Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Tidserv Request, Need help removing and possible other malware/Virus's


  • This topic is locked This topic is locked
5 replies to this topic

#1 Blackphoenix297

Blackphoenix297

  • Banned
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 01 March 2010 - 03:26 PM

Well, i was downloading some hacks for game (don't get any ideas and start saying im a noob), they were for me and my friend to screw around in a private match. But apparently from other experience you have to turn off you anti virus in order to run the hack since its trying to acces the game process. But was it a hack? maybe, but it infected my computer. now it runs as slow as ****. And i desperately need help removing it.

Details:
First of all, every five to 60 minutes, i get this pop up window from norton (2009), A recent attempt to attack your computer was blocked. now from what ive heard Tidserv's are the worst kind of malware. And im not much of a virus expert, but what i have learned about tidserv's concerns me a LOT. Theres a new one out aparently called Backdoor.Tidserv.K, and im getting those exact symptoms, though the problem is, my norton is telling me im being attacked by numerous ip's.

What i know: well, from learning about tidservs, ive learned that the newer one (mentioned above) has the symptoms im getting. Those symptoms are things like Slowing down firefox.exe, chrome, anything with those taglines basically. the only way i can get ON/Browse the internet is IE, which i really hate. Now like i said im not a pro, but i think a Backdoor.Tidserv.K got on my computer, but when i read a forum post from symantec, they said HTTP Tidserv Request's are rootkits, so im thinking its hiding my virus. i tried AVG Anti Rootkit, but it seems to be making new rootkits whenever i start up (in other words, whenever i start SVCHOST.EXE, which obviosly runs on all computers)

Now if anyone needs details ill be happly to supply them. (no really, all i have to do is open IE, search ANYTHING and the damn virus will try to attack my computer.) (excuse the language)


PLEASE i REALLY need help getting rid of this, and what i want is to GET RID OF IT, no i dont want to close my account unless thats my ONLY option, but if i have to reinstall windows, forget it ill just move on and tell norton to stop notifying me. the reason ill remove my account, is because i can probably move most of my things that i know are clean into a public folder, like games and stuff, things like Xfire or steam i can just re install since they really take no time at all. but ANYONE please help me, this thing is a monster (litterely) and i need help A.S.A.P. and do note that im not gonna be able to fix this, because ive tried already, and i think it bit me o_O. (not a joke its really fighting back hard) ive done full scans, rootkit removers, malwarebyte Anti-malware program, Noadware (which really didnt help at ALL) and a bunch of other stuff. PLEASE HELP ME!!!!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 AM

Posted 01 March 2010 - 05:15 PM

Hello...The TDSSSERV rootkit component. Rootkits, backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do


Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?


Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is another hidden piece of malware which has not been detected by your security tools that protects malicious files and registry keys (which have been detected) so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS/HijackThis log for further investigation. Let me know how you wish to proceed.



To clean,..You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..
If for some reason you cannot perform a step, move on to the next.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Blackphoenix297

Blackphoenix297
  • Topic Starter

  • Banned
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 01 March 2010 - 05:34 PM

um, no nothing was compromised, i only disabled anti virus thats all, everything else norton has blocked. ive seen this on another forum post and this is not what they told the person. if you're not going to help, i'll look elsewhere. Hell, i might even get a hacker to get rid of the damn thing. Norton protected ALLL paswords and has blocked every attack so far. nothing has been compromised. i just need to get rid of it. and if you were smart enough to read my post you would know im not looking forward to reformatting my computer. also its not a trojan, its a Backdoor.TIDSERV, i already deleted all trojans on my computer, plus no other user accounts have been compromised, give me the information i need and ill be on my way. if you even ban me for threatning you i'll tell every single god damn person i know about how NOT helpfull this site was.

#4 Blackphoenix297

Blackphoenix297
  • Topic Starter

  • Banned
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 AM

Posted 01 March 2010 - 05:40 PM

sorry for getting pissed, i just dont want to remove anything except the virus. and really i hate it when people dont get my point. so could you provide a link to this DDS? and i really consider reformating as a last option, if deleting my user account is an option, ill gladly do that. id just need to scan all my files on my desktop and my games and then put em in a folder. the only reason i DONT want to reformat and reinstall, is because i dont have the money to buy a new OS, and i don't have the disc to my original. secondly i downloaded a lot of games, no thats NOT my problem its with another file i downloaded. and i need to get rid of it.

Edited by Blackphoenix297, 01 March 2010 - 05:45 PM.


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:41 AM

Posted 01 March 2010 - 10:20 PM

Hello,

I see that you got down to the instructions in boopme's post for creating the DDS logs and posting in the log forum.

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/299563/http-tidserv-request-need-cleaning-and-fast-o/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:41 AM

Posted 02 March 2010 - 03:26 PM

if you even ban me for threatning you i'll tell every single god damn person i know about how NOT helpfull this site was.


Well, you are going to be banned anyway, and we will leave this post here so that people can see what a tw@ to really are. If you don't like how we do things, tough. We do our best in our own free time to be thorough and helpful. Please let me know where I can send your refund.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users