Random programs started running. Malware Removal Instructions Board index Information The requested topic does not exist. Couldn't do anythng else or screen dump processed so just physically rebooted the computer. Earlier today, NAV reports that the above infection modified my registry. http://softsystechnologies.com/http-tidserv/http-tidserv-request-https-tidserv-request-2-http-fake-scan-webpage-5.html
I went into the Norton intrusion log and showed them otherwise(!) and they then told me it is complicated and that I will need to reinstall Windows....???? All trademarks are the property of their respective owners. I've seen some topics handling this problem, but every solution was different and therefore I opened this new topic. The team • Delete all board cookies • All times are UTC - 5 hours [ DST ] Contact us: firstname.lastname@example.org Advertisements do not imply our endorsement of that product or navigate here
So my question is - can I trust it? I went into the Norton intrusion log and showed them otherwise(!)" That's because even with atapi.sys swapped the actually file (driver) infected was not "atapi.sys" Quads JDM Regular Visitor3 Reg: 17-May-2010 Tries to fix these, but they are always there on the next scan." or similar, there is no speculation on my part I know why that is happening with the old
A case like this could easily cost hundreds of thousands of dollars. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: HTTPs Tidserv Request Posted: 19-May-2010 | 1:28AM • Permalink NOTE: the old documents on "backdoor.tdss.565" are out of I don't know if you have found this thread and the attached articles on these type of infections, but it is extremely interesting.
Which is why the remover keep being up dated for TDL2, TDL3 and TDL4 It is updated for TDSS only as the new above "backdoor.tdss.565" appear. No determination was made of what driver was infected in this case. This was pretty disturbing, so I got onto Norton online support again (7 day warranty on virus removal service) and have spent the last two hours watching them try and remotely https://forums.malwarebytes.com/topic/48430-http-tidserv-request-2/?do=getFirstComment Please note that your topic was not intentionally overlooked.
Please don't post your email in a public thread.............................................................................................[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] No doubt someone is going to tell you that you are likely to have a rootkit infection. That is why when "atapi.sys" was swapped above it was still detecting "atapi.sys" as infected, because it actually wasn't "atapi.sys" that was infected, Quads Dr Web's document on backdoor.tdss.565 is Anyway, infected with antispyware soft going crazy and totally locking me out of the internet, I had to use my work computer to contact Norton online support. For anyone who's ever used
To learn more and to read the lawsuit, click here. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, I think I got it by surfing onto filestube/rapid share (even though I didn't click anything, the system seemed to lose it after a couple of pop ups shot up)... OTL.Txt and Extras.Txt.
If that were the case then that is indeed true but then they are not called backdoor.tdss.565. check my blog OTL.Txt and Extras.Txt. The forum is run by volunteers who donate their time and expertise. I ran it again this morning and noticed that if I tried to do anything in the system in the background, even simple things like open a BMP with Paint, it
Join & Ask a Question Need Help in Real-Time? TDSSkiller has been updated to detect TDL4 and this also stops the False Positive detection of the disk controller. If you have any queries or you are unsure about anything, just say and I'll help you out It may well be worth you printing/saving the instructions throughout the fix, so http://softsystechnologies.com/http-tidserv/http-tidserv-request-https-tidserv-request-2-infection.html Tdsskiller has been updated in respect of new malware it is not because the information which they themselves produced in respect of backdoor.tdss.565 is incorrect or out of date.Nobody has said
Check out the forums and get free advice from the experts. Anti-Spy2010-04-12 22:51:34 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-04-12 18:03:03 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Tific2010-04-12 18:02:18 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF2010-04-12 18:02:18 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT2010-04-12 18:02:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL2010-04-12 18:02:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2010-04-12 18:01:45 0 d-----w- c:\windows\system32\drivers\N3602010-04-12 18:01:44 0 My comments in red.
I keep getting additional virus/trojans that Norton and Malwarebytes fix, but nothing seems to remove the tidserv. Start Run was disabled. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. So, really from this, my questions are: -Is this kind of erratic behaviour normal for GMER or is something undetected playing with it? -Does a clean scan from Black Light and
Tries to fix these, but they are always there on the next scan." Thanks again, James. Double click GMER.exe. The Trojan infects a system driver file with its own code. have a peek at these guys Namely it has been observed to be spread by fake blogs rigged with URLs to sensational videos that "must be seen" or bogus blog or forum comments with similar baits.
In terms of how atapti.sys was identified, that was not communicated by Norton - I was simply watching the process remotely. As an additional precaution, I used the Norton firewall to block all traffic to/from the IP addresses the backdoor was using. Using the site is easy and fun. Wow! How did you get the original poster here to run tdsskiller? I certainly did not see that the poster had done that or posted the results.
Perhaps you misunderstood what the poster posted. ADS - WINDOWS: deleted 23818 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\Downloaded Program Files\f3initialsetup220.127.116.11.infD:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))).2010-08-04 21:14 . 2010-08-04 21:15 -------- d-----w- c:\documents and settings\Owner\Application While watching them try and fix it, I noticed that the technician went into my norton and turned off the "Notify Me" option for this particular alert, then did some test Quads Instructor Contributor4 Reg: 13-Sep-2008 Posts: 21 Solutions: 0 Kudos: 2 Kudos0 Re: HTTPs Tidserv Request Posted: 19-May-2010 | 10:02AM • Permalink Quads wrote:When a person states "Kaspersky tdsskiller.exe finds one
It simply scanned through everything and didn't give me any alerts. Live2010-08-03 04:16 . 2010-08-03 04:16 -------- d-----w- c:\program files\Microsoft2010-08-03 04:16 . 2010-08-03 04:16 -------- d-----w- c:\program files\Windows Live SkyDrive2010-08-01 23:36 . 2007-09-06 13:14 822400 ----a-w- c:\windows\system32\drivers\wn311b.sys2010-08-01 23:36 . 2007-01-18 15:29 102400 What does get confusing is when a poster reads info, and decides to swap say atapi.sys, still infected they see, so try again, swap, in the end throw their hands up HTTP Tidserv Request with log Started by Bhavir , Nov 07 2010 01:59 AM Please log in to reply 3 replies to this topic #1 Bhavir Bhavir Members 3 posts OFFLINE
Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog From Combofixlet me know of any problems you may have hadHow is the computer There is only one backdoor.tdss.565 the others are suffixed "based.6; 2459 and 2504" they are not 565. As per my original post, I reconnected with the Norton tech yesterday evening.