03-19-2010 09:51 AM - edited 03-19-2010 10:14 AM
I am constantly getting a high severity "An intrusion attempt by 126.96.36.199" and also from 188.8.131.52
The risk name is a HTTPS Tidserv Request
This usually shows up along with the info "IPS detection statistical submission"
I'm pretty sure this isn't normal seeing that I've been getting these messages frequently only recently.
Furthermore when I searched "IPS detection statistical submission" on google and tried to click on the links but it redirects me to a variety of different websites!!!!
How do I stop the HTTPS Tidserv Request?! And what's the deal with the IPS detection statistical submission?
03-19-2010 12:08 PM
You mean similar to this, (Screenshot from my PC)
If So, The screenshot above was due to TDL3 (also known as "Tidserv"" has infected the disk controller and attempting to connect to the I.P. address(es) to update the patch.
With the above screenshot, Norton was able to block the attempt via "Intrusion Prevention" but couldn't detect the infected disk controller, of which ever one your PC is using.
03-22-2010 11:15 AM - edited 03-22-2010 11:19 AM
yes that is it. does it mean that my computer is still in danger? because i also got my credit card number stolen (see: http://community.norton.com/t5/Norton-Internet-Sec
which also sort of coincided with the https tidserv requests starting as well...
most importantly how do i get rid of it?
03-22-2010 11:32 AM
You will need to choose one of these malware removal forums for expert assistance. Make sure that the name Tidserv is mentioned in the header of your first post.
04-14-2010 01:15 PM
I've got the same problem, and I guess I'll go through the paces at one of those tech forums. But it sure does seem like a hassle (each user having to be led indivdually through the process.)
Norton can't hire somebody to deal with this for its customers? Makes Norton appear inadequate -- especially because this problem is so common.