Not what you were looking for? Ask our experts!
Reply
Visitor
skquidward
Posts: 6
Registered: ‎08-23-2010
Accepted Solution

how to remove virus?

Recently Norton 360 has been warning me about a virus attacking me. i tracked down the ip to some guy in russia. apparently im not the only one who's been getting these attacks from the guy. but my main question is how do you track and delete the virus that norton finds? i know they arent being deleted because norton keeps warning me about the same things.i know im safe but it bugs me that the virus is sitting somewhere on my computer. i'm new to all this. so i apologize if im asking any questions that are easily resolved. respond asap. thank you.

 

the alert summary says:

risk name: https tidserv reuqest 2

attacking computer: 91.212.226.7, 442

Network traffic from 91.212.226.7 amtches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE.

Super Phishing Phryer
Turbo
Posts: 657
Registered: ‎05-02-2009

Re: how to remove virus?

Hello skquidward,

 

This is indicative of a TDL rootkit. Norton can't remove Gen. 3 or 4 TDL rootkits. Don't use that PC for any online banking or purchases until you get it checked out and cleaned up.

 

This is a list of delphiniums recommended malware remediation sites:

 

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

 

 

Any of the above sites will help you clean up your PC free but it may take awhile as they are very busy. Make sure you mention probable TDL rootkit when you request help.  Good Luck

Volunteer
yogesh_mohan
Posts: 5,302
Registered: ‎07-29-2008

Re: how to remove virus?

In meantime, I would suggest you to start your computer in Safe Mode, and then try to run a full system scan. Let us know the results.


Yogesh

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: how to remove virus?

Norton is not able to repair a TDL3 rootkit infection.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: how to remove virus?

Delphium is correct, Norton is not to remove the infected driver that is TDL3 (+), Symantec has done so, so that Norton won't delete the driver.

 

Norton can't disinfect or cure the driver involved, so just scanning over and over with Norton won't fix the infection.

 

Quads

Visitor
skquidward
Posts: 6
Registered: ‎08-23-2010

Re: how to remove virus?

Thanks it did it(: it was removed. i started off with 3 virus things. and the safe mode/norton full scan got rid of 2 for me. thank you

Visitor
skquidward
Posts: 6
Registered: ‎08-23-2010

Confused

Ok yesterday i posted a message talking about a virus. It was resolved. It turned out that the virus acted as an installer. when i turned on safe mode and i did a full system scan by norton, the program "avugofudo.dll" (the installer) was classified as a trojan and norton quarentined or removed it. now everytime i turn on my computer it says "avugofudo.dll" is missing. im confused, please reply asap. thank you!

If it helps im using windows xp and the blue bar on top says RUNDLL. The message says "Error loading C:\WINDOWS\avugofudo.dll" and also "The specified module could not be found."

 

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: how to remove virus?

[ Edited ]

the alert summary says:

risk name: https tidserv reuqest 2

attacking computer: 91.212.226.7, 442

Network traffic from 91.212.226.7 amtches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE.

 

I can tell you right now "tidserv" for TDL3 (+) rootkit the infects a driver, Norton cannot remove and is not meant to,  As Norton will not remove the Rootkit from infected drivers, it doesn't matter if the scan is done in Normal Mode or Safe Mode.

 

 

Quads

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: how to remove virus?

You know, it really bothers me when somebody does something that they are told to do, that fails to solve the true issue, and off they go to do their banking, and bill paying and all sorts of things they should not do with a rootkit.  In this case, solving 2 out of three is not a winning situation.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: Confused

It was not correctly resolved, which is why we recommended that you seek assistance at a malware removal forum.  It was for your own protection.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain