Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tidserv Activity 2 detected


  • Please log in to reply
3 replies to this topic

#1 Arachnid5

Arachnid5

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 20 October 2011 - 11:34 AM

I received a notice today that "Threat requiring manual removal detected: System Infected: Tidserv Activity 2" After looking at the links given in the "Tell me How" which links here http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?lg=en&ct=US&asid=2361...



and trying the detectors (which came up empty) I searched on google for others with this problem...



I found a link to this

http://community.norton.com/t5/Other-Norton-Products/Tidserv-Activity-2-with-Norton-Security-Suite-5...



and looked through my logs and noticed that I had the same Trojan Gen2



Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
4/2/2011 11:47 AM,High,wivg32.dll (Trojan.Gen.2) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\users\administrator\appdata\local\wivg32.dll



however as shown it was located in april and the tidserv problem only became apparent today...



I however thought it may be solved using the same 2 programs Quads mentioned to use (namely zeroAccess removal tool (Bit Defender) and anti zeroaccess...)



I downloaded them both and the BitDefender did not find any problems however anti zeroAccess did give me this



CheckSystem - Warning! Disk class driver is INFECTED.



however it ran through the rest of the checks and didnt find/clean anything else... I'm still getting the popup and constant intrusion attempts that thankfully are being blocked, but any help?


Computer is running windows Vista and has all the updates (at least the one's that I know about..)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:59 PM

Posted 20 October 2011 - 11:55 AM

Hello and welcome ,let's see if it shows here...
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Arachnid5

Arachnid5
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 20 October 2011 - 12:33 PM

TDSSKiller was run and found and removed 1 threat... After the restart I have yet to see any popup warnings from norton... Hopefully that was all that was needed..

I think that the first time I tried to download the file, I downloaded the zipped version that you mentioned. Well thanks again and I'll be back if something changes.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:59 PM

Posted 20 October 2011 - 02:01 PM

You're very welcome!1
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users