HTTP Tidserv Request With Log
Using the site is easy and fun. With the documents on 565, and talking about the disk controller being infected, People reading the document then thinking "atapi.sys" or other disk contoller needs swapping and finding that after "atapi.sys" Make sure all other windows are closed and to let it run uninterrupted.Click on Minimal Output at the topDownload the following file scan.txt to your Desktop. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? my review here
Earlier today, NAV reports that the above infection modified my registry. With the documents on 565, and talking about the disk controller being infected, People reading the document then thinking "atapi.sys" or other disk contoller needs swapping and finding that after "atapi.sys" As with Ciaran, I have 20 years in IT, first infection ever and no idea how I got it. It's easy!Create a new accountLog inAlready have an account? http://www.bleepingcomputer.com/forums/t/359042/http-tidserv-request-with-log/
GEOGRAPHICAL DISTRIBUTION Symantec has observed the following geographic distribution of this threat. My comments in red. A case like this could easily cost hundreds of thousands of dollars. I've seen some topics handling this problem, but every solution was different and therefore I opened this new topic.
So can someone help me remove this malware :S DDS LOG is attached I tried the gmer log thing twice and both times my computer crashed :S Attached Files DDS.txt 17.74KB As it's now after midnight here and I have to get up for work in the morning, I told the Norton tech that we'll have to resume this evening. But that is what new Malware and their variations does, and that is what the creators of them want. Below is the last malwarebytes log and DDS log.
I think this may be a defense mode of the virus?-Kaspersky tdsskiller.exe finds one memory infected and one file infected. The forum is run by volunteers who donate their time and expertise. I ran it again this morning and noticed that if I tried to do anything in the system in the background, even simple things like open a BMP with Paint, it https://forums.malwarebytes.com/topic/48430-http-tidserv-request-2/?do=getFirstComment I tried to explain but you may be on a different wavelength.
This may mark the beginning of the end of an otherwise advanced rootkit. Quads JDM Regular Visitor3 Reg: 17-May-2010 Posts: 6 Solutions: 0 Kudos: 0 Kudos0 Re: HTTPs Tidserv Request Posted: 17-May-2010 | 5:16PM • Permalink Hi Quads and cgoldman, thanks for the feedback. I dont think the decision to swap was by the OP but I may be incorrect. Even if the OP had directed the swap of atapi.sys that is his prerogative. If you have any queries or you are unsure about anything, just say and I'll help you out It may well be worth you printing/saving the instructions throughout the fix, so
Quads wrote:"-Kaspersky tdsskiller.exe finds one memory infected and one file infected. http://www.geekpolice.net/t21963n-av-security-suites In fact I think it is yourself who has raised tdsskiller. Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: HTTPs Tidserv Request Posted: 19-May-2010 | 1:28AM • Permalink NOTE: the old documents on "backdoor.tdss.565" are out of delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos0 Re: HTTPs Tidserv Request Posted: 18-May-2010 | 10:49AM • Permalink Hi JDM: You will find the information in this
Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: HTTPs Tidserv Request Posted: 19-May-2010 | 7:30AM • Permalink Don't worry I'm use to people not quite understanding this page or read our Welcome Guide to learn how to use this site. Once done click on the [Save..] button, and in the File name area, type in "ark.txt" Save the log where you can easily find it, such as your desktop.**Caution**Rootkit scans often By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We
Random programs started running. The scan wont take long.When the scan completes, it will open two notepad windows. Functionality The functionality that the Trojan exhibits implies that it has been designed with profit-making as its primary objective. http://exomatik.net/http-tidserv/http-tidserv-request-https-tidserv-request-2-infection.php Norton is not well-liked in the tech community, and this is why.
It simply scanned through everything and didn't give me any alerts. What new backdoor.tdss.565? After the reboot I can see that at the time Norton froze an "Unauthorized Access (Access Protect Data)" was logged. The "actor" was the GMER exe file and the target was
I have not mentioned any backdoor.tdss other than the reference to the article on backdoor.tdss.565.
then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Register now to gain access to all of our features, it's FREE and only takes one minute. Porno shortcuts on desktop. I can provide logs if they are of any use to anyone.
Or by having replaced the infected driver is it possible there is still something at the end of the disk that is essentially dormant, a body without a head? No determination was made of what driver was infected in this case. So a bit of background as to how this sorry state of affairs came about and attempts at resolving so far with the help of the Norton online support... useful reference To learn more and to read the lawsuit, click here.
What does get confusing is when a poster reads info, and decides to swap say atapi.sys, still infected they see, so try again, swap, in the end throw their hands up Tries to fix these, but they are always there on the next scan." or similar, there is no speculation on my part I know why that is happening with the old Good luck!!! 0 LVL 1 Overall: Level 1 Message Author Closing Comment by:bobpeace ID: 329170582010-06-04 You're right it was a patched file. P.S.: Is it safe to enable Norton and Spyware Doctor now, since ComboFix is done scanning?ComboFix 10-08-04.05 - Owner 08/05/2010 3:18.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.879.360 [GMT -5:00]Running from:
Computer would shut down when virus scan was getting close to it. ........Etc." So there is perhaps a connection? Well I am not sure what else you are expecting but if I can help I will. I went into the Norton intrusion log and showed them otherwise(!) and they then told me it is complicated and that I will need to reinstall Windows....???? The main routines are encrypted and hidden somewhere in the last sectors of the hard disk.
Anyway, infected with antispyware soft going crazy and totally locking me out of the internet, I had to use my work computer to contact Norton online support. For anyone who's ever used