Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTPS Tidserve Request 2


  • Please log in to reply
1 reply to this topic

#1 CUJimmie

CUJimmie

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 20 August 2010 - 06:42 AM

I entered a search for the above in Google and it brought me to the following here
www.bleepingcomputer.com/forums/topic321458.html

I tried following the instructions given there, entering "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v in the run box and 1st I got the Security Warning 'Do I want to run this file?' I pressed run and promptly got an error box.

Valid command line parameters:

-l <file_name> (path to log file)
-qpath <folder_name> (path to quarantine folder)
-qall (copy all objects to quarantine)
-qsus (copy all suspicious items to quarantine)
-qmbr (copy all mbr to quarantine)
-qcsvc <service_name> (copy service to quarantine)
-dcsvc <service_name> (delete service)

By the looks of what I was trying to do, I would say that the first item in this list is the one that is posing a problem. Is there something wrong with that command line?

I am using Windows XP Home, v5.1 SP3, and just to add to the confusion, while I am on this site I am not getting attacked. As soon as I leave I'm being hit at least every 2 minutes.

Additional info @ 23:00. I have taken a note of the exact times, where the attacks came from, what they were attempting to access and the port number they were trying to again access through. They were all aimed at CHROME.EXE
(Why should the port numbers keep increasing? I presume the figure after the comma is a port number.)

21:40:42 li1i16b0.com (91.212.226.5,443) attacks [my computer] port 3712
21:50:42 zz87jhfda88.com (194.28.112.6,443) port 3771
22:00:42 n16fa53.com (91.212.226.5,443) port 3853
22:51:40 li1i16b0.com (91.212.226.5,443) port 4342
23:01:40 zz87jhfda88.com (194.28.112.6,443) port 4391
23:11:41 n16fa53.com (91.212.226.5,443) port 4472

And a new one
23:21:41 01n02n4cx00.cc (194.28.112.6,443) port 4509

Edited by CUJimmie, 20 August 2010 - 05:33 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 CUJimmie

CUJimmie
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 21 August 2010 - 11:54 AM

Never mind. Taking the risk, I ran it without the -v key and it worked fine. But if this is all the help you get, then I don't know if I'll bother coming back.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users