Tidserv Requests Blocked by Security Suite, but keep popping up

gebs04 · ‎03-21-2010

I recently migrated to Norton Security Suite offered by my internet service. So far I love it. It appears to replace all the features and functions of McAfee, Spybot, and Ad-Aware and has detected items that the other 3 never did.

My issue that keeps coming up is with Tidserv. I've done a TON of research on Tidserv and have learned that it's a really nasty trojan that buries itself in sectors typically not searched by malware/virus programs. I found directions on how to remove it, and followed them explicitly, but did not have any of the registry keys traditionally associated with this Trojan.

I've yet to experience the BSoD or any other shannanegons typically associated with this beast, but every 20 minutes or so I get a pop-up from Security Suite saying that is has blocked an attempt and each time it comes up with HTTPS Tidserv Request. The file paths associated are either \DEVICE\HARDDISK\VOLUME3\WINDOWS\SYSTEM32\SVCHOST.EXE OR \DEVICE\HARDDISK\VOLUME3\PROGRAM FILES\MOZILLA\FIREFOX\FIREFOX.EXE

I have performed full scans of my computer 3 times now (which takes FOREVER considering that I have 3 drives and nearly 2.5TB of information across the 3 drives) and Security Suite comes up with nothing.

What am I missing? Considering the attempt keeps getting blocked and I have no BSoD or pop-up ads or page redirects, what is my true level of infestation? I'm very concerned about making sure this little pest doesn't reproduce and cause all kinds of nightmares with my computer, but I'm stumped as to how to find/eradicate this varmint. Thoughts and suggestions are appreciated.

Thank you,

Gebs04

mdturner · ‎04-11-2008

Hi gebs04

Tidserv is a particularly nasty infection and I would strongly suggest that you ensure that you have all of your imprtant data backed up before you get into serious effforts at removing it.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

gebs04 · ‎03-21-2010

I'm aware of the potential harm this Trojan can do, and have backed up all my data to a secondary source, but cannot seem to get rid of this sucker. None of the processes I've read about seem to work, and I have none of the signature Registry files described in the removal processes. Help?

Quads · ‎07-21-2008

gebs04 wrote:
I'm aware of the potential harm this Trojan can do, and have backed up all my data to a secondary source, but cannot seem to get rid of this sucker. None of the processes I've read about seem to work, and I have none of the signature Registry files described in the removal processes. Help?

What things have you tried??

Quads

mdturner · ‎04-11-2008

gebs04 wrote:
I'm aware of the potential harm this Trojan can do, and have backed up all my data to a secondary source, but cannot seem to get rid of this sucker. None of the processes I've read about seem to work, and I have none of the signature Registry files described in the removal processes. Help?

Thanks for your reply indicating you have backed everything up. You are now in great hands with Quads responding to your post.

We look forward to the time when the Power of Love will replace the Love of Power. Then will our world know the blessings of peace. ~William Ewart Gladstone

gebs04 · ‎03-21-2010

Quads,

Thank you for responding. I have read many of your posts on various subjects and am impressed with your approach.

After Security Suite, Ad-Aware, and Spybot found nothing, and after reading a few other threads on this nasty little infection, I came across this thread at Bleeping Computer: http://www.bleepingcomputer.com/forums/index.php?showtopic=299345&hl=tidserv

I am at the Malware Bytes step now. ComboFix took about an hour and said it found a Rootkit.

Should I continue down the Bleeping Computer path? It "appears" to be doing some good so far.

Quads · ‎07-21-2008

Good Luck to you in your journey, I don't do anything once moderate to advanced steps / programs have been taken or used, without supervison or guidance.

Due to what can happen and change.

Quads

gebs04 · ‎03-21-2010

I understand; caveat emptor.

I will post my final results here. After continuing to read various other threads, ComboFix and Malwarebytes should be the end of my road. The other actions were secondary and tertiary measures.

Quads · ‎07-21-2008

Combofix can cause problems after running, like BSOD after, No Recycle Bin, other problems I have to repair after.

Or say you read and older thread on how to remove say TDSS, (which is a different PC and setups) you download Combofix in the time before anyone realises theres a problem like this.

http://community.norton.com/t5/Tech-Outpost/For-anyone-thinking-about-doing-so/td-p/197079

Quads

gebs04 · ‎03-21-2010

Quads,

Thank you. I did read the thread prior to running ComboFix and the bug had been fixed, so I felt OK running it. All is well now. No more signs of infestation.

May I ask you a completely unrelated question?

My wife "clicked on something" while accessing Task Manager and now Task Manager has no tabs at the top, and no Minimize, Maximize, or Close icons. How can I get Task Manager back to normal? This has been going on for a while.

Thanks.