Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1st Post: Having an intrusion issue


  • Please log in to reply
2 replies to this topic

#1 DBisDecibel

DBisDecibel

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 13 July 2010 - 11:38 PM

Hi guys,

This is my first post, and I am glad your forum exists.

Starting today, I have been receiving numerous pop-ups from my Norton that says an intrusion was blocked. I am not sure if it is Malware, as I am not much of a tech guy.

Here's some details.

- Running XP
- Norton says it attacked from a web address. I have seen 2 separate web addresses today.
- Norton also says this: device\harddiskvolume1\windows\system32\svchost

I actually called Norton and the guy told me to check out a website, but the address he gave me does not even work. Luckily, I found your site.

I have never had one issue like this in the 4-5 years I owned this computer. According to the virus protection, they blocked the attacks and I have nothing to worry about. But they still label the severity as High. I'm not satisfied with their answer that I have nothing to be concerned about.

If anyone has any insight, please let me know. The computer appears to be running fine.

Thanks, guys.

Edited by Blade Zephon, 14 July 2010 - 01:10 AM.
Move to AII. ~BZ


BC AdBot (Login to Remove)

 


#2 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 14 July 2010 - 04:32 AM

Hi and welcome, the staff are working on a bit of a backlog ATM I think. they will I am sure, get to you soon.

In the mean time, lets see if we cant give you a little confidence and also get some background info to help them

1. Is your Norton up to date? (what version is it, what version are the virus signatures?)
2. what site did the norton guy tell you to go to?
3. when you say: "Norton also says this: device\harddiskvolume1\windows\system32\svchost", that is a little abitrary, what did norton say about this?
4. Please perform a full scan with Norton (assuming it is up to date) and let us know about any problems it reports
5. When it says Severity Level is High, there are a number of factors that are used to assess the severity level, however, if it reported it then it is very likely it prevented it.

Edited by Cheredanine, 14 July 2010 - 04:49 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 PM

Posted 14 July 2010 - 12:33 PM

Hello and welcome. looks like a possible Tidserve infection.

Is this PC on a network?

Run a full system scan in safe mode with the latest Norton definitions. Then unplug the network connection and reboot the computer. Does the backdoor.tidserv detection come up again? If so, then we need to search for another undetected process on your computer.


Now run TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users