Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeated Intrusion Attempts


  • Please log in to reply
4 replies to this topic

#1 lugnut33

lugnut33

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 20 July 2010 - 08:01 PM

Hello,

This is my first time posting so pardon my lack of knowledge about what to say, ask, and/or do. My Norton AntiVirus 2010 keeps prompting me about repeated intrusion attempts from various IP addresses. They happen every few minutes, then the machine locks up. I'm running Windows XP SP3. Norton says it's an https tidserv request.

No clue what to do....help.

Thanks

BC AdBot (Login to Remove)

 


#2 Michael York

Michael York

    Authorized Symantec Representative


  • Members
  • 118 posts
  • OFFLINE
  •  
  • Location:San Francisco, California
  • Local time:04:59 AM

Posted 10 August 2010 - 07:09 PM

Hi lugnut33,

This is Mike from the Norton Authorized Support Team.

The fact that Norton is blocking the intrusion attempt means that Norton is doing it's job. However, I would like to know which IP addresses are apparently attacking your machine so please look through the Security History and let me know what it has recorded. You may also have other infections on your system that are causing the freezing Please check the "Recent History" pull-down for any entries that may indicate an infection and let me know what was found.

I would advise you to manually run LiveUpdate to make sure you have the latest patches applied. Next, restart your computer into Windows Safe Mode, launch Norton AntiVirus and then complete a Full System Scan to see if it picks anything up.

Thanks,
Mike


Hello,

This is my first time posting so pardon my lack of knowledge about what to say, ask, and/or do. My Norton AntiVirus 2010 keeps prompting me about repeated intrusion attempts from various IP addresses. They happen every few minutes, then the machine locks up. I'm running Windows XP SP3. Norton says it's an https tidserv request.

No clue what to do....help.

Thanks


Michael York
Norton Authorized Support Team
Symantec Corporation
http://service.symantec.com/priority

#3 TysonE

TysonE

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 12 August 2010 - 01:14 AM

Hey Mike I have exactly the same problem. I have reinstalled Norton and did full system scans with my Norton and Super Antispyware.
Heres all the details for you to help my problem.

Risk Name: HTTP Tidserv Request
Attacking Computer: 91.126.73.61, 80
Attacker URL: (Extremly long series of numbers and letters, ask if needed)
Destination Address: USER-EB01CC8211 (10.0.0.5, 1912)
Source Address: 91.216.73.61

Please help me sort this problem out before it ruins my computer.
Thankyou.

#4 Michael York

Michael York

    Authorized Symantec Representative


  • Members
  • 118 posts
  • OFFLINE
  •  
  • Location:San Francisco, California
  • Local time:04:59 AM

Posted 12 August 2010 - 01:26 PM

Hi TysonE,

Please try the steps that I describe in the previous post. Disable System Restore first, as some infected files may exist in one of your Restore Points.

Thanks,
Mike

Hey Mike I have exactly the same problem. I have reinstalled Norton and did full system scans with my Norton and Super Antispyware.
Heres all the details for you to help my problem.

Risk Name: HTTP Tidserv Request
Attacking Computer: 91.126.73.61, 80
Attacker URL: (Extremly long series of numbers and letters, ask if needed)
Destination Address: USER-EB01CC8211 (10.0.0.5, 1912)
Source Address: 91.216.73.61

Please help me sort this problem out before it ruins my computer.
Thankyou.


Michael York
Norton Authorized Support Team
Symantec Corporation
http://service.symantec.com/priority

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:59 AM

Posted 13 August 2010 - 09:16 PM

Edited to add: lugnut33's issue was resolved in the log forum.

Hello TysonE,

Please DO NOT shut off system restore. If you already have, please turn it back on. Disabling System Restore as the first step when attempting to clean a system or when scanning for malware is not advisable. Unfortunately, some anti-virus vendors still recommend doing this before attempting malware removal and many folks follow that advice. This is really not a good practice when dealing with infected computer systems. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. If an incident renders your system problematic or unbootable, you can use System Restore to return it to a previous working state. Without a restore point to fall back on, you are left with a limited means of restoring your system to a usable condition. An infected restore point is better than no restore point at all. Disabling this feature could mean having to perform a repair install (or reformat in worst case scenarios) if you're unable to fix any problems which System Restore may be able to correct. Although System Restore is not always 100% guaranteed to work all the time, it at least gives you another option before resorting to more drastic measures.

"System Restore and malware removal - what is best practice?"
"Should I purge all my restore point BEFORE removing infection?"

Our practice here is to purge System Restore AFTER the infections are removed.

That said, from what you describe, you've a bad rootkit infection which requires specialized assistance to remove.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 13 August 2010 - 09:22 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users