Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTPS tidserv request 2 from Norton 360


  • This topic is locked This topic is locked
9 replies to this topic

#1 sn3akym4n

sn3akym4n

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 13 June 2010 - 12:59 AM

I've done scans with Malwarebytes', superantispyware, and TDSS rootkit but nothing is found; on Norton full scan it comes up with 2 Backdoor.Tidserv!inf as being on the computer but can't remove them. Also I get warnings that an intrusion has been blocked by Norton and from time to time I get the blue screen that forces my computer to restart after dumping some memory. Any help would be much appreciatied.

Edited by sn3akym4n, 13 June 2010 - 10:14 AM.
Mod Edit: Moved from Windows 7 Forum - AA


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:39 PM

Posted 13 June 2010 - 05:08 PM

Hello, i think we can get this.

Is this PC on a network?

Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.


Now run TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sn3akym4n

sn3akym4n
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 13 June 2010 - 11:20 PM

Ok, so I ran my Noton 360 full scan in safe mode and it came up with 3 Backdoor.Tidserv!inf. infections, I've disconnected from my network (I'm wired to a belkin Mimo), started up normally, and began running a scan. Tomorrow I will post the results of the scan as soon as possible. Thanks for the help ahead of time!

#4 sn3akym4n

sn3akym4n
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 14 June 2010 - 04:58 PM

The second scan while disconnected from the network came up with 2 Backdoor.Tidserv!inf. infections. Then I ran the TDSSKiller as following the directions and it came up with nothing, the log follows.

16:55:31:972 4076 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
16:55:31:972 4076 ================================================================================
16:55:31:972 4076 SystemInfo:

16:55:31:972 4076 OS Version: 6.1.7600 ServicePack: 0.0
16:55:31:972 4076 Product type: Workstation
16:55:31:972 4076 ComputerName: MRROGERS-PC
16:55:31:972 4076 UserName: Mr. Rogers
16:55:31:972 4076 Windows directory: C:\Windows
16:55:31:972 4076 Processor architecture: Intel x86
16:55:31:972 4076 Number of processors: 2
16:55:31:972 4076 Page size: 0x1000
16:55:31:972 4076 Boot type: Normal boot
16:55:31:972 4076 ================================================================================
16:55:32:425 4076 Initialize success
16:55:32:425 4076
16:55:32:425 4076 Scanning Services ...
16:55:33:610 4076 Raw services enum returned 480 services
16:55:33:626 4076
16:55:33:626 4076 Scanning Drivers ...
16:55:33:891 4076
16:55:33:891 4076 Completed
16:55:33:891 4076
16:55:33:891 4076 Results:
16:55:33:891 4076 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:55:33:891 4076 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:55:33:891 4076
16:55:33:891 4076 KLMD(ARK) unloaded successfully

#5 sn3akym4n

sn3akym4n
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 14 June 2010 - 05:37 PM

My malware bytes scan, i did the update and quick scan and the results were nothing.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/14/2010 5:07:49 PM
mbam-log-2010-06-14 (17-07-49).txt

Scan type: Quick scan
Objects scanned: 122112
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:39 PM

Posted 14 June 2010 - 07:47 PM

Norton may have grabbed it. Are you still getting the Request?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 sn3akym4n

sn3akym4n
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 14 June 2010 - 07:59 PM

Yeah, when I access the internet it normally does it.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:39 PM

Posted 14 June 2010 - 08:45 PM

Ok, it's the stubborn one. We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 sn3akym4n

sn3akym4n
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 14 June 2010 - 09:54 PM

Thanks again for all the help and I've posted a new topic.

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:39 PM

Posted 14 June 2010 - 09:55 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/324503/backdoortidservinf/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users