Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Tidserv Request


  • Please log in to reply
5 replies to this topic

#1 Cgon

Cgon

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 14 April 2010 - 11:39 PM

I seem to constantly get these messages from Norton 360 telling me that "A recent attack to my computer has been blocked" and when I click on it describes it as HTTP tidserv request attacking computer 213.163.89.105, 80 and well I suppose that I have Trojans on my computer since I have been able to remove some but I feel that they are not all gone since every time I go online and search anything I get redirected to something else. I am new to all this so I am sorry for the inconvenience thank you.

Edited by Budapest, 15 April 2010 - 12:04 AM.
Moved from Win7 ~BP


BC AdBot (Login to Remove)

 


#2 chrisw99

chrisw99

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 15 April 2010 - 05:44 AM

I am getting exactly the same thing, from the same IP address 213.163.89.105. It all started a few days ago when I got the XP Defender Pro malware/virus, which I've had before

Ran through all the usual steps, found a few trojans, etc, and thought I was clean and it had gone away.

Now it's back, and every single piece of trojan/malware/virus software is reporting my PC as clean, yet the browser is always redirecting, my windows update is blocked, and I contantly get that tidserv request. I'm hoping this is just something new and that the removers will be updated with it soon, but it's a real pain.

If anyone has any ideas how to get rid of this, I'd love to hear them...

#3 Cgon

Cgon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 15 April 2010 - 02:35 PM

We are on the same page then, my software all say that its all clean but I have a feeling they are not but seem to be hiding very good in your computer..and when you search something it redirects you to something not even close to that. I looked up stuff on other websites but I don't want to try them since it could be different for mine. So if you hear something before someone helps me let me know. Thanks

#4 Cgon

Cgon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 16 April 2010 - 12:46 AM

BUMP

#5 chrisw99

chrisw99

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 16 April 2010 - 02:53 AM

I cleaned my PC eventually yesterday, a case of trial and error really.

gmer was reporting iastor.sys had a suspicious modification, but everything I tried to get a clean version of it on (avenger, etc) didn't work.

I ended up switching my BIOS settings to use SATA-IDE mode rather than SATA-AHCI so that the system wasn't using iastor.sys, I then booted off an Ubuntu CD and wiped every occurrence of iastor.sys

When I next rebooted into windows, the redirect/update block was still there and had transferred to atapi.sys. This now did seem to get detected by tddskiller from kapersky, and said it would be cleaned on reboot, but it wasn't. Back into ubuntu, I removed all occurrences of atapi.sys and copied a clean one from a different PC. This seemed to get rid of the virus, but the PC would only stay up for a minute without blue screening.

So i finally switched the motherboard back to AHCI mode and reinstalled Intel Matrix Storage manager to get iastor.sys back on. Fingers crossed, it's all working fine now, no redirects and windows update is working again.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:18 AM

Posted 19 April 2010 - 09:24 PM

Hello chrisw99,

What you are describing sounds like a rootkit infection which is bad business. Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users