Over 1 million tech questions and answers.

HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

Q: HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

HTTP Fake Antivirus Install Request 4Intrusion Attempt - High Risk - BlockedNetwork Traffic - 69.42.67.204 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\INTERNETEXPLORER\IEXPLORE.EXEHTTP Malicious IFrame Image RequestIntrusion Attempt - High Risk - BlockedNetwork Traffic - 89.248.179.94 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\MOZILLA\FIREFOX\FIREFOX.EXEDo these events require investigation. Is my system clean.No unusual behavior to report.(May I run DDS and GMER from any user account)Edit > I was pointed to Bleeping by the Norton Community Forum. The Severity Risk for both Attempts is HIGH. HIGH is very unusual for me and Norton wanted me to investigate further at BC as to maybe Rootkit got in DDS (Ver_10-03-17.01) - NTFSx86 Run by BJMS at 17:18:36.39 on Thu 06/03/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1709 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\TomTom HOME 2\TomTomHOMEService.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\DllHost.exeC:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Sandboxie\SbieSvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Users\BJMS\Desktop\dds.scrC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://news.yahoo.com/page/sitemapuDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptopmStart Page = hxxp://www.msn.comBHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dllBHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLLBHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dllmPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)Trusted Zone: secunia.com\psiHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLNotify: igfxcui - igfxdev.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"================= FIREFOX ===================FF - ProfilePath - c:\users\bjms\appdata\roaming\mozilla\firefox\profiles\8hmdv0vd.default\FF - prefs.js: browser.search.selectedEngine - Norton Safe SearchFF - prefs.js: browser.startup.homepage - hxxp://refdesk.com/FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\coffplgn\components\coFFPlgn.dllFF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\ipsffplgn\components\IPSFFPl.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\users\bjms\appdata\local\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-20 328752]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-20 173104]R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-20 501888]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20100528.003\IDSvix86.sys [2010-5-28 344112]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-20 116784]R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-5-20 339504]R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2007-12-14 5120]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-4-15 617968]=============== Created Last 30 ================2010-06-03 22:07:23 0 ----a-w- c:\users\bjms\defogger_reenable2010-06-01 18:05:21 0 d-----w- c:\program files\Trend Micro2010-06-01 15:28:54 0 d-----w- c:\program files\SpywareBlaster2010-05-27 14:58:58 0 d-----w- c:\program files\NirSoft2010-05-26 16:27:14 2048 ----a-w- c:\windows\system32\tzres.dll2010-05-11 19:54:24 738816 ----a-w- c:\windows\system32\inetcomm.dll==================== Find3M ====================2010-05-29 19:55:43 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2010-05-29 15:48:21 1976 ----a-w- c:\users\bjms\appdata\roaming\wklnhst.dat2010-05-20 22:48:01 86016 ----a-w- c:\windows\inf\infstor.dat2010-05-20 22:48:01 51200 ----a-w- c:\windows\inf\infpub.dat2010-05-20 22:48:01 143360 ----a-w- c:\windows\inf\infstrng.dat2010-05-12 16:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe2010-05-06 04:01:44 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-04-12 22:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll2009-10-28 20:03:40 665600 ----a-w- c:\windows\inf\drvindex.dat2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2008-04-20 23:24:06 22 --sha-w- c:\windows\sminst\HPCD.SYS2009-12-19 19:02:56 16384 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat2010-01-18 18:01:11 16384 --sha-w- c:\windows\temp\cookies\index.dat2010-01-18 18:01:11 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat2010-01-18 18:01:11 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat============= FINISH: 17:19:09.90 ===============
Attach.txt 4.87KB
9 downloads
ark.txt 5.52KB
7 downloads

RELEVANCY SCORE 200
Preferred Solution: HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

bjm_ OP edit I hope my post to Norton Community Forum does not violate bleepingcomputer rules. I did not follow any instructions @ Norton Forum...other than "go to bleepingcomputer" to investigate / post Topic re this issue. ThanksEdit > Does bleeping send automated response by email that my Topic has been received .... and to wait for reply ....and what if no reply after X days ? Expected automated response Topic received with what to do if no reply after X days...understand Forum gets swamped ... just don't know if after 100 reviews I should have received automated response or any response or just too soon. Only one day...so may be too soon for even automated response.

Read other 31 answers
RELEVANCY SCORE 154

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 153.6

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 152.4

Yesterday I got this threat HTTP Malicious Toolkit Variant Activity 2 and my Norton Internet Security blocked them. I installed Malwarebytes and SuperAntiSpyware, updated them, restarted in safe mode, disconnected from the internet and did a full system scan for both and didnt detect anything. Today I got this threat HTTP SurfAccuracy Config Request.

So I was wondering if my computer is infected with malawares and if someone could give me a hand here.

Any help would be appreciated!

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 AM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\s... Read more

A:HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Hello, gunnersluver
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on ... Read more

Read other 2 answers
RELEVANCY SCORE 139.2

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

Thanks,
Mike
DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewal... Read more

A:HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on... Read more

Read other 7 answers
RELEVANCY SCORE 135.6

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.
Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.
Thank you!

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 135.6

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.Below is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Krissy at 16:13:04.32 on 17/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.165 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System3... Read more

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Also, last night, I ran a quick scan on Malwarebytes' Anti-Malware, and it detected "Trojan.Dropper".

Read other 22 answers
RELEVANCY SCORE 134.8

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 128.4

I wanted to check and see if my computer is clean or not. The previous time I had an issue I was getting a constant computer attack blocked message. This time I have only received two (one yesterday and one today). Also yesterday I received a message from Norton about an iexplore.exe. It said I was one of the first users to use the program and suggested I not use it. I chose the option to wait on using it (or something to that effect), instead of deleting it encase it was a legit file. Previously I had two backdoor trojans on my computer. I know that one was quarantined and I am not sure about the other one. Here is the info on those two items. A0342005.sys (located in a RP265 folder-c:/system volume information/_restore{0ef90d3e-5690-4367-bdef-72890fc4db64}/RP265/A0342005.sys) shows up as unresolved risk, but not in a computer scan and the other imapi.sys.vir (located in the Drivers folder-c:/Qoobox/quarantine/C/WINDOWS/system32/Drivers/imapi.sys.vir) shows up in the scan and since it is quarantined I assume there is no concern. As for the resent ones:Yesterday: HTTP Misleading Application Page Request and the iexplore.exe messageToday: HTTP Fake Scan Webpage 5Below are the logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 12:04:24.01 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20============== Running Processes ===============C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eh... Read more

A:HTTP Fake Scan and Misleading Application Page Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

Read other 16 answers
RELEVANCY SCORE 126.4

IssueWhen using Firefox, I keep encountering a pop-up message from Norton informing me that a recent attempt to attack your computer has been blocked. I view details of the attack and it names it either as a HTTP Tidserv Request 2 or HTTP Tidserv Request. The browser also redirects me to different sites when selecting google search results. Firefox sometimes crashes for no reason and the PC sound has disappeared as well. ActionsI have run a Fully System Scan using Norton twice. It is only picking up cookies after the system scan is complete. I also ran BitDefender scanner and nothing was picked up. I was able to find this site and it looks like a lot of members were able to help on issues such as mine so might as well give it a try. I've read the guidelines for requesting help and followed it to the best that I can. The DDS.txt is below and I have also attached the Attach.txt. I tried running the GMER program twice using the links in the guidelines but a blue screen always appear with the following message.PAGE_FAULT_IN_NONPAGED_AREATechnical Information:STOP: 0x00000050 (0x9973AB30, 0x00000001, 0x99478FA6, 0x00000000)I tried a third time by getting GMER directly at its web site and saving it with a different name but it still did not work. A blue screen still appeared.DDS (Ver_10-03-17.01) - NTFSx86 Run by Meyrick Mataac at 21:39:52.82 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.... Read more

A:PC infected with malware - HTTP Tidserv Request 2, HTTP Tidserv Request,

Hi parokyano,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer.

Read other 28 answers
RELEVANCY SCORE 126.4

Hi.I'd really appreciate some help here.4 days ago, I started to get the following messages from my Norton:Network traffic from 213.163.89.104 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXENetwork traffic from 60.12.117.145 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENetwork traffic from a57990057.cn matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXENorton identifies the first one as HTTP Tidserv Request and the next two as HTTP Tidserv Request 2 respectively.It blocks those attempts but won't let me take any action to remove (says no action required).I've run DDS and downloaded GMER. Tried running GMER several times but it only gets as far as the devices and then freezes my computer. I have to unplug it just to restart it.Also, I have Firefox, Google Chrome, and Internet Explorer on my Computer. At random times, new tabs in these browsers will automatically open taking me to sites advertising products and Congratulations! You are the 1,000,000th visitor or something like that. Click here to claim your prize.No matter which search engine I use in any of these browsers, when I click on a search result, it does the same thing as stated in the previous pa... Read more

A:Infected with HTTP Tidserv Request and HTTP Tidserv Request 2 and can't run GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other 12 answers
RELEVANCY SCORE 125.2

Norton Internet Security has been reporting that it blocks an intrusion attempt from a variety of addresses and reports the risk name as either HTTP Tidserv Request or HTTPS Tiderv 2 Request. I get a few unrequested webpages, but the main symptom is the warning messages from Norton. In attempting to fix the problem myself, I learned that I can not boot to Safe Mode because my system hangs at amdagp.sys and returns to the "how would you like your computer to boot" screen. I think this is an unrelated problem, but thought I'd mention it.Thanks! I appreciate your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Ann Nymous at 23:19:25.80 on Sun 04/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1534 [GMT -5:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi... Read more

A:http tidserv request and https tidserv2 request

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.When finished, it wi... Read more

Read other 16 answers
RELEVANCY SCORE 125.2

Please help. My computer is constantly being attacked (HTTP Tidserv Request & HTTPS Tidserv Request 2). I do not know how to keep this from happening. I've been letting others use my laptop (my first mistake), and about a week ago this all started happening. Needless to say, I'm concerned as I don't know how much damage these attacks can do. My Norton Anti-Virus/Internet Security has been blocking the attacks, but they come constantly from several attacking IP addresses and URLS. Below please find my dds.txt and attached my attach.txt and gmerlog.log as instructed. Thank you in advance for your assistance, and I look forward to hearing from someone.DDS (Ver_10-03-17.01) - NTFSx86 Run by MY NAME at 20:01:23.87 on Wed 08/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.132 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Progra... Read more

A:HTTP Tiderv Request & HTTPS Tidserv Request 2

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 2 answers
RELEVANCY SCORE 123.2

I just updated my laptop's Norton antivirus. I use Firefox. Since then, when I sign on to AOL the first part goes fine, but when I try to access my emails, it shows 400 Bad request. The plain HTTP request was sent to HTTPS port. I urgently need to respond to some emails but don't know what's gone wrong. Can you please help? In simple terms......... Thank you very much
 

Read other answers
RELEVANCY SCORE 116.8

I keep getting an alert from Norton saying an Intrusion Attempt has been blocked. How do I stop this thing from attacking in the first place. From other forums I've seen, it may some something to do with a rootkit."An intrusion attempt by m01n83kf7.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE""An intrusion attempt by 202.157.171.207 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE""An intrusion attempt by 91.212.226.59 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"etc..Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Trice at 9:02:51.75 on Tue 05/25/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2356 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Lexmark 2600 Series\lxdnmon.exe... Read more

A:Repeated Intrusion Attempts from HTTP Tidserv Request and HTTPS Tidserv Request 2

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important. You will then need to extract the file(s) from the zipped folder.To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish Close all open programs as a reboot may be required. Go to Start > Run, copy and paste the following into the text box and hit OK:"%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped. If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manuallyPlease post the contents of the log, report.txt, in your next reply.

Read other 11 answers
RELEVANCY SCORE 116.8

I viewed the Preparation Guide thread. I unfortunately have no way of backing up my files so I'm unfortunately all by myself here. I have a tendency to get viruses a lot and it just baffles me that these programs don't really protect you from the serious stuff. I download quite a lot. I only have basic cable at the moment so if it's not on Hulu, I download it. I also download shows for music video making (hobby of mine) and once in a great while, I get something. I use Norton Security Suite. I've heard it's a horrible program. I've only had the computer for a couple days before I got something. And this all started when Norton notified me that Auto-Protect has detected "Trojan.FakeAV!gen35". Risk Category "Heuristic Virus". Norton says it blocked it but I'm guessing it didn't. Surprise surprise. It says the location of the file name is "c:\documents and settings\administrator\local settings\application data\hwtglcvvq\uxmqbtvtssd.exe". I checked that folder but there is nothing there. But this was just the beginning.After that, I got another notification "2933463.0332615147.exe detected by SONAR". It's been Quarantined. Says it was fully removed even though it gives me the option of restoring it. ? After I got a similar notification "8811cf6b.exe detected by SONAR". Same thing. I got these three within minutes of one another on the 20th of... Read more

A:Trojan.FakeAV!gen35, HTTP Tidserv Request, HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 114.8

Norton 360 has been continually notifying us of intrusion attempts as of late (since about 2 days ago, started almost immediately when Norton's SONAR detected suspicious activity from a file called "fwdd.exe" and quaratined it). Risk names: HTTPS Tidserv Request 2 and HTTP Tidserv Request. We were also redirected when clicking a Google search result (which I believe is a guaranteed sign of malware). Upon looking these symptoms up, we found that they were most likely the result of a rootkit. Any and all help is appreciated to remove this malware, the more explanation of how to get rid of it the better, since this is our first time having to do this. Thank you.Logs: DDS (Ver_10-03-17.01) - NTFSx86 Run by Loozah at 16:05:09.75 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.615 [GMT -7:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Adobe\Photos... Read more

A:HTTPS Tidserv Request 2 and HTTP Tidserv Request Intrusion Attempts

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Gringo

Read other 12 answers
RELEVANCY SCORE 114.8

I see various HTTPS Tidserv Request 2 and HTTP Tidserv Request attempts being blocked by my Norton 360."Network traffic from zz87jhfda88.com matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE."Norton 360 doesn't find the trojan, but there are suspicious files found by GMER.This was after going to Wired to read an article and as some banner ads loaded, Norton started finding some other trojans and viruses being downloaded to my system. Even though Java had been upgraded to version 20, I think the older version code was still somewhere in the path, as I saw the Java splash screen on the Java startup. The alerts come more often when using Google or Yahoo search.I'm sure ComboFix will take care of it, but wanted a second opinion first.Thanks for your help.I've attached the attach.txt and ark.txt files and here is the log from DDS.txt.DDS (Ver_10-03-17.01) - NTFSx86 Run by KyleVogt at 12:12:31.37 on Wed 05/19/2010Internet Explorer: 7.0.6002.18005Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3070.1809 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\... Read more

A:Norton 360 Blocking HTTPS Tidserv Request 2 & HTTP Tidserv Request

Hello,Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, linkRemember to re-enable them afterwards.Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 3 answers
RELEVANCY SCORE 112

My computer was infected with trojan this morning, I ran Symantec Endpoint Protection 11, it deleted couple file.Now I am constantly the following two error messages via Symantec Endpoint Protection address line:-[SID: 23615] HTTPS Tidserv Request 2 detected.[SID: 23621] HTTP Tidserv Request detected.I ran the Symantec Endpoint Protection Full Scan come up clean but I still receive the errors as described above.I would greatly appreciate any assistance and thank-you in advance.I have pasted and attached the logs that I believe I need to for you to assist .Please advise if I need to do anything else at this moment to helpThanksBarryDDS (Ver_09-06-26.01) - NTFSx86 Run by clejstiege at 15:28:03.94 on Tue 06/22/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.411 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exeC:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exeC:\Program Files\Juniper\NetScreen-Remote\IreIKE.exesvchost.exeC:\Program Files... Read more

A:[SID: 23615] HTTPS Tidserv Request 2 detected. & [SID: 23621] HTTP Tidserv Request detected, Unable to resolve Infection

hi,Your post is a few days old if you still need help simply reply to my post.

Read other 1 answers
RELEVANCY SCORE 111.6

First of all, thanks in advance to those willing to help.A couple of days ago, I was infected with Antimalware Doctor, and XP Antimalware (I think those were the names). I am pretty sure I took care of those. Meanwhile, every time I use Mozilla Firefox, I have a notification from Norton 360 stating that "A recent attempt to attack your computer was blocked." When I look at it in more detail, Norton tells me the risk name is either HTTP Tidserv Request or HTTPS Tidserv Request 2. In addition to the constant attacks, I am redirected when clicking on google links and random tabs open in Firefox to random websites as well.-If the Risk name is HTTP Tidserv Request the application path is \DEVICE\HARDDISKVOLUME2\PROGRAMFILES\MOZILLAFIREFOX\FIREFOX.EXE-If the Risk name is HTTPS Tidserv Request 2 the application path is \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXEIn addition to that, Norton 360 has blocked or quarantined the following within the past couple of days:Spyware.KeyloggerTrojan.GenTrojan.FakeAVAntiVirus2010Here is the DDS LOG:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 10:45:47.12 on Fri 04/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.291 [GMT -6:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}===... Read more

A:HTTP Tidserv Request/HTTPS Tidserv Request 2 Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 111.6

Problem:A few days ago my computer was attacked. Norton detected and blocked several downloaders and trojans, however I am having lingering issues with something trying to hijack my browser. Norton appears to be detecting and containing the attacks for now, but full scans from both norton and malware bytes have brought up nothing.As requested I have the DDS log, but I was unable to successfully scan with GMER. I tried 4 times, and my computer froze twice, and BSOD twice.Here is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Aaron Smith at 23:42:19.71 on Sat 07/10/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.1852 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Belkin\F5D7050v3\Belkinwcui.exeC:\WINDOWS\system32\RUNDLL32.EXEC: ... Read more

A:problem with HTTPS Tidserv Request 2 and HTTP Tidserv Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 8 answers
RELEVANCY SCORE 109.2

What is that?

I am trying to go to www.transportforlondon.gov.uk.

I am on their site trying to get to their journey planner but when I click on the darn thing to get the journey planner up the page displays HTTP/1.1 400 Bad Request with Mozilla and HTTP 400 Bad Request with internet explorer.

Can some one please explain to me what is happening?
 

A:HTTP 400 Bad Request????

You don't need to post it again. I, and someone else are already providing suggestions in your original thread.
 

Read other 1 answers
RELEVANCY SCORE 109.2

i'v just installed a new pc with win xp sp2 and ie 7.

for some reason when i try to log on to facebook or when i try to browse gmail i get an error: http 400 bad request. (i believe it happens on other sites as well, but not all)

i'm sure it's not a network problem because it's a laptop and it didn't work at public places.

i have insalled mozila firefox and it works - but still is there a way to resolve he problem??

A:http 400 bad request

try this

http://support.microsoft.com/kb/826437

Read other 1 answers
RELEVANCY SCORE 109.2

Quite often when clicking on an item in ebay.com.au I get this > Http/1.1 Bad Request < come up. Doesn't always happen but can't find out why. It does the same thing in IE, Firefox, and Opera. Running WinXP [email protected] all updates.
Is it something wrong with my computer or something wrong at ebay.
I can't seem to find anyway to contact ebay either. Anyone know how to fix this?
I haven't as yet tried it at another computer or tried it on my OSX 10.4

A:Http/1.1 Bad Request

welcome


Quote:




I can't seem to find anyway to contact ebay either




you have a better chance of winning lotto

anyway, go to internet options in your control panel - go to the advanced tab - click on restore defaults at the bottom

post back

Read other 7 answers
RELEVANCY SCORE 109.2

Can anyone help me everytime i log into either ebay or hotmail its always comes up http/1.1 bad request or http1.1 internal server error i'm not great with coms so if someone could explain in detail what to do i doin't seem to have any problem logging into any other sites i think its just secure ones ant help would be greatly appreciated
thanks

Seamus

Read other answers
RELEVANCY SCORE 109.2

Hi, first my apologies if I'm posting in the wrong place!

When using ebay and only when trying to create a new listing, browsing is fine I keep getting an error message Http 400 bad request, I've visited several websites and fact pages etc and am now baffled!

I've tried all the simple suggestions I could find, deleting cookies etc and running spybot S&D, Ad-Aware and Anti Malware ..... nothing works although immediately after running spybot S&D occasionally it will let me list one item!

My question is, can I fix it? having very limited knowledge I'm scared of doing more damage than good and not being able to follow instructions anyway! so, would I be better off flinging this thing through a window and getting a new one? or sending it to a professional, I dont want to spend money on a computer expert having been ripped off in the past!

Any help or advice would be very gratefully received!!

A:Http 400 - Bad request, help!! ??

hello,
did this problem just start? (it may be an ebay issue)
what browser are you using? (try a different browser. ie, chrome or firefox)
do you have access to another computer to see if its the computer in question ?

good luck!

Read other 5 answers
RELEVANCY SCORE 109.2

I keep getting these errors when I go to sites I frequent (and as of 2 minutes ago, one that I dont any more thanks to Windows Live Mail). I will browse to the site, then I'll come back a little while later and the error will pop up and sometimes it takes all day for it to go away. I've never had this happen before. It just started happening when I cleared out my cookies and my temporary internet files while trying to set up my new router.

I use IE 8.

How do I get them to stop? And how do I fix them?

A:IE HTTP 400 Bad Request

  
Quote: Originally Posted by ACWN


I keep getting these errors when I go to sites I frequent (and as of 2 minutes ago, one that I dont any more thanks to Windows Live Mail). I will browse to the site, then I'll come back a little while later and the error will pop up and sometimes it takes all day for it to go away. I've never had this happen before. It just started happening when I cleared out my cookies and my temporary internet files while trying to set up my new router.

I use IE 8.

How do I get them to stop? And how do I fix them?


A simple google of the error return the explanation and fix. I just chose this as an example. HTTP Error 400 Bad request Explained

Good Luck

Ken

Read other 9 answers
RELEVANCY SCORE 109.2

can someone please tell me how to fix my firefox. every time i go to a site like blackplanet and click on enter it takes me to Http/1.1 bad request. my lil brother showed me something and it said alot of disallowed key or characters. so please if u know anything about this oh i'm running it with windows vista by the way if that helps. please if u can help email me at [email protected] thanks.

Read other answers
RELEVANCY SCORE 109.2

Hi, I have an annoying problem with internet, the error is HTTP 400 Bad requestI am surely infected by downloading stuff from Limewire, music, videos, etc.Can you help me please?...This is the Hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:19:36 p.m., on 14/05/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Windows Live\Family Safety\fssui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.... Read more

A:Http 400 Bad Request

Hello Momentum. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.If you still would like help, please follow the following instructions: Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one w... Read more

Read other 1 answers
RELEVANCY SCORE 109.2

I have a PC that has Windows XP SP2 on it. It had IE6 on it and started giving the 400 error for any website that I visited. I installed Ad-Aware and had Avast running on the PC. I cleaned up all the Malware on the PC and Avast didnt find any viruses. I installed Kaspersky and that found a couple Trojans that got deleted.

I updated to IE8 and still have the same issue. I disabled the firewall and still no go. I installed Firefox and that works just fine. Now I'm stumped.

Any help/ideas would be appreciated.

A:HTTP 400 Bad Request

Hi,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results butto... Read more

Read other 16 answers
RELEVANCY SCORE 109.2

What is that?

I am trying to go to www.transportforlondon.gov.uk.

I am on their site trying to get to their journey planner but when I click on the darn thing to get the journey planner up the page displays HTTP/1.1 400 Bad Request with Mozilla and HTTP 400 Bad Request with internet explorer.

Can some one please explain to me what is happening?
 

A:HTTP/1.1 400 Bad Request

Read other 15 answers
RELEVANCY SCORE 109.2

When I go logging in into hotmail I get this error -HTTP 400 Bad Request- It does not only happens with hotmail, it also appears on some other websites too.

I run on Windows Vista Home Premium 32Bit
Can anyone please give me some help? What to do?
it also happens when I go to you tube i only can play videos that appear in the home YouTube page, but it wont allow me to search videos as I'd get the error.

I can login into gmail and chech my email but when I logout the error comes up again.
It also happens in so many other websites most of which I cannot even remember, but in example some of them displays the whole site but in some windows within the site it displays the error too.
I have done a System Restore but it didn't help.

My browser is Windows Internet Explorer
I have deleted all my cookies and temp files too
I've done a full antispyware & antivirus scan. Only the antispyware found 3 threats that it corrected itself without any problems. Antivirus did not found anything, all ok.

I have downloaded and installed the latest java.

The problem is still there though...

I must mention that my computer has become so slow lately. I also have some other problems I've could never get rid of:

-Internet Explorer has stopped working
-Windows Explorer has stopped working

These 2 above could happen anytime especially if I switch between screens or download something new I think

And recently, when starting my machine:

-Application failed to initialize pro... Read more

A:Http 400 Bad Request

Hi; I suggest you ARE infected; whcih is your installed antivirus program and can you please name your other protection programns?you use Limewire ? if you seek help on cleaning you will need to remove it as there is little point in running cleaning programs while you continue to download most probably infected materials via a P2P program can you please run this tool which is vista compatible if the computer will let you ; it can give us a clearer picture of what is on the computer infection-wise do you have your computer cd and licence key to hand if you do need to do a reformat? Superantispyware; guide on how to install and run If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ; Installing superantispywareSuperantispyware is found here http://www.superantispyware.com/index.htmlDownload to the Downloads folder the free exe to superantispyware from herehttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREEyou install superantispyware by clicking on the icon in the downloads folder ; it will launch the installation process; follow the instructions and I suggest you ask for a default installation ; ensure it creates a desktop icon for you ;once the program has been installed it should ask you if you wish to update the program ; say YES if it does not ask you , you need TO fully update the definitions by opening the program and find the ?check for updates ?tab in the bottom left of the... Read more

Read other 5 answers
RELEVANCY SCORE 109.2

After installing the latest Windows updates, IE8 yields an HTTP 400 Bad Request page instead of going to certain websites (my company's webmail page, my credit union's homepage, the MS Windows Update page). Firefox and Chrome do not give the HTTP 400 Bad Request result when navigating to the same pages.

I did a system restore to back to yesterday to undo the updates, and the HTTP 400 error in IE8 went away.

So, here's a "heads up" to all you Windows XP Pro users with Internet Explorer 8.

A:HTTP 400 Bad Request

Thanks, I'm sure that there are some users out there who may have a similar experience.

Louis

Read other 6 answers
RELEVANCY SCORE 109.2

A week ago I started getting "http 400 bad request" error messages using Internet Explorer 8. I downloaded the latest version and installed it, with no change in results. I also installed Firefox, which has no problems with the exact same addresses. Google seems to work fine and I can go to any addresses Google finds. I reset IE8 and cleared cookies and history. A full scan with my antivirus did not find anything. I am out of ideas. I searched the forums here and did not find anything relevant. System is XP sp3. This started after my son (age 9) was using the computer, but he claims (of course) he didn't change anything.

Any help is appreciated. Thank You.

Bill Clapper

A:http 400 bad request

Welcome to TSF

Go to Control Panel, Add or Remove Programs and uninstall IE8. Reboot the computer and then try connecting using IE7. Let me know the results plz

Read other 8 answers
RELEVANCY SCORE 109.2

I can not connect to Chase.com. I get HTTP 400 Bad request.
> My PC has been unplugged for one month,it worked fine before.
> I can connect to ALL my favorites,except Chase.com.I even typed it into my
address bar.
> I even down loaded IE8 again.
I tried to do a restore and it won't let me?
> It will work with Fire fox.
XP SP3
> What could have happened?
> Phil

A:I get HTTP 400 Bad request

Being a banking site, chase.com uses SSL encryption. What happens when you go to other SSL sites such as this one - https://encrypted.google.com/

Read other 3 answers
RELEVANCY SCORE 109.2

I cannot log onto MSN Texas Holdedm or MSN Bridge. I am using msn vista home edition. Each time I get the message "HTTP bad request". "this page cannot be found". "there might be a typing error" "if you clicked on a link it may be out of date"
 

Read other answers
RELEVANCY SCORE 109.2

Hi folks
I'm having all sorts of problems with my computer right now - please see my separate postings under Windows xp. I think a trojan or worm has invaded my computer because I am now getting a HTTP 400 - Bad Request window whenever I go on any site to try and deal with the virus problem. I can't even renew my mcafee subscription because I'm getting the same window for their site. All the sites which say they can deal with the http 400 bad request problem don't work because I get the same message when i click on the links to resolve the problem. Any ideas?

A:HTTP 400 - Bad Request

Welcome to TSF

Sorry to hear your having so much trouble. The security team can help you with this. We cannot assist you with this issue here in the Microsoft Support Forum.


Look over these http://www.techsupportforum.com/secu...oval-help.html
If you cannot complete any of the steps for whatever reason, just continue on with the next one until they are all completed, and post your logs in Virus/Trojan/Spyware Help; where an Analyst will assist you. However, it is very important to make mention of any of the steps that you were not able to complete.

After you?ve posted your logs, please be patient, as the Security Team Analysts are very busy.

Read other 1 answers
RELEVANCY SCORE 108

Well for some days now i get a notification from norton that an attempt on my computer has been blocked (or something along those lines). I have done a full scan and nothing comes up.

So can someone help me remove this malware :S

DDS LOG is attached

I tried the gmer log thing twice and both times my computer crashed :S

A:HTTP Tidserv Request with log

Hello BhavirWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Note since it is in rar format and if you do not have anyhting that will open it then you can download 7 zip and use it to extract the data it can be found here:
Right click on the .rar file and choose extract files.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"

Read other 3 answers
RELEVANCY SCORE 108

Hey guys. For my project, I needed to find a way to send SMS messages from Perl. It turns out, it is easy to send messages from Perl using HTTP requestes and a software called Ozeki NG SMS Gateway.
To send SMS messages from Perl using HTTP requests, first you need to download, install and configure Ozeki NG SMS Gateway software to your computer. Then import the source code provided below into a new project you write in Perl. After you imported it you can configure the code. You need to customize the values in the source code below.
#!/usr/bin/perl


###############################################

## Ozeki NG - SMS Gateway Perl example ##

###############################################


use HTTP::Request;

use LWP::UserAgent;

use URI::Escape;



###############################################

### Ozeki NG informations ###

###############################################

$host = "127.0.0.1";

$port = "9501";

$username = "admin";

$password = "abc123";

$recipient = "+00123456";

$message = "Test Message from Perl";



###############################################

### Putting together the final HTTP Request ###

###############################################

$url = "http://" . $host;

$url .= ":" . $port;

$url .= "/api?action=sendmessage&";

$url .= "username=" . uri_escape($username);

$url .= "&password=" . uri_escape($password);

$ur... Read more

Read other answers
RELEVANCY SCORE 108

Hi, I'm running Windows XP, Norton Internet Security 2010, and a Linksys router. The past three days I've been getting notices from Norton "A recent attempt to attack your computer was blocked". In the Norton history log the Risk name is: HTTP Tidserv Request. I'm not sure what to do next. Norton scans don't find anything. The attacks occur several per hour. I'm now keeping the computer disconnected from the internet until resolved. Please advise. Thanks, Jim

A:HTTP Tidserv Request

Hello, Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download li... Read more

Read other 25 answers
RELEVANCY SCORE 108

Good morning,A couple of days ago I began receiving alerts from Norton everytime I searched Google and clicked on the appropriate search result. The alert reads..."an intrusion attempt by 30xc1cjh91.com was blocked. Application path\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORER.EXE." Under the Advanced Details heading it lists the Risk Name as HTTP Tidserv Request. Under the heading of Recommended Actions it says "No Action Required". I'm fairly sure I need to do something about this as I assume my computer has been compromised. A Norton scan turns up nothing. I performed the scans but the computer was unable to finish the GMER scan and would lock up after a few hours of scanning. I attached the ones that I was able to perform. Any help that you could provide would be very much appreciated. Thanks

A:HTTP Tidserv Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 34 answers
RELEVANCY SCORE 108

Hello, norton started two days ago with a pop up telling me that an intrusion attempt was made but blocked. it keeps coming up. the risk name is HTTP tidserv request. please help. thank youEDIT: Moved from Malware Removal Logs to Am I Infected ~ Hamluis.

A:http tidserv request

Hello and welcome.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM m... Read more

Read other 3 answers
RELEVANCY SCORE 108

Hello everyone this is my first thread and I'm in need of some help! I keep getting a pop up from my (expired) Norton Antivirus which reads something like: A recent attack on your computer was blocked. When I click it, it gives me the Http Tidserv Request as the culprit. I've run Mbam and nothing shows up. I ran Spybot which revealed a myriad of results, one of them being Virtumonde. Anyhow; I was wondering if anyone could help or give me some direction as to where to go. *sigh* this is what I get for letting my 14 year old cousin use my computer

A:Http Tidserv Request

Hello ,Let's see if we can clean this up and then we'll get you an Antivirus'Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your deskt... Read more

Read other 13 answers
RELEVANCY SCORE 108

Hello,This started a two days ago. The symptoms are almost exactly the same as the ones in http://www.bleepingcomputer.com/forums/t/311466/http-tidserv-request/. It also matches the symptoms in Symantec's page on Backdoor.Tidserv. Whenever a search is attempted on Google, Yahoo or Bing, Norton pops up the same alert as in the other thread, but the website name it attempts to contact changes randomly. It says the request for that site originated from IEXPLORE.EXE; at random times SVCHOST.EXE was also blocked from accessing a similar site.The computer is running Windows XP Professional Service Pack 3.I have tried Symantec's removal instructions on their site, including replacing atapi.sys, advapi32.dll and ndis.sys with the same files from the XP CD. However, the files this was supposed to have created (mostly with TDSS in its name) don't exist. On the day of the original infection there was a fake antivirus program on the computer, too, and it blocked any applications saying the file was infected. That one was fixed with system restore. According to Symantec, Tidserv can also install other malware on the computer, which is where I assume this came from.The gmer log seems incomplete so I'm running it again. It seems to crash quite often, and Norton's CPU usage jumps to two 50% processes while running gmer.Thanks for any help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Tim Rao at 23:54:14.51 on Fri 21/05/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.260... Read more

A:HTTP Tidserv Request

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 13 answers
RELEVANCY SCORE 108

Hello,

Last week I was surfing the google looking up information on the game Aion when suddenly a popup appeared and it showed that something was downloading. I have popup blocker on, but apparently it didn't matter. Within minutes, various issues occurred and I immediately went to windows to use onecare. It removed 23 viruses and over 200 spyware. I followed up using malwarebytes' anti-malware which found a few others onecare did not and removed them. I bought norton antivirus which found 1 virus and removed many cookies.

I thought all was well but then every few minutes Norton says: An intrusion attempt by 91.212.226. (some other random number) was blocked. The titles of the attack are either Http Tidserv Request 1 or 2. Sometimes (including this site) I'll get redirected to an ad site. Sometimes the internet will disconnect. I considered wiping the drive except when I've read other threads for those who have done this, they still have the issue on their computer. That's really a last option. I've seen both on this site and other sites such as bleepingcomputer that after a long series of tools, people seem to have cleared themselves of this problem. I haven't tried any of these tools since they usually say not to without an experts suggestion. I have, however, run the GMER (which took two tries, first time it froze my computer and I had to manually restart). I also did the DDS and have the attach file.

I'm really at my wits end with this and any help would be great... Read more

A:http tidserv request 1 & 2

Hello and welcome to TSF,

Please subscribe to this thread to get immediate notification of replies (if you haven't already) as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

--------------------------------------------

I am sorry to tell you that one or more of the identified infections is a backdoor trojan / rootkit .

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

-------------------------------------------

Please note that these fixes ar... Read more

Read other 19 answers
RELEVANCY SCORE 108

Read Momentum's earlier topic answered by Billy and downloaded Hijack This and DSS and ran the search. Here are the results. Can anyone interpret them for me?Deckard's System Scanner v20071014.68Run by Alison on 2008-06-30 22:14:03Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 83% (more than 75%).Total Physical Memory: 766 MiB (1024 MiB recommended).-- HijackThis (run as Alison.exe) ----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:14:18 PM, on 6/30/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\Program Files\Launch Manager\QtZgAcer.EXEC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Live\Family Safety\fssui.exeC:\Windows\System32\wpcumi.exeC:\Windows\vVX3000.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:&#... Read more

A:Http 400 Bad Request On Vista

Hello Sooner HWelcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to. If you have not resolved this issue and still need assistance, post a new HJT log as your system may have changed since your original post. Sometimes with the amount of logs we get , one or two may fall through the cracks as yours has done, I apologize for that. All your logs look fine but post a Hijackthis log and lets make sure.Download Trendmicros Hijackthis to your desktop.Double click it to installFollow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exeOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Read other 2 answers