and sometimes i get a pop up balloon saying
[SID:23615] HTTPS Tidserv request 2 Detected
The logs of the events are below:
6/22/2010 6:19:34 PM Intrusion Prevention Critical Incoming TCP 220.127.116.11 00-00-00-00-00-00 192.168.0.3 00-00-00-00-00-00 C:\Program Files\Mozilla Firefox\firefox.exe ArtainA ARTAIN Default 1 6/22/2010 6:18:30 PM 6/22/2010 6:18:30 PM
6/22/2010 6:18:07 PM Intrusion Prevention Critical Outgoing TCP 18.104.22.168 00-00-00-00-00-00 192.168.0.3 00-00-00-00-00-00 C:\Program Files\Mozilla Firefox\firefox.exe ArtainA ARTAIN Default 2 6/22/2010 6:16:43 PM 6/22/2010 6:17:03 PM
I have run a scan with symantec and malwarebytes (free version) and superantispyware (free edition). The first scans produced hits that didn't necessarily match the tidserv issue. I have also run the scans with the computer in safemode. Since then, all three scans come up clean as well as another software that I downloaded named "Exterminate It!" Exterminate it!'s website described files and registry entries i should delete to get rid of any tidserv trojans, but all of the described files and registry entries were not present.
Symantec continued to complain during my web browsing, so I spent a serious amount of time today trying to conduct a system restore from a restore point from a month ago. I had no success as each time my computer restarted system restore wizard alerted me that the system restore was "incomplete." Based upon another suggestion I made a test restore point and loaded from that to see if my system restore was corrupted. Since the test worked just fine, I feel comfortable that something else is at play (since I tried disabling my antivirus before loading the restore point).
I have noticed there are a number of successful threads on this forum regarding this same issue, and I wanted to seek the advice of professionals while using a software such as combofix. I will subscribe to this post, and make sure to reply promptly. What kind of information would you like me to provide for you?
On another note, since those last intrusion attempts, I have used google without any further intrusion attempts. Is it possible my computer is clean again? In the interim I have avoided using my computer for banking and any other sensitive information online in the case that keyloggers are present.
Thank you in advance.
Edited by Orange Blossom, 23 June 2010 - 01:52 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB