Over 1 million tech questions and answers.

PLZ HELP- Intrusions not stopping - HTTPS tidserv & HTTPS misleading application deletection

Q: PLZ HELP- Intrusions not stopping - HTTPS tidserv & HTTPS misleading application deletection

Intrusions from two different Ips, one is HTTPS tidserv & other is HTTPS misleading Application detection, how do i get rid of them?

RELEVANCY SCORE 200
Preferred Solution: PLZ HELP- Intrusions not stopping - HTTPS tidserv & HTTPS misleading application deletection

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: PLZ HELP- Intrusions not stopping - HTTPS tidserv & HTTPS misleading application deletection

Hi archie21:

These notifications are what we are seeing on the Norton forum that indicate that you have a TDL3/4 rootkit attempting access to the net. Norton is blocking it.

You will need to ask the Malware Removal Team for assistance.

Read other 2 answers
RELEVANCY SCORE 132.8

Hello Everyone,
My NIS9 security has started blocking HTTPS Tidserv Request 2 intrusions.
These only appear when I'm connected to my ISP.
I have a PC with a cable connection running windows XP.

Hope you can help.

thanks
Mike

p.s. I started getting google redirects about the same time.

A:HTTPS Tidserv Request 2 intrusions

Hello and welcome.. Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternat... Read more

Read other 9 answers
RELEVANCY SCORE 102.4

For the past week Norton has been giving me a message that it has stopped an HTTPS Tidserve Request 2 intrusion attempt, approximately every half hour. As this has never happened before, my main concern is that there is something on my computer already. I have too little knowledge to deal with this myself and would appreciate help from someone with experience. I have scanned with Norton, Spybot and Malware Bytes., but they found nothing. I also took my computer to a computer repair place where they found something removed it and thought the problem was fixed, however the messages are still coming. I am connected to a network of 3 computers however when I disconnected these from my computer the messages still came through. IIf you need further information please ask and I will do my best to provide it.

Thank you for your help.

A:HTTPS Tidserve Request 2 intrusions

Hello.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Now TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC wi... Read more

Read other 4 answers
RELEVANCY SCORE 98

Howdy, let me first say THANK YOU to this forum, and the folks that post help. I have used this forum in the past to help my neighbors, and the information has been helpful. Unfortunately, it is now apparently my turn, as my wife's computer is infected.The StoryYesterday (4/8), my wife comes in my office claiming that her computer is in trouble. When I get there, I see that she has windows coming and going, and it appears that she is infected with Antimalware Doctor (appreg70700.exe). I also notice that Norton 360 is not currently running, now sure why it had stopped, but thought I'd mention it.What I didAfter finding the application that was causing the problems, I killed it, and installed a recommended program, Malwarebyte's Anti-Malware. It found several issues, and I followed the cleaning process. I also found registry entries for Antimalware Doctor (using regedit), and removed them. Furthermore, I removed it from the start-up entries. Also, I installed and ran SuperAntispyware, but it only found 3 cookies that were problems.Current IssueI then got Norton 360 running again (updated defs, ran a new scan, etc). Norton isn't finding any issues. However, going through the logs, I am finding multiple entries for:QUOTEHIGH - An intrusion attempt by 61.21.20.132 was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXENorton Risk Name: HTTPS Tidserv Request 2Other IP that it lists is 112.121.181.26And,... Read more

A:Tidserv Trojan Infection? (HTTPS Tidserv Request 2)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 49 answers
RELEVANCY SCORE 96.4

This keeps popping up on my Norton 360 and I have no idea what to do. Is it a site trying to hack into my computer? I followed a few advices on this site but it keeps popping up...GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-22 21:15:53Windows 6.1.7600 Running: cycsd3fr.exe; Driver: C:\Users\Stephen\AppData\Local\Temp\fwddrfoc.sys---- System - GMER 1.0.15 ----SSDT 869C3048 ZwAlertResumeThreadSSDT 86260048 ZwAlertThreadSSDT 86AD0FC0 ZwAllocateVirtualMemorySSDT 85FAD480 ZwAlpcConnectPortSSDT 86950048 ZwAssignProcessToJobObjectSSDT 86ACC210 ZwCreateMutantSSDT 86ACEBA8 ZwCreateSymbolicLinkObjectSSDT 86ACF398 ... Read more

A:HTTPS TIDSERV REQUEST and TIDSERV REQUEST2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 94

Hello,
I come from the Norton community that led me to you about attack of a serious trojan.
Here is a nth case of "HTTPS TidServ" attack that personally I discover being novice in this regard.
I understood that this type of trojan causes serious problems, and belongs to the class of Rootkit, TDSS or TDL3 viruses.
Of course, my system is infected, periodically, Norton indicating attacks,I did a full scan via Norton Internet Security, without result.
I already used Microsoft's Malicious Software Removal Tool, and RegistryBooster-Uniblue to check the system, the first one didn't identify the problem and the second one pointed out problems but I did not try to repair via this program. I did not try any other solution for now.
I wonder what I have to do to eradicate this very serious "nuisance".
Thanks for your help,
Regards,
Thierry

----------------------------
ps: pc endowed with XP.

A:HTTPS TidServ

Hi Thierry and welcome to BleepingComputer!Please follow the steps in this guide and see if that fixes your problem.

Read other 7 answers
RELEVANCY SCORE 92.8

I get a Norton intrusion attempt warning at least once every ten minutes. "An intrusion attempt by xxxxx.com was blocked. Application path \device\harddiskvolume1\windows\system32\scvhost.exe"Risk name: "HTTPS Tidserv Request 2"What should I do? Thank you.DDS (Ver_10-03-17.01) - NTFSx86 Run by Danny at 17:57:21.96 on Thu 05/27/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.391 [GMT -7:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Citrix\... Read more

A:HTTPS Tidserv Request 2

Hi amkej,Welcome to our VTSMR forum. It is omportant to refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Open your Malwarebytes' Anti-Malware.First update it, to do that under the Update tab press "Check for Updates".Under Scanner tab select "Perform Quick Scan", then click Scan.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the MBAM log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Double-click to run TDLfix.exe, type the following in the command window and press Enter:mbrA log file opens up. please post the content to your reply.

Read other 13 answers
RELEVANCY SCORE 92.8

My norton internet security has been recently blocking intrusion attempts from various sites trying to get to both my svchost.exe and iexplore.exe files. From looking here, I probably have a rootkit problem. I'm totally new at handling this so please be patient with me. Thanks for any help you can give me.

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.sc... Read more

Read other 15 answers
RELEVANCY SCORE 92.8

Hello:I was referred to this part of the forum for help in resolving and removing HTTPS Tidserv Request and HTTPS Tidserv Request 2. A brief explanation of the problem can be found here, as well as the steps I've taken thus far. However, this is what happened:Last Friday, I went to a website and Norton Download Insight detected the launch of something called skxntv.exe. It quarantined the item. At about the time, Norton also logged an unauthorized access attempt. Roughly thirty minutes later, Norton logged an intrusion attempt by an IP address which contained HTTPS Tidserv Request 2. This attempt was blocked. An hour later, another attempt was blocked. If I remember correctly, I may have launched Norton to scan my computer. It detected fifty low level tracking cookies which were deleted.The next morning, I got up and found that I could no longer use my keyboard. I found a code 38 error in the control panel section for the keyboard. After numerous attempts at rebooting and reinstalling the driver, nothing seemed to work. This went on until Monday morning when I discoverd my keyboard was working again. In between all of this, I researched what could be causing the keyboard to stop working. I have a Nintendo Wii with internet access and an Opera browser, so I used that to do my research. I discovered that one of the causes could be a virus. At some point, these forums were mentioned and that was when I made my first post.For the last few days, I've had my keyboar... Read more

A:HTTPS Tidserv Request and HTTPS Tidserv Request 2

Hi arc14716,Welcome to VTSMR forum. Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) as long as we are not done. Doing that might interfere with our fixes.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Double-click to run TDLfix.exe, type the following in the command window and press Enter:mbrA log file opens up. please post the content to your reply.

Read other 9 answers
RELEVANCY SCORE 92.8

Okay, so Norton keeps telling me that it's blocking an attack on my computer call "HTTPS Tidserv C and C Domain." I also have a problem with my Google links redirecting so I think it might be related to this threat.

I just got rid of Internet Security 2010 an hour or so ago using Malware Bytes if that counts for anything. My computer is running faster back I can't seem to shake off this "attempted back door" attack. There has to be something wrong since my goggle links keep redirecting.

Any help is appreciated.

A:HTTPS Tidserv C and C Domain???

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

Read other 11 answers
RELEVANCY SCORE 92.8

Hey, was wondering if anyone could help me, Norton keeps popping up in my screen saying that a recent attempt to attack my computer has been blocked. It happens like, every 3 minutes and its getting very aggravating. Norton supplies the IP address of the attacking computer and all so I was wondering if there was ANY way to get rid of this persistent pest.

A:Https Tidserv Request 2

Hello and welcome..Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM ... Read more

Read other 3 answers
RELEVANCY SCORE 92.8

For a few days now I have been getting alerts from Norton AntiVirus that look like this:I ran multiple full system scans with Norton and then using Malwarebytes' Anti-Malware but they did not find it. When I tried doing the gmer scan, my computer kept shutting down after a few minutes so I was not able to finish and attach it. Also, when on the internet I started getting popups for various spam websites that is probably related since it started at the same time. Also, I tried to do a system restore but I tried all of the recent save points and it said that it couldn't be restored to any of those dates.Thanks in advance!DDS (Ver_10-03-17.01) - NTFSx86 Run by RUStudent at 15:40:04.57 on Sun 05/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1181 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS&... Read more

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore... Read more

Read other 16 answers
RELEVANCY SCORE 92.8

I'm not sure if this is the right section to post in, but I keep getting Norton warnings that "A recent attempt to attack your computer has been blocked." Most of the time, the attack is called "HTTPS Tidserv Request" or something similar. About 4 days ago, while searching google images, IE froze for a second. Something asked for permission to run, and I thought it was a program I recognized so I clicked "Allow". Soon after, Norton spammed me with warnings about things trying to attack my computer.I did a scan, but it detected nothing. After giving up, and being annoyed, I searched google about the attacking URL. A few times, I was redirected to random advertising sites. But it hasn't happened many times. I found out that many people were having the exact same problem, but I couldn't find a solution simple enough that I could understand. I system restored my computer in safe mode, to a date where I did not have this problem. But after a few hours, I began to be attacked again by the same URL's.I've read many threads about this and came to the conclusion to make my own, despite it being a bit confusing to me. I'm hoping this problem can be fixed soon, because I do not know what this infection is doing to my computer, and that scares me. I'm not very good at computer things at all, but here are the DDS and HijackThis logs..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:09:35 PM, on 4/12/2010Platform: Unknown Win... Read more

A:HTTPS Tidserv Request pop-ups

I'm not sure if I forgot to post another log..? Or did I do that right.

Read other 58 answers
RELEVANCY SCORE 92.8

Greetings ,My norton anti-virus keeps on comin up every ones and a while ( pretty often i must say ) with intrusion attemps from https tidserv request 2. I scanned my pc with Norton and malwarebytes they both came up with issues , deleted them , but that does not seem to have fixed my problem !! Hoping you guys can help !!Sorry if i didnt post any reports .... here is my dss and for gmr i really tried its askin my pc too much.Merged posts and removed redundant content. ~ OB

A:https tidserv request 2.

QUOTE(goldennbp @ Jun 24 2010, 12:12 PM) Greetings ,My norton anti-virus keeps on comin up every ones and a while ( pretty often i must say ) with intrusion attemps from https tidserv request 2. I scanned my pc with Norton and malwarebytes they both came up with issues , deleted them , but that does not seem to have fixed my problem !! Hoping you guys can help !!Sorry if i didnt post any reports .... here is my dss and for gmr i really tried its askin my pc too much.Merged posts and removed redundant content. ~ OBDelete probleme solved

Read other 2 answers
RELEVANCY SCORE 92.8

Hello im a complete computer dunce and really need some help.my norton has been telling me that it keeps blocking traffic or something. its says soemthing like HTTPS tidserve request blocked.While searching google i found this website and am hoping you can help me.I am currently on my moms laptop and have my laptops wireless switched off (friends advice)I have scanned with Norton, AVG, malebytes (or something like that) windows malicous software removal tool.Only AVG came up with anything and this didnt solve the problem.I have run DDS and tried to run GMER but it stops runnign and crashes.here is the DDS report.DDS (Ver_10-03-17.01) - NTFSx86 Run by Currys at 22:32:53.32 on 22/04/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.44.1033.18.1790.1103 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32&#... Read more

A:HTTPS Tidserv request

Ok this should be a more simple request. i have decided to wipe everything off there and make it a fresh laptop.I no longer have any of the CDs for this laptop though.Is there a way to reformat and re-install without CDs?Or shall i buy a new install CD?

Read other 3 answers
RELEVANCY SCORE 92.8

Every 5-10 mins, my Norton Internet Security says it's blocked an intrusion attempt. The specific words are "An intrusion attempt by 873hgf7xx60.com was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE" This started several days ago. I did run a Norton fullsystem scan (said it got the trojan, but I'm still having problems), downloaded and ran a virus-ridden/bad copy of Malwarebytes (realized this after Norton caught it saying something about blocking a rootkit); ran the good version of Malwarebytes in safe mode, followed by another Norton system scan. Also, when checking the registry, I was never able to see any appropriate TDSS/TDSServ registry values to delete (as outlined in some malware-fixing emails out on the web). Can anyone help? I feel like I've been taking stabs in the dark and just wanted some help from someone in the know. These trojan's really bite!I'll list the results of DDS and GMER. I had some scary-to-me problems While running GMER, however. I received the message "Delayed Write Failed Windows was unable to save all the data for the file \DEVICE\HARDDISKVOLUME2\$Extend\$UsnJrn1:$J. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere." This error message was repeated for a number of other files as well. I was able t... Read more

A:HTTPS Tidserv Request 2

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 18 answers
RELEVANCY SCORE 92.8

Hello - need help on a virus removal - Nortons is detecting an intrusion attempt ~every 30 mins that it identifies as "HTTPS Tidserv Request 2". Norton detects the intrusion attempts and also detects "Backdoor.Tidserv.l!inf", but doesn't offer any effective removal instructions. Malwarebyte scans run clean. TDsskiller scans find my 'iastor' driver is infected by TDSS rootkit, but several attempts to remove on reboot have failed.DDS logs and GMER log follow:DDS (Ver_10-03-17.01) - NTFSx86 Run by Kevin Fredrich at 10:13:56.65 on Thu 05/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1366 [GMT -5:00]AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:\Program Files\Privoxy\privoxy.exeC:\Pro... Read more

A:HTTPS Tidserv Request 2

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end. Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

Read other 20 answers
RELEVANCY SCORE 92.8

Norton keeps popping up that it blocked something called "HTTPS Tidserv C and C Domain." It seems to attack my computer every 15 minutes or so. What can I do to get rid of it?Another problem is that everything I search for in Google gets redirected to random sites. All help is appreciated. LINK to original threadDDS (Ver_09-12-01.01) - NTFSx86 NETWORK Run by Jacque at 13:13:40.47 on Sun 12/27/2009Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2047.1202 [GMT -6:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k rpcssC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:Windowssystem32svchost.exe -k netsvcsC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k NetworkServiceC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Windowssystem32svchost.exe -k NetworkServiceNetworkRestrictedC:WindowsExplorer.EXEC:Program FilesWindows Media Playerwmpnscfg.exeC:Program FilesLavasoftAd-AwareAAWWSC.exeC:Program FilesLavasoftAd-AwareAAWWSC.e... Read more

A:HTTPS Tidserv C and C Domain

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 17 answers
RELEVANCY SCORE 92.8

Windows XP SP3 with Norton Internet Security 2009 on a Dell Laptop on a LAN.

On Thursday (6/24/10) Norton started blocking "HTTPS Tidserv Request 2" from both SvcHost.exe and IExplorer.exe to a couple of different IPs 91.212.226.59, 91.212.226.67 and 85.12.46.155. I also noticed that a SVCHOST.EXE process was using a log of CPU and killed it. I updated Norton and ran a full scan and it found Trojan.Zefarch!gen and maybe another Trojan Horse, Norton isn't too clear.

I'm pretty sure that a Java applet on a site was the cause and I found a couple of files with the right time stamp to be involved; one was e.exe and I didn't get the other Norton removed it. A couple of the strings inside e.exe were "MSVCR80.DLL" and KERNEL32.DLL" so I assume it modified them. I see other stuff in Norton's log that I assume isn't of much help.

After reading Bleeping Computer I booted in safe mode and ran another scan it found SpyGuard2008. I also ran the Defogger, dds and gmer.

Please help.

Trace

=== DeFogger ===

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:32 on 25/06/2010 (TTindall)

Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
-=E.O.F=-

A:HTTPS Tidserv Request 2

Hello, Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download li... Read more

Read other 14 answers
RELEVANCY SCORE 92.8

I have tried several malware removal programs (Malwarebytes Anti-Malware, Spybot S&D, SUPERAntispyware) and cannot seem to shake whatever is on my system. A fake AV software will load and cause me to be unable to load any other programs or windows (I have to do a hard restart to get moving again). Please help!DDS (Ver_10-03-17.01) - NTFSx86 Run by dgray at 8:47:31.98 on Thu 07/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.274 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\CA\SC\CAM\bin\cam.exeC:\Program Files\USFC\VPN Client�... Read more

A:HTTPS Tidserv Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 31 answers
RELEVANCY SCORE 92.8

Please Help!

Norton 360 keeps coming up with the following message:

Severity - High
Activity - An intrusion attempt by d45648675.cn was blocked. Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE
Risk Name - HTTPS Tidserv Request
Source Address - 91.212.226.60
Traffic Description - TCP, https

It has made my computer really slow and when on the internet it diverts links to random websites.

These alerts are happening every half and hour or so.

Thanks in advance for your help.
 

Read other answers
RELEVANCY SCORE 92.8

Every half hour or so my norton tells me they have blocked "an intrusion attempt by 94.228.209.145 was blocked Application Path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SCHOST.EXE

The Risk Name is HTTPS Tidserv Request 2

Ive initially ran Malwarebytes and it found and removed infected items.

Any search for the risk name at google directed me to a nongoogle search page.

I was able to go to the google results by copying shortcut and pasting into a new tab. I found instructions to use SDfix and Smitfraud ive done them successfully but still getting the attack warning.

I need help getting this off of my computer so I wont be attacked.

Thanks for your help. Let me know what I need to do.
 

A:HTTPS Tidserv Request 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:40, on 2/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\nick\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging... Read more

Read other 1 answers
RELEVANCY SCORE 92.8

hello i followed the steps discussed in the following topic http://www.bleepingcomputer.com/forums/t/310102/https-tidserv-request-2-infection/ to remove the HTTPS Tidserv Request 2 trojan virus and following file is generated . i am uploading the same for further help.thanks in advance.

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 8 answers
RELEVANCY SCORE 92.8

Hi, My dads computer is getting this pop-up from norton all the time, saying either HTTPS Tidserv Request or HTTPS Tidserv Request 2 was blocked. I have run Norton full scan in both normal and safe mode, ran Malware bytes and Registry Mechanic, all have said that everything is now clean but the pop ups keep coming. Also, I have notice that there are 8 of svchost.exe running and sometimes it takes 100% of the CPU usage. Also, it seems like it takes forever to boot!For the first time ever I read what I needed to do before posting here!!!!!! :-)Thanks in advance for the help.ScottDDS (Ver_10-03-17.01) - NTFSx86 Run by Pat Petrola at 17:46:46.59 on Tue 06/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.593 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC... Read more

A:HTTPS Tidserv Request and HTTPS Tidserv Request 2

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 12 answers
RELEVANCY SCORE 92.8

Hi,

I've been noticing Norton security alerts lately, all notifying me of 'an intrusion attempt by 19js810300z.com'. I've heard about this before but my browser hasn't been redirecting me to any fake pages, and the only off thing I've noticed is that my computer runs a little slowly (rarely), i.e. lags when typing in firefox.

Read other answers
RELEVANCY SCORE 92.8

Hi - Similar to another poster, my Norton continues to pop-up with an alert re: blocking an "intrusion attempt by lj1i16b0.com was blocked. Application path \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE". I ran a Norton scan and it 'fixed' several Trojans and it says my computer is clear. But I?m still receiving attempted intrusion attack notifications from Norton , like before, which it says it blocked. However, when I do searches my pages are begin re-routed now too. I ran the Rootkit Unhooker and the report is below. What should I do next?RkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #2==============================================>Drivers==============================================0xA98BF000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4923392 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)0xB60A0000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4620288 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)0xBF185000 C:\WINDOWS\System32\ati3duag.dll 3207168 bytes (ATI Technologies Inc. , ati3duag.dll)0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)0x804D7000 PnpManager 2150400 bytes0x804D7000 RAW 2150400 bytes0x804D7000 WMIxWDM 215040... Read more

A:HTTPS Tidserv Request 2

Good evening. Will you go here, follow steps 6, 7, and 8 and post accordingly.

Read other 2 answers
RELEVANCY SCORE 92.8

Norton 360 keeps on coming up with a message saying that it is blocking an intrusion attempt. The risk name is HTTPS tidserv request 2. The attacking computer changes and there is at least two device path. When I attempt to run GMER the computer crashes and restarts. I am using Windows Vista Home Premium Service Pack 1. DDS (Ver_10-03-17.01) - NTFSx86 Run by Johnson Yen at 3:53:42.77 on Sat 05/29/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_02Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3006.963 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Cox\InstaLAN\AffinegyService.e... Read more

A:HTTPS Tidserv Request 2

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 15 answers
RELEVANCY SCORE 92.8

Running Norton Internet Security on a Windows Vista system. I suspected I had a virus, so I ran a full scan. Norton identified and removed two trojans, but I think not everything was removed. Now I am getting pop-ups from Norton while browsing using IE, like this:"A recent attempt to attack your computer was blocked."When I click View Details, I see information like this:"An intrusion attempt by 19js810300z.com was blocked. Application path \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE"The ".com" address changes, but the basic message is the same.I have followed the instructions in the Preparation Guide and hope I did everything correctly. Please let me know if you need more information? Thanks in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Sue at 19:25:30.71 on Tue 06/29/2010Internet Explorer: 8.0.6001.18928Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3325.2002 [GMT -7:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRes... Read more

A:HTTPS Tidserv Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow Com... Read more

Read other 11 answers
RELEVANCY SCORE 92.8

About a week ago, Norton has been telling me about attacks made to my computer. I'm thinking its just a regular intrusion attempt until they statred happening more frequently.Every 10 to 30 minutes I would keep getting the same message about how Norton has blocked this intrusion attempt. While looking at the histroy I found out also that not only I'm being attacked by the HTTPS request2 trojan but also the 1st HTTPS request. I've read other people's forum post with the same problem and I'm afraid as well thats getting around my firewall. I tried scanning it but like many other who did, norton didnt find anything. Can somebody help me on what I need to do get rid of it? Thanks in advance. This is very troublesome. So far my computer has trouble going into hibernate and the arrow vanishes has been running slower. Nothing too big yet still worried.DDS (Ver_10-03-17.01) - NTFSx86 Run by Cheryl Underwood at 0:11:05.43 on Sun 06/13/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.202 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDO... Read more

A:HTTPS tidserv reqest 1 and 2

Hi vades2,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please update me on the current condition of your computer.

Read other 7 answers
RELEVANCY SCORE 92.8

Hello.A colleague seem to have downloaded several viruses onto an often-used work laptop. We are a small non-profit and cannot afford to pay someone to remove this. I googled around looking for a solution before coming here, and I seem to have done some things in the wrong order. She came to me complaining there was a virus. The first problem I noticed was Anti-Malware Doctor or something like that, then another phony spyware finder. Then explorer and firefox windows would shut down with the td-da! sound playing. Other programs wouldn't open, claiming to be infected. I downloaded, updated and ran malwarebytes, spybot search and destroy, superantispyware, cwshredder, tdsskiller, windows defender and stinger. they got rid of a ton of garbage, none of which I noted, sadly. Norton found a few items as well, and deleted or quarantined them. I figured that would clear it up, yet I continually get notices from Norton about blocked attacks from a few different sources. I also notice that occasionally, in firefox, google searches will redirect to benign-looking stubs and ad pages. They're easy to move away from. The final issue is that despite there being very few programs on this laptop, windows notified me that virtual memory is too low. Thanks in advance, I really appreciate the help.(Here is all the info from the DDS, the other one is attached, and I'm having trouble attaching the gmer report, it says the txt is too big, but I can't upload a .zi... Read more

A:HTTPS Tidserv Request 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 75 answers
RELEVANCY SCORE 92.8

Help, I keep getting notifications from Norton Internet Security of recent attempts to attack my computer. It comes up as: "HTTPS Tidserv C and C Domain Request"

I also keep getting redirected in firefox while doing internet searches, to various Chinese websites, and ad sites.

Suggestions?

-John

A:redirects and HTTPS Tidserv

Hello cwr56 and welcome to Bleeping Computer! My username is swagger and I'll be helping you. Please read and follow the entire set of instructions below:::MBAM::Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The... Read more

Read other 1 answers
RELEVANCY SCORE 92.8

Norton keeps telling me every 30 minutes that it blocked an intrusion attempt by 34jh7alm94.asia for HTTPS Tidserv Request 2, THis happens when I am not using the browser or any program for that matter. I get the same message when I try to load an internet page on iExplorer. This time though, it mentions that the attempt was made by zl091kha644.com. Most web search I perform on google is redirected to other web pages. If I click on a web link such as Wikipedia from a search engine such as google I also get redirected to another page that is a search engine or sometimes a totally unrelated website.

A:HTTPS Tidserv Request 2

I have solved this problem myself.

Read other 2 answers
RELEVANCY SCORE 92.8

Ive been getting that error... Plz help.

A:HTTPS Tidserv Request 2

Hello and welcome..Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM ... Read more

Read other 1 answers
RELEVANCY SCORE 92.8

I run Windows Vista on a HP Pavillion dv7 Notebook. I also have payed for Norton Anti-Virus. Recently i've been getting pop-up warnings from Norton saying that i have a high security risk called a HTTPS Tidserv Request 2. I'm being attacked from ikaturi11.com and the traffic description is TCP, https.

'An intrusion attempt by ikaturi11.com was blocked. Application path \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE'

Norton says that the attack was blocked and that no action is required. However, i think i know that the problem is that i have a trojan which is trying to connect with a server from my computer? I don't know how to detect or clear the malware on my computer, which i'd very much like help with please.

A:HTTPS Tidserv Request 2

Hello, I removed that reply as I feel we can fix it like this. Let me know.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you

do not see the file extension, please refer to How to change the file extension

.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o... Read more

Read other 11 answers
RELEVANCY SCORE 92.8

Hi, all,Hope I can get some help removing this from my computer. I'm running Windows XP on my machine.Yesterday, I got one of those nasty fake antivirus malware attacks. I was able to restore the machine to an earlier point and things seemed to work okay. I set about looking to remove the malware entirely, but soon started getting messages that Norton was blocking worm attacks. A typical message:Details: Attempted Intrusion "HTTPS Tidserv Request 2" against your machine was detected and blocked.Intruder: 91.212.226.67(https(443)).Risk Level: High.Protocol: TCP.Attacked IP: DEFAULT-YB2SU9S(192.168.1.2).Attacked Port: 1060. Click the address to trace the attacker. My computer starts to get sluggish when these intrusion attempts start, especially if I have any unattended browser windows. Intrusion messages similar to the one above come every 10 to 30 minutes, it seems.I have tried to run a full system scan with Norton, Malwarebytes and Spyware Doctor. All seem to cause my computer to reboot at some point.I followed the instructions on this form to generate the required logs for review. GMER caused my system to reboot after quite a while of a scan attempt. On subsequent attempts, it causes a reboot a couple minutes into the scanning process. I will try again after posting this message and update if I have better success, but I have included what I have.Thanks in advance for any help. Let me know if I should post any further information.KenEDIT: I still ca... Read more

A:HTTPS Tidserv Request 2

Hi KenHR,Welcome to Virus/Trojan/Spyware/Malware Removal forum. If the problem is not resolved update me on the current condition of your computer.Also please run GMER but uncheck all other option except "Sections" (C: drive should remain checked) and post the log. It should take just a few minutes.

Read other 9 answers
RELEVANCY SCORE 92.8

Many many apologies for reposting this here. I initially posted this issue in the wrong forum so I am trying to correct my mistakes. (It helps when you read the Prep Guide, *note to self -RTFM!)Hey all,New to this forum and am looking for some help. It seems my father-in-law was downloading (or attempting to) and clicked something else, and presto chango...I've got a bug. Norton keeps telling me its blocking attempts from 112.121.181.86 or 61.61.20.132 and the risk name is HTTPS Tidserv Request 2. I initially ran a full system scan and it found two instances of W32.Uruy.A and quarantined them. Although that was handled (not sure if they are related), I am still getting those HTTPS Tidserv attempts being blocked. I have browsed this site and seen the help that has been provided for others regarding this matter and figured I would give it a shot as well. Thanks for the help.... *Again, my apologies for double posting this*DDS (Ver_10-03-17.01) - NTFSx86 Run by Shana-Marie at 13:35:04.77 on Sat 04/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.113 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32... Read more

A:HTTPS Tidserv Request 2

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,ExtremeboyHi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For you... Read more

Read other 2 answers
RELEVANCY SCORE 92.8

I have been getting a lot of notifications from my Norton Antivirus that intrusion attempts have been blocked.
For example
"An intrustion attempt by lj1i16b0.com was blocked.
Application path \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE"

I scanned my computer and no viruses were found. I downloaded rkill and then ran it while in safe mode and then rescanned my computer. Again no viruses were found.
So far the only problem I am having with my computer is with my Chrome. It will not load any websites.

Thanks in advance

A:HTTPS Tidserv Request 2

HelloIs this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is ... Read more

Read other 12 answers
RELEVANCY SCORE 92.8

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.Below is the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Krissy at 16:13:04.32 on 17/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.1013.165 [GMT -7:00]SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System3... Read more

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Also, last night, I ran a quick scan on Malwarebytes' Anti-Malware, and it detected "Trojan.Dropper".

Read other 22 answers
RELEVANCY SCORE 92.8

I have done some research on these backdoor trojan viruses, and I have found out that they are very serious, and I really need help to get them off my laptop.
Yesterday, Norton detected Backdoor.Graybird and removed it (I think), and for weeks now, I have been getting notifications on the bottom right-had corner of my screen saying "A recent attempt to attack your computer has been blocked" or something like that, and when I click 'view details', it either describes it as "HTTP Tidserv Request" or "HTTPS Tidserv Request 2" and some IP address and bunch of other things I can't understand. I would really appreciate help on what to do to remove these viruses so I can continue to work on my computer without worrying about hackers stealing my information and whatnot.
Thank you!

A:Backdoor.Graybird, HTTPS Tidserv Request 2, HTTP Tidserv Request detected by Norton Antivirus.

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Read other 2 answers
RELEVANCY SCORE 92.8

Hello. I was brought here through google search, when looking up information on a problem I am having which seems to be affecting people other than me as of late. I am running a Vaio Laptop on Vista Business, and I have been infected since last night with a stealth rootkit (?) which my antivirus software can't completely remove. I am receiving (blocked) HTTPS attacks from various IP's every 10-20 minutes, as informed by Norton Antivirus. HTTPS TidServ 2 affects SVCHOST.exe, and HTTP TidServ affects Firefox.exe. HTTP TidServ seems to respond when I open up Firefox, and whenever I start it up, Firefox usually informs me that it is restoring data from a crash (even though I shut it down legit on last use). Firefox is currently 3.6.3. Prior to this I did not have the most recent version of Java (Release 17), but since this problem, I have updated it to Release 20. Norton has removed several Trojans and a Downloader from the Java cache files, but I am still getting attacks, and Norton, Malwarebytes, and SuperAntiSpyware don't seem to be picking up on whatever program is sending out signals to my attackers. You guys have helped others with problems extremely similar to mine, so please look at my logs, and tell me what actions I can take to remove this nasty bug in my system. Any advice on how to deal with it would be much appreciated. Thank you.(Note that for my privacy, I have omitted references to my real name, but otherwise, everything in the logs is accu... Read more

A:HTTPS TidServ 2 / HTTP TidServ

Hi Aria, and welcome to Bleeping Computer. * Download the file TDSSKiller.zip and extract it into a folder on the infected PC. * Execute the file TDSSKiller.exe by double-clicking on it. * Wait for the scan and disinfection process to be over. * When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.

Read other 2 answers
RELEVANCY SCORE 92

I've done scans with Malwarebytes', superantispyware, and TDSS rootkit but nothing is found; on Norton full scan it comes up with 2 Backdoor.Tidserv!inf as being on the computer but can't remove them. Also I get warnings that an intrusion has been blocked by Norton and from time to time I get the blue screen that forces my computer to restart after dumping some memory. Any help would be much appreciatied.

A:HTTPS tidserv request 2 from Norton 360

Hello, i think we can get this.Is this PC on a network?Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer. Now run TDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Up... Read more

Read other 9 answers
RELEVANCY SCORE 92

My computer is getting attacked - very often- by what Norton Antivirus describes as Https Tidserv Request or Https Tidserv Request 2. From looking at other posts on this site, I suspect my computer has some kind of rootkit virus.

The Norton antivirus scans do not pickup anything - but fairly frequently, either svchost.exe, or ccSvcHst.exe takeup almost all of my CPU power. I can kill the svchost ones through task manager, but the ccSvcHst.exe (supposedly a norton app) can not be stopped.


I posted this issue originally yesterday - but in doing so I replied to my own posting a number of times - because I had problems posting the dds.txt. So I closed that posting and started a new one so someone would reply to it. The dds.txt for some reason would not post directly - so I had to attach it as dds1.zip.

I would really appreciate any help I can get - I need to clean this up!


--Thanks
Mike C.




DDS (Ver_10-03-17.01) - NTFSx86
Run by annm at 20:53:45.06 on Wed 08/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.191 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe ... Read more

A:HTTPS Tidserv Request Problem!

Hello, I am jimi and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please *subscribe to this thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools*, then click *Subscribe to this Thread*. Make sure it is set to *Instant Notification*, then click *Subscribe*.

Read other 19 answers
RELEVANCY SCORE 92

I was surfing the net using Google Chrome when all of a sudden I started seeing some fishy activity. The Java Icon came up, some Java was being run, and after that I've been getting notifications from Norton saying An Intrusion Attempt was blocked. There's a few different attacking computers that are in the logs. Says, the attack resulted from DEVICEHARDDISKVOLUME1WINDOWSSYSTEM32SVCHOST.EXE. Lately, I've been using Firefox to browse the net and, strangely, when I click on google search results I am brought to something completely irrelevant, and can see the URL is different. Not sure if these two are involved or if some other nasty is playing games with me. Forgot to mention, Google Chrome isn't working anymore. I can start the browser but can't use it to surf the net. It just seems to continuously load the page, though the page stays blank. Another thing I noticed, I can't access history and extensions in the browser. Not sure what's going on. Any help is appreciated!DDS (Ver_10-03-17.01) - NTFSx86 Run by *censored* at 6:29:48.09 on Fri 04/16/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.753 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}============== Running Processes ===============C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32nvvsvc.e... Read more

A:Infected with HTTPS Tidserv Request 2

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 7 answers
RELEVANCY SCORE 92

Norton is displaying a message every few minutes that says an intrusion attempt by zz87jhfda88.com was blocked. It is considered high severity and it says the application path is DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE.I ran DDS and Defogger successfully and tried running GMER twice. Both times it started but did not finish and my computer just hung with 100% CPU utilization. I had to power down to reboot.I also noticed that even after a reboot there is a svchost.exe process running which consumes 50-80% CPU and 150MB RAM. This is not normal.Please help me get rid of this problem.DDS (Ver_10-03-17.01) - NTFSx86 Run by Gary at 14:36:13.42 on Thu 06/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1262 [GMT -5:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\igfxpers.exeC:\P... Read more

A:Infected with HTTPS Tidserv Request 2

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 11 answers
RELEVANCY SCORE 92

DDS (Ver_10-03-17.01) - NTFSx86 Run by Lauren at 0:41:07.38 on Tue 06/01/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3327.1784 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeC:\Windows\system32\taskhost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin�... Read more

A:Infected with HTTPS Tidserv Request 2

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 92

Norton has been telling me it has blocked an intrusion from https tidserv request 2 as often as every ten minutes. My first instinct was to update and run Spybot SE which did remove two files, however, after rebooting I still have the same problem which led me to here.I have included all logs needed, but had to boot into safe mode for GMER to work correctly. After that I then rebooted into normal mode to write this post.Please help as this is my business laptop. I believe it came from a bad video file which redirected to a website (from a friend lol).EDIT : Please remove other posts for this issue as my browser was showing a blank page as if it had not posted to the forum. I used another computer to post this and can now see I posted quite a few times. Sorry, for the inconvenience, but it looked as though nothing was posting from the infected laptop). Sorry.DDS (Ver_10-03-17.01) - NTFSx86 Run by morrow95 at 0:00:05.21 on Fri 06/04/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2388 [GMT -4:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin&... Read more

A:Infected with https tidserv request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 4 answers