Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeat Attacks


  • This topic is locked This topic is locked
15 replies to this topic

#1 Requiem7

Requiem7

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 21 July 2010 - 05:39 PM

Hi,

My computer keeps getting attack. My Norton anitvirus says that it is blocking the attack but I would like to remove what every it is that is trying to connect with. The attacks are happening like every 5-10 mins. I ran a full virus scan and a full malaware scan and it has come up with nothing. Here is what my Norton software is saying to me:

An intrusion attemp by 61.61.20.135 was blocked.

Applicationpath\DEVICE\HARDDISJVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE

Can someone please help me? Or should I do a clean install of windows?

Thanks,
Phillip

BC AdBot (Login to Remove)

 


#2 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 21 July 2010 - 05:55 PM

Have you tried rebooting after the virus scan?

#3 Requiem7

Requiem7
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 21 July 2010 - 05:58 PM

Have you tried rebooting after the virus scan?



Yes I have the attacks started last night and still happening today.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,110 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:44 AM

Posted 21 July 2010 - 06:10 PM

Forgive my ignorance...but I've never seen any AV give such warnings. I used NAV for a number of years and it never provided me that type of info.

Those sound like firewall reports, which I always thought were normal, since any system is constantly under attack.

What Symantec application do you have installed, please?

Louis

#5 Requiem7

Requiem7
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 21 July 2010 - 08:37 PM

Forgive my ignorance...but I've never seen any AV give such warnings. I used NAV for a number of years and it never provided me that type of info.

Those sound like firewall reports, which I always thought were normal, since any system is constantly under attack.

What Symantec application do you have installed, please?

Louis



I'm using Norton Antivirus Version 16.8.0.41 with Antivirus, Antispyware and Advanced Protection.
So is this something I should not work about? I just don't understand why is it hapening so much now?

Here is another alert I got:
An intrusion attempt by 0o0o0o0o.com was blocked.
Application path\device\harddiskvolume1\windows\system32\SVHOST.EXE

Alert Details:
HTTPS TidserRequest2
Attacking Computer:
(91.212.226.7.443)

#6 wix

wix

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 July 2010 - 09:04 PM

I am having the same problem. I Use Norton Anti virus 360. I keep receiving notifications that Norton keeps blocking attacks. They are all from Asia, Taiwan, ect.
The security warnings are as follows:

Risk: HTTPS Tidserv Request 2
Attacking computer: 34jh7alm94.asia (61.61.201.135.443)
Traffic Description: TCP, https
Aplication path: DEVICE\HARDDISKVOLUME1\PROGRAM FILES\MOZILLA\FIREFOX\FIREFOX.EXE

I keep receiving blocked attacks from different computers and slighly different risks IE:

HTTP Tidserv Request

and slightly different Traffic description.

Please help me figure this out.

I ran Norton after I updated the virus database and disconnected from the internet and it found nothing I have Malware bytes but I am going to run it tonight

Anyone please help me.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:44 AM

Posted 21 July 2010 - 09:33 PM

Those pop-up notifications, normally, should be turned off.
There is no reason for being bothered by them.
As long, as the message says "blocked", it means your firewall is working.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 wix

wix

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 July 2010 - 09:37 PM

I should not be receiving numerous attack blocks. It happens when ever I am on the web so it must try to attack when I have web browser activity. This is something you just ignore and not worry about.

Edited by wix, 21 July 2010 - 09:38 PM.


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:44 AM

Posted 21 July 2010 - 09:40 PM

I'm not sure what you're saying....??

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 wix

wix

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 July 2010 - 09:46 PM

I keep receiving a bunch of blocked attack notifications. I should not receive so many. I seem to receive the notification when I browse the internet. I use firefox. When I google something I will receive notification of a blocked attack.

I started my own topic here is the link

http://www.bleepingcomputer.com/forums/ind...p;#entry1852451

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:44 AM

Posted 21 July 2010 - 09:56 PM

As i said before, those attacks are a normal way of life and every computer gets them.
It's up to your firewall to block them.
Once again, you should turn off those notifications as there are for info purposes only.
Search Google for "norton Turn off Intrusion Prevention notifications" to see steps for your Norton version.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 wix

wix

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 July 2010 - 10:04 PM

These attacks are not normal. It happens way to often. These are not normal attacks. This has never happened before. The attacks are to frequent. You are not helping to resolve this issue please stop posting.

Edited by wix, 21 July 2010 - 10:05 PM.


#13 Sneakr

Sneakr

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NW Ohio
  • Local time:07:44 AM

Posted 21 July 2010 - 10:14 PM

You said you are using FireFox as your browser, exactly what version do you have installed?

Do you get these warnings on certain websites or do they occur when you visit ANY website (eg. cnn.com, msnbc.com)?

How are you connected to the internet? Is the computer plugged directly into a Cable/DSL modem or do you have a router between your computer and the internet device?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:44 PM

Posted 22 July 2010 - 01:50 AM

Hello,

you will get those messages when your PC has been infected by a rootkit (tidserv in this case, better known as TDL3) and is trying to manipulate your browser behaviour. This happens for example when it is trying to redirect you to different pages or trying to keep you from posting on malware related boards to avoid cleaning.
To make sure if you have been infected, or not, I would suggest you create a topic in the malware removal section of this board.

Please go here: Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

It might take some time until the log gets picked up sadly, we're helping as fast as we can. Please create a dedicated topic for every PC you are getting those messages on to avoid confusion.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Drovers Dog

Drovers Dog

  • Members
  • 1,048 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane, Australia
  • Local time:09:44 PM

Posted 22 July 2010 - 02:31 AM

@ Wix

if you check your Post you will see that it has been moved to "Am I Infected"

Just follow on with what myrti has said? follow the Experts and be patient. BTW? We all try to be Polite and Courtious here, towards our Helpers, that are unpaid Volenteers. Please remember that.

@ Requiem7

Maybe you should also think about Posting in the same Area? There are quite a few "Nasties" coming out of China and Taiwan lately. Best to be Sure, rather that Sorry?

JMHO.

Ray.

Edited by Drovers Dog, 22 July 2010 - 02:36 AM.

What ever you give to others, you will get back doubled, Just make sure you only give Nice Things?......DD saying

There is a saying, "You just can't make a silk purse out of a sow's ear" it means "to be happy with what you have and not look for the impossible"......DD saying

The "Spirit" of the people who died, on that terrible day 9/11 will NEVER REST until such time as the "Imbeciles" that caused it, are eliminated through out the World.....DD saying

What is a Dog?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users