Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv Request detected


  • Please log in to reply
3 replies to this topic

#1 Artain

Artain

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 22 June 2010 - 10:48 PM

I have noticed that my Symantec Endpoint antivirus gets upset when I do a google search a balloon pops up (from the symantec tray icon) to tell me that it has blocked traffic that it says is
[SID:23621] tidserv
and sometimes i get a pop up balloon saying
[SID:23615] HTTPS Tidserv request 2 Detected

The logs of the events are below:
6/22/2010 6:19:34 PM Intrusion Prevention Critical Incoming TCP 91.212.226.67 00-00-00-00-00-00 192.168.0.3 00-00-00-00-00-00 C:\Program Files\Mozilla Firefox\firefox.exe ArtainA ARTAIN Default 1 6/22/2010 6:18:30 PM 6/22/2010 6:18:30 PM

6/22/2010 6:18:07 PM Intrusion Prevention Critical Outgoing TCP 91.212.226.178 00-00-00-00-00-00 192.168.0.3 00-00-00-00-00-00 C:\Program Files\Mozilla Firefox\firefox.exe ArtainA ARTAIN Default 2 6/22/2010 6:16:43 PM 6/22/2010 6:17:03 PM


I have run a scan with symantec and malwarebytes (free version) and superantispyware (free edition). The first scans produced hits that didn't necessarily match the tidserv issue. I have also run the scans with the computer in safemode. Since then, all three scans come up clean as well as another software that I downloaded named "Exterminate It!" Exterminate it!'s website described files and registry entries i should delete to get rid of any tidserv trojans, but all of the described files and registry entries were not present.

Symantec continued to complain during my web browsing, so I spent a serious amount of time today trying to conduct a system restore from a restore point from a month ago. I had no success as each time my computer restarted system restore wizard alerted me that the system restore was "incomplete." Based upon another suggestion I made a test restore point and loaded from that to see if my system restore was corrupted. Since the test worked just fine, I feel comfortable that something else is at play (since I tried disabling my antivirus before loading the restore point).

I have noticed there are a number of successful threads on this forum regarding this same issue, and I wanted to seek the advice of professionals while using a software such as combofix. I will subscribe to this post, and make sure to reply promptly. What kind of information would you like me to provide for you?

On another note, since those last intrusion attempts, I have used google without any further intrusion attempts. Is it possible my computer is clean again? In the interim I have avoided using my computer for banking and any other sensitive information online in the case that keyloggers are present.


Thank you in advance.

-Artain

Edited by Orange Blossom, 23 June 2010 - 01:52 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 24 June 2010 - 06:36 PM

Try this:

http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Artain

Artain
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 24 June 2010 - 09:09 PM

Actually, the situation is resolved. I used a TDSS killer and then followed it up with combofix. I have noticed no problems since then.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 24 June 2010 - 09:28 PM

:thumbsup:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users