE 117.6

I followed the instructions given for those experiencing "Win Min" problems. However, they are different problems, and I was upset to find that this morning everything was as screwed up as before.this http://searchweb2.com hijack reasserts itself as the starting page everytime it's changed, and sometimes crashes new windows. The instructions said something about a scanlong, and I assume that's a HijackThis scan (searching my harddrive for "scanlog" didn't turn up anything). As such, here's what HijackThis turns up.

Logfile of HijackThis v1.98.0
Scan saved at 8:12:15 AM, on 8/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\... Read more

A:Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

Read other 7 answers
RELEVANCY SCORE 117.6

Once again, the kids have got onto something. My home page keeps being redirected to http://mysearchnow.com/passthrough/index.html?http://www.google.com/. Can someone check my hijackthis log? Thanks in advance.

ogfile of HijackThis v1.97.7
Scan saved at 1:21:38 PM, on 10/07/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PLAY ANTI SEEK\IDOLDEAD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACK FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F... Read more

A:hijacked by http://mysearchnow.com/passthrough/index.html?http ://www.google.com/

Read other 9 answers
RELEVANCY SCORE 117.2

After putting an usb drive that i use for printing avast started notifyng me of wscript.exe  trying to access this sites: (http://etpsoprc.ru/a/, http://specrtop.org/a/).
 
i dont know what to do and i cant initiate a lot of the cleaning tools mentioned on other sites. any help will be aprecciated.

A:problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500601 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 116

This is one of the pop-ups that I consistently have. The following is my log file. Every time my internet explorer loads, it pops up. I hardly every use it - I mostly use Mozilla Firefox. I also get a popup from Smashhits, but I don't know the url to that one. Thanks for your help!



Logfile of HijackThis v1.99.1
Scan saved at 5:58:24 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alarm\AlarmMonitor.exe
C:\Program Files\Alarm\Alar... Read more

A:http://newads1.com/cmapp/zx-adredirect.php?target=http%3A

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 116

Hi, When i am trying to record and web application which is launched on Sharepoint i have below scriptweb_custom_request("ProcessQuery",         "URL=http://vc1cgr01cgi006:9090/_vti_bin/client.svc/ProcessQuery",         "Method=POST",         "Resource=0",         "RecContentType=application/json",         "Referer=http://vc1cgr01cgi006:9090/Lists/DSPortalBase/Home.aspx#",         "Snapshot=t2.inf",         "Mode=HTML",         "EncType=text/xml",         "Body=<Request xmlns=\"http://schemas.microsoft.com/sharepoint/clientquery/2009\" SchemaVersion=\"15.0.0.0\" LibraryVersion=\"15.0.0.0\" ApplicationName=\"Javascript Library\"><Actions><Query Id=\"23\" ObjectPathId=\"2\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query><Query Id=\"24\" ObjectPathId=\"5\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query></Actions><ObjectPaths><Property Id=\"2\" ParentId=\"0\" Name=\"Site\" /><Property Id=\"5\" ParentId=\"... Read more

A:HTTP Status-Code=403 (FORBIDDEN) for "http://vc1cgr01cgi006:...

hi ! Same problem here, have you find a solution?

Read other 6 answers
RELEVANCY SCORE 114

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:48 PM, on 11/13/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exec:\PROGRA~1\mcafee.com\ag... Read more

A:Getting re-routed to http://alphawipe.com/ and http://destroytracks.com/

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 12 answers
RELEVANCY SCORE 109.6

i have a problem call redirect virus in my firefox need help i try everything

A:Need Help Removing Scour (http://63.209.69.107, http://8.26.70.252)

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 26 answers
RELEVANCY SCORE 109.6

Hi,

One of my sites had a virus (code injection) but I have managed to remove it.:

http://www.gavindouglasfashion.com/

However, on Google webmaster tools there is a message saying that it is still present on http://gavindouglasfashion.com/ (i.e. without the www. after the two slashes //)

Is anyone able to advise as to how I can resolve this as there is no virus present any more but I can't get a successful review from Google.

Thanks.

Read other answers
RELEVANCY SCORE 108.4

I cannot log onto MSN Texas Holdedm or MSN Bridge. I am using msn vista home edition. Each time I get the message "HTTP bad request". "this page cannot be found". "there might be a typing error" "if you clicked on a link it may be out of date"
 

Read other answers
RELEVANCY SCORE 108.4

Hi, I have an annoying problem with internet, the error is HTTP 400 Bad requestI am surely infected by downloading stuff from Limewire, music, videos, etc.Can you help me please?...This is the Hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:19:36 p.m., on 14/05/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Windows Live\Family Safety\fssui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.... Read more

A:Http 400 Bad Request

Hello Momentum. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.If you still would like help, please follow the following instructions: Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one w... Read more

Read other 1 answers
RELEVANCY SCORE 108.4

Can anyone help me everytime i log into either ebay or hotmail its always comes up http/1.1 bad request or http1.1 internal server error i'm not great with coms so if someone could explain in detail what to do i doin't seem to have any problem logging into any other sites i think its just secure ones ant help would be greatly appreciated
thanks

Seamus

Read other answers
RELEVANCY SCORE 108.4

When I go logging in into hotmail I get this error -HTTP 400 Bad Request- It does not only happens with hotmail, it also appears on some other websites too.

I run on Windows Vista Home Premium 32Bit
Can anyone please give me some help? What to do?
it also happens when I go to you tube i only can play videos that appear in the home YouTube page, but it wont allow me to search videos as I'd get the error.

I can login into gmail and chech my email but when I logout the error comes up again.
It also happens in so many other websites most of which I cannot even remember, but in example some of them displays the whole site but in some windows within the site it displays the error too.
I have done a System Restore but it didn't help.

My browser is Windows Internet Explorer
I have deleted all my cookies and temp files too
I've done a full antispyware & antivirus scan. Only the antispyware found 3 threats that it corrected itself without any problems. Antivirus did not found anything, all ok.

I have downloaded and installed the latest java.

The problem is still there though...

I must mention that my computer has become so slow lately. I also have some other problems I've could never get rid of:

-Internet Explorer has stopped working
-Windows Explorer has stopped working

These 2 above could happen anytime especially if I switch between screens or download something new I think

And recently, when starting my machine:

-Application failed to initialize pro... Read more

A:Http 400 Bad Request

Hi; I suggest you ARE infected; whcih is your installed antivirus program and can you please name your other protection programns?you use Limewire ? if you seek help on cleaning you will need to remove it as there is little point in running cleaning programs while you continue to download most probably infected materials via a P2P program can you please run this tool which is vista compatible if the computer will let you ; it can give us a clearer picture of what is on the computer infection-wise do you have your computer cd and licence key to hand if you do need to do a reformat? Superantispyware; guide on how to install and run If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ; Installing superantispywareSuperantispyware is found here http://www.superantispyware.com/index.htmlDownload to the Downloads folder the free exe to superantispyware from herehttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREEyou install superantispyware by clicking on the icon in the downloads folder ; it will launch the installation process; follow the instructions and I suggest you ask for a default installation ; ensure it creates a desktop icon for you ;once the program has been installed it should ask you if you wish to update the program ; say YES if it does not ask you , you need TO fully update the definitions by opening the program and find the ?check for updates ?tab in the bottom left of the... Read more

Read other 5 answers
RELEVANCY SCORE 108.4

I keep getting these errors when I go to sites I frequent (and as of 2 minutes ago, one that I dont any more thanks to Windows Live Mail). I will browse to the site, then I'll come back a little while later and the error will pop up and sometimes it takes all day for it to go away. I've never had this happen before. It just started happening when I cleared out my cookies and my temporary internet files while trying to set up my new router.

I use IE 8.

How do I get them to stop? And how do I fix them?

A:IE HTTP 400 Bad Request

  
Quote: Originally Posted by ACWN


I keep getting these errors when I go to sites I frequent (and as of 2 minutes ago, one that I dont any more thanks to Windows Live Mail). I will browse to the site, then I'll come back a little while later and the error will pop up and sometimes it takes all day for it to go away. I've never had this happen before. It just started happening when I cleared out my cookies and my temporary internet files while trying to set up my new router.

I use IE 8.

How do I get them to stop? And how do I fix them?


A simple google of the error return the explanation and fix. I just chose this as an example. HTTP Error 400 Bad request Explained

Good Luck

Ken

Read other 9 answers
RELEVANCY SCORE 108.4

can someone please tell me how to fix my firefox. every time i go to a site like blackplanet and click on enter it takes me to Http/1.1 bad request. my lil brother showed me something and it said alot of disallowed key or characters. so please if u know anything about this oh i'm running it with windows vista by the way if that helps. please if u can help email me at [email protected] thanks.

Read other answers
RELEVANCY SCORE 108.4

I can not connect to Chase.com. I get HTTP 400 Bad request.
> My PC has been unplugged for one month,it worked fine before.
> I can connect to ALL my favorites,except Chase.com.I even typed it into my
address bar.
> I even down loaded IE8 again.
I tried to do a restore and it won't let me?
> It will work with Fire fox.
XP SP3
> What could have happened?
> Phil

A:I get HTTP 400 Bad request

Being a banking site, chase.com uses SSL encryption. What happens when you go to other SSL sites such as this one - https://encrypted.google.com/

Read other 3 answers
RELEVANCY SCORE 108.4

Hi, first my apologies if I'm posting in the wrong place!

When using ebay and only when trying to create a new listing, browsing is fine I keep getting an error message Http 400 bad request, I've visited several websites and fact pages etc and am now baffled!

I've tried all the simple suggestions I could find, deleting cookies etc and running spybot S&D, Ad-Aware and Anti Malware ..... nothing works although immediately after running spybot S&D occasionally it will let me list one item!

My question is, can I fix it? having very limited knowledge I'm scared of doing more damage than good and not being able to follow instructions anyway! so, would I be better off flinging this thing through a window and getting a new one? or sending it to a professional, I dont want to spend money on a computer expert having been ripped off in the past!

Any help or advice would be very gratefully received!!

A:Http 400 - Bad request, help!! ??

hello,
did this problem just start? (it may be an ebay issue)
what browser are you using? (try a different browser. ie, chrome or firefox)
do you have access to another computer to see if its the computer in question ?

good luck!

Read other 5 answers
RELEVANCY SCORE 108.4

A week ago I started getting "http 400 bad request" error messages using Internet Explorer 8. I downloaded the latest version and installed it, with no change in results. I also installed Firefox, which has no problems with the exact same addresses. Google seems to work fine and I can go to any addresses Google finds. I reset IE8 and cleared cookies and history. A full scan with my antivirus did not find anything. I am out of ideas. I searched the forums here and did not find anything relevant. System is XP sp3. This started after my son (age 9) was using the computer, but he claims (of course) he didn't change anything.

Any help is appreciated. Thank You.

Bill Clapper

A:http 400 bad request

Welcome to TSF

Go to Control Panel, Add or Remove Programs and uninstall IE8. Reboot the computer and then try connecting using IE7. Let me know the results plz

Read other 8 answers
RELEVANCY SCORE 108.4

What is that?

I am trying to go to www.transportforlondon.gov.uk.

I am on their site trying to get to their journey planner but when I click on the darn thing to get the journey planner up the page displays HTTP/1.1 400 Bad Request with Mozilla and HTTP 400 Bad Request with internet explorer.

Can some one please explain to me what is happening?
 

A:HTTP/1.1 400 Bad Request

Read other 15 answers
RELEVANCY SCORE 108.4

I have a PC that has Windows XP SP2 on it. It had IE6 on it and started giving the 400 error for any website that I visited. I installed Ad-Aware and had Avast running on the PC. I cleaned up all the Malware on the PC and Avast didnt find any viruses. I installed Kaspersky and that found a couple Trojans that got deleted.

I updated to IE8 and still have the same issue. I disabled the firewall and still no go. I installed Firefox and that works just fine. Now I'm stumped.

Any help/ideas would be appreciated.

A:HTTP 400 Bad Request

Hi,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results butto... Read more

Read other 16 answers
RELEVANCY SCORE 108.4

Quite often when clicking on an item in ebay.com.au I get this > Http/1.1 Bad Request < come up. Doesn't always happen but can't find out why. It does the same thing in IE, Firefox, and Opera. Running WinXP [email protected] all updates.
Is it something wrong with my computer or something wrong at ebay.
I can't seem to find anyway to contact ebay either. Anyone know how to fix this?
I haven't as yet tried it at another computer or tried it on my OSX 10.4

A:Http/1.1 Bad Request

welcome


Quote:




I can't seem to find anyway to contact ebay either




you have a better chance of winning lotto

anyway, go to internet options in your control panel - go to the advanced tab - click on restore defaults at the bottom

post back

Read other 7 answers
RELEVANCY SCORE 108.4

i'v just installed a new pc with win xp sp2 and ie 7.

for some reason when i try to log on to facebook or when i try to browse gmail i get an error: http 400 bad request. (i believe it happens on other sites as well, but not all)

i'm sure it's not a network problem because it's a laptop and it didn't work at public places.

i have insalled mozila firefox and it works - but still is there a way to resolve he problem??

A:http 400 bad request

try this

http://support.microsoft.com/kb/826437

Read other 1 answers
RELEVANCY SCORE 108.4

Hi folks
I'm having all sorts of problems with my computer right now - please see my separate postings under Windows xp. I think a trojan or worm has invaded my computer because I am now getting a HTTP 400 - Bad Request window whenever I go on any site to try and deal with the virus problem. I can't even renew my mcafee subscription because I'm getting the same window for their site. All the sites which say they can deal with the http 400 bad request problem don't work because I get the same message when i click on the links to resolve the problem. Any ideas?

A:HTTP 400 - Bad Request

Welcome to TSF

Sorry to hear your having so much trouble. The security team can help you with this. We cannot assist you with this issue here in the Microsoft Support Forum.


Look over these http://www.techsupportforum.com/secu...oval-help.html
If you cannot complete any of the steps for whatever reason, just continue on with the next one until they are all completed, and post your logs in Virus/Trojan/Spyware Help; where an Analyst will assist you. However, it is very important to make mention of any of the steps that you were not able to complete.

After you?ve posted your logs, please be patient, as the Security Team Analysts are very busy.

Read other 1 answers
RELEVANCY SCORE 108.4

After installing the latest Windows updates, IE8 yields an HTTP 400 Bad Request page instead of going to certain websites (my company's webmail page, my credit union's homepage, the MS Windows Update page). Firefox and Chrome do not give the HTTP 400 Bad Request result when navigating to the same pages.

I did a system restore to back to yesterday to undo the updates, and the HTTP 400 error in IE8 went away.

So, here's a "heads up" to all you Windows XP Pro users with Internet Explorer 8.

A:HTTP 400 Bad Request

Thanks, I'm sure that there are some users out there who may have a similar experience.

Louis

Read other 6 answers
RELEVANCY SCORE 108.4

What is that?

I am trying to go to www.transportforlondon.gov.uk.

I am on their site trying to get to their journey planner but when I click on the darn thing to get the journey planner up the page displays HTTP/1.1 400 Bad Request with Mozilla and HTTP 400 Bad Request with internet explorer.

Can some one please explain to me what is happening?
 

A:HTTP 400 Bad Request????

You don't need to post it again. I, and someone else are already providing suggestions in your original thread.
 

Read other 1 answers
RELEVANCY SCORE 108.4

Please help. My computer is constantly being attacked (HTTP Tidserv Request & HTTPS Tidserv Request 2). I do not know how to keep this from happening. I've been letting others use my laptop (my first mistake), and about a week ago this all started happening. Needless to say, I'm concerned as I don't know how much damage these attacks can do. My Norton Anti-Virus/Internet Security has been blocking the attacks, but they come constantly from several attacking IP addresses and URLS. Below please find my dds.txt and attached my attach.txt and gmerlog.log as instructed. Thank you in advance for your assistance, and I look forward to hearing from someone.DDS (Ver_10-03-17.01) - NTFSx86 Run by MY NAME at 20:01:23.87 on Wed 08/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.132 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Progra... Read more

A:HTTP Tiderv Request & HTTPS Tidserv Request 2

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 2 answers
RELEVANCY SCORE 108.4

Norton Internet Security has been reporting that it blocks an intrusion attempt from a variety of addresses and reports the risk name as either HTTP Tidserv Request or HTTPS Tiderv 2 Request. I get a few unrequested webpages, but the main symptom is the warning messages from Norton. In attempting to fix the problem myself, I learned that I can not boot to Safe Mode because my system hangs at amdagp.sys and returns to the "how would you like your computer to boot" screen. I think this is an unrelated problem, but thought I'd mention it.Thanks! I appreciate your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ann Nymous at 23:19:25.80 on Sun 04/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1534 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi... Read more

A:http tidserv request and https tidserv2 request

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.When finished, it wi... Read more

Read other 16 answers
RELEVANCY SCORE 108

HI,

I keep getting an alert about every 10 seconds from norton anti-virus 2006 saying that an intrusion attempt has been blocked.
Norton details the intrusion as 'HTTP LOP toolbar activity'.

I hope someone can help me

Here is my HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:50 AM, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.ex... Read more

A:HTTP LOP toolbar activity

Hi......................

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
[*]First close any other programs you have running as this will require a reboot
[*]Double click NoLop.exe to run it
[*]Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
[*] When scanning is finished you will be prompted to reboot only if infected, Click OK
[*] Now click the "REBOOT" Button.
[*] A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [mpeg heck log link] C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck\grim info.exe

Read other 4 answers
RELEVANCY SCORE 108

About a month or so ago I was infected with some kind of virus that would cause a lot of pop ups and messages telling me to download "WinAntiVirus pro 2007." I downloaded CA Security Center, Avg Anti-spyware, Windows defender and Ad-Adware SE to try to remove this virus. They all somewhat worked and lessened the problem a bit. But I still would get some pop ups here and there and the "WinAntiVirus Pro 2007" message. But running the virus scans seemed to help keep them away for a while until they came right back. Then I noticed I would get an audio coming through the speakers of people talking about politics and such, without me running any progams at all. So I downloaded the Norton Antivirus Trial and ran a scan. It seems that everything is running ok but was left with one problem. Every 10 minutes exactly, Norton warns me of a block made with this message:Risk Name: HTTP QuickBrowser ActivityRisk Level: HighDefault Action: BlockAction Taken: BlockAttacking Computer: DHEARNDestination Address: www.top-banners.com(193.189.93.14,80)Traffic Description: TCP, 1042I'm fed up with my computer being infected with a virus and having no clue how serious it is and what it could do to my laptop. Logfile of HijackThis v1.99.1Scan saved at 11:33:34 PM, on 7/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WIND... Read more

A:Http Quickbrowser Activity?

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ozy87 Copy and paste the following bold blue text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.Then double click on the fix.bat file on your desktopYou'll see a black screen flash,thats [email protected] offsc stop Net Agentsc delete Net AgentRestart your pc.======================Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.======================Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire cont... Read more

Read other 7 answers