• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos1

how to remove virus?

Recently Norton 360 has been warning me about a virus attacking me. i tracked down the ip to some guy in russia. apparently im not the only one who's been getting these attacks from the guy. but my main question is how do you track and delete the virus that norton finds? i know they arent being deleted because norton keeps warning me about the same things.i know im safe but it bugs me that the virus is sitting somewhere on my computer. i'm new to all this. so i apologize if im asking any questions that are easily resolved. respond asap. thank you.

the alert summary says:

risk name: https tidserv reuqest 2

attacking computer: 91.212.226.7, 442

Network traffic from 91.212.226.7 amtches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE.

Replies

Kudos0

Re: how to remove virus?

Recently Norton 360 has been warning me about a virus attacking me. i tracked down the ip to some guy in russia. apparently im not the only one who's been getting these attacks from the guy. but my main question is how do you track and delete the virus that norton finds? i know they arent being deleted because norton keeps warning me about the same things.i know im safe but it bugs me that the virus is sitting somewhere on my computer. i'm new to all this. so i apologize if im asking any questions that are easily resolved. respond asap. thank you.

the alert summary says:

risk name: https tidserv reuqest 2

attacking computer: 91.212.226.7, 442

Network traffic from 91.212.226.7 amtches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE.

Accepted Solution
Kudos0

Re: how to remove virus?

In meantime, I would suggest you to start your computer in Safe Mode, and then try to run a full system scan. Let us know the results.


Yogesh

Kudos0

Re: how to remove virus?

Norton is not able to repair a TDL3 rootkit infection.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos1

Re: how to remove virus?

Delphium is correct, Norton is not to remove the infected driver that is TDL3 (+), Symantec has done so, so that Norton won't delete the driver.

Norton can't disinfect or cure the driver involved, so just scanning over and over with Norton won't fix the infection.

Quads

Kudos0

Re: how to remove virus?

Thanks it did it(: it was removed. i started off with 3 virus things. and the safe mode/norton full scan got rid of 2 for me. thank you

Kudos0

Re: how to remove virus?

the alert summary says:

risk name: https tidserv reuqest 2

attacking computer: 91.212.226.7, 442

Network traffic from 91.212.226.7 amtches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE.

I can tell you right now "tidserv" for TDL3 (+) rootkit the infects a driver, Norton cannot remove and is not meant to,  As Norton will not remove the Rootkit from infected drivers, it doesn't matter if the scan is done in Normal Mode or Safe Mode.

Quads

Kudos0

Re: how to remove virus?

You know, it really bothers me when somebody does something that they are told to do, that fails to solve the true issue, and off they go to do their banking, and bill paying and all sorts of things they should not do with a rootkit.  In this case, solving 2 out of three is not a winning situation.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: how to remove virus?

In Safe Mode, Intrusion Prevention I think wont be active so you wont get any "HTTP(S) Tidserv ................" warnings.

But once in Normal Mode and connecting to the internet with using the Browser..................... hahaha bingo. Warnings.

, 

Quads

Kudos1

Re: how to remove virus?

Ok yesterday i posted a message talking about a virus. It was resolved. It turned out that the virus acted as an installer. when i turned on safe mode and i did a full system scan by norton, the program "avugofudo.dll" (the installer) was classified as a trojan and norton quarentined or removed it. now everytime i turn on my computer it says "avugofudo.dll" is missing. im confused, please reply asap. thank you!

If it helps im using windows xp and the blue bar on top says RUNDLL. The message says "Error loading C:\WINDOWS\avugofudo.dll" and also "The specified module could not be found."

Kudos0

Re: how to remove virus?

It was not correctly resolved, which is why we recommended that you seek assistance at a malware removal forum.  It was for your own protection.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: how to remove virus?

would malwarebytes, the program, help me?

Kudos0

Re: how to remove virus?

Hello

no, it will not help.

Success always occurs in private and failure in full view.
Kudos1

Re: how to remove virus?

Hello skquidward,

This is indicative of a TDL rootkit. Norton can't remove Gen. 3 or 4 TDL rootkits. Don't use that PC for any online banking or purchases until you get it checked out and cleaned up.

This is a list of delphiniums recommended malware remediation sites:

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

Any of the above sites will help you clean up your PC free but it may take awhile as they are very busy. Make sure you mention probable TDL rootkit when you request help.  Good Luck

Replies are locked for this thread.