Everything's back to normal, but from now on I'm surfing in a sandbox! funny how they can do that but no need to downgrade a good product because someone found a way around it. THANKS FOR YOUR HELP! Pia Neda ― August 7, 2010 - 12:56 am Norton detected Tidserv Request 2 which it blocked but it was HIGH severity and every 2 minutes Click the Program Control tab. check over here
as I said in my intro, particularly curious that both Ciaran and myself, seasoned IT users seem to have come across this at the same point in time. Once this is done, try accessing the internet again. As it's now after midnight here and I have to get up for work in the morning, I told the Norton tech that we'll have to resume this evening. Using the Delete button, you can delete a rule for the selected application (e.g., Firefox.exe). http://www.bleepingcomputer.com/forums/t/319381/http-tidserv-request-blocked-by-norton-internet-security-2010/
And this still doesn't explain the statistical submissions that occured an hour after I had finsihed the GMER scan and half an hour before the unauthoirsed access. This can include one for Windows Explorer, Firefox, and even Thunderbird launching itself when it upgrades. Roger123 Regular Visitor3 Reg: 31-May-2010 Posts: 7 Solutions: 0 Kudos: 0 Kudos0 "A recent attempt to attack your computer was blocked" Posted: 31-May-2010 | 4:33PM • 15 Replies • Permalink I For example, Comodo doesn't have just one rule for Thunderbird, it creates rules that also specify what application launched Thunderbird.
I went into the Norton intrusion log and showed them otherwise(!)" That's because even with atapi.sys swapped the actually file (driver) infected was not "atapi.sys" Quads JDM Regular Visitor3 Reg: 17-May-2010 Some Internet Research led me to this forum. But at least TDSSkiller is updated for it So I should have to script for TDL4 for awhile, well until the next change for TDSS, what ever that might be. What does get confusing is when a poster reads info, and decides to swap say atapi.sys, still infected they see, so try again, swap, in the end throw their hands up
If that were the case then that is indeed true but then they are not called backdoor.tdss.565. Uninstalling ZoneAlarm from Settings | Control Panel | "Add or Remove Programs" may not actually uninstall the firewall. delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos1 Stats Re: repeated "intrusion attempt" alerts from Norton AV 2010 Posted: 19-May-2010 | 9:36AM • Permalink It looks to To configure Comodo Firewall Pro, using Thunderbird as an example: Right click on the Comodo icon in the system tray and select open.
Allen Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 184.108.40.206* Ghost 15 * IE 9, Firefox, Safari. To reiterate the question is what you propose to do. If you don't need this fine grained control rather than pressing the parent browse button select "skip parent check" to make it use one rule (and avoid specifying who can launch ZoneAlarm may block these messages, and you may get disconnected.
Would appreciate anyone's thoughts/advice etc.... https://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99&tabid=2 Norton 360: Click Tasks and Settings, click Change Advanced Settings, then click Firewall Protection Settings. At first it was vary scary, files being reported as infected. Standalone computer) -> Applications click on the Mozilla application rule that you want to change click "Delete this rule" If you need more help, see the article Configuring AVG Internet Security
Without these malicious attacks, they would be out of business. check my blog Norton 360: Select Allow, click Apply, then Close, and then click Yes. While watching them try and fix it, I noticed that the technician went into my norton and turned off the "Notify Me" option for this particular alert, then did some test With so many would be experts willing to advise it makes it hard to find the real gems.
In the Program Permissions list, find the entry or Application Rule for your Mozilla application and delete it. Also, make sure that you keep your Norton Product up-to-date to offer the best protection against Online Threats. Visit McAfee Technical Support or the McAfee Support Forums if you need more help. Norton firewalls from Symantec The Symantec support site for Norton products offers extensive resources, including the AutoFix http://softsystechnologies.com/http-tidserv/http-tidserv-request-https-tidserv-request-2-http-fake-scan-webpage-5.html My system was going down fast.
Thanks to you and quad for the recommendation. I'll create and account over there and ask for advice. System restore tab was removed. so if there is an infection it is not doing anything that I can discern.
I have the same situation as Ciaran (without the BSOD though), and looks like I got the infection on 14/7. Look for your internet program (e.g. "Mozilla" or "Firefox") and ensure that the permissions under ‘Access’ and ‘Server’ have a green check mark (allow). I wasn't sure if you needed them attached or pasted so I did both.OTL logfile created on: 5/28/2010 9:50:44 AM - Run 1OTL by OldTimer - Version 220.127.116.11 Folder = C:\Documents Tdsskiller has been updated in respect of new malware it is not because the information which they themselves produced in respect of backdoor.tdss.565 is incorrect or out of date.Nobody has said
So I have run Black Light and GMER and nothing has been detected (though GMER was strange, as per above). The most important one is Action, which shows how Firewall is treating the application. And now everything is back to normal. http://softsystechnologies.com/http-tidserv/http-tidserv-request-https-tidserv-request-2-infection.html This article provides general information about software firewalls as well as information about specific firewall programs.
With the documents on 565, and talking about the disk controller being infected, People reading the document then thinking "atapi.sys" or other disk contoller needs swapping and finding that after "atapi.sys" MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. At this stage, that is what the Norton tech is proposing. Also, i'm still very concerned of what this rootkit or virus or whatever it is actually does other than try to intrude on my computer.
The attack resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE.The Risk name is under HTTP Tidserv Request.I also get similar attacks from the IP addresses 18.104.22.168, 22.214.171.124, and 126.96.36.199 under the Risk name HTTPS James. [edit: Clarified subject to reflect move.] Me Too0 Last Comment Replies JDM Regular Visitor3 Reg: 17-May-2010 Posts: 6 Solutions: 0 Kudos: 0 Kudos0 Re: HTTPs Tidserv Request Posted: 17-May-2010 | Googling for Tidserv on another computer turned up MyAntiSpyware as a potential removal tool. Double click the TDSSKiller icon.
My comments in red. Under Personal Firewall, click Settings. Web' until 'scan.' is enclosed in quotation marks indicating that he was quoting. But the pop up about the TIDSERV finally stopped.
Would appreciate anyone's thoughts/advice etc.... James. [edit: Clarified subject to reflect move.] cgoldman Super Spam Squasher12 Reg: 25-Jun-2008 Posts: 2,759 Solutions: 35 Kudos: 275 Kudos1 Stats Re: HTTPs Tidserv Request Posted: 17-May-2010 | 1:02PM • Permalink Click on Settings under Filtration System. With the documents on 565, and talking about the disk controller being infected, People reading the document then thinking "atapi.sys" or other disk contoller needs swapping and finding that after "atapi.sys"
That should display a list of applications and their rules. If you need more help, see Configuring Comodo Firewall Pro (Firefox Support) or visit Comodo Support. Comodo Internet Security Comodo Internet Security includes the Comodo Firewall.