Hey guys,
Forgive if I mess up on any forum protocols - my first venture into any forum ever :-)
I find this really interesting, I was just googling Norton HTTP Tidserv Requests in desperation... I have the same situation as Ciaran (without the BSOD though), and looks like I got the infection on 14/7. As with Ciaran, I have 20 years in IT, first infection ever and no idea how I got it.
Interesting to note that I have exactly the same Norton screen detection as Ciaran also - same attacking computer details/IP - I tried to attach a screen shot but not sure how?
So a bit of background as to how this sorry state of affairs came about and attempts at resolving so far with the help of the Norton online support...
I picked up the virus "Antispyware Soft" on 14/7 - I assume - as it activated straightaway, slipped right through Norton Internet Security 2010 (all definitions up to date)... I think I got it by surfing onto filestube/rapid share (even though I didn't click anything, the system seemed to lose it after a couple of pop ups shot up)... Anyway, infected with antispyware soft going crazy and totally locking me out of the internet, I had to use my work computer to contact Norton online support. For anyone who's ever used the service before, you'll be familiar with the process - they remote accessed my PC and manually removed the virus,edited registry etc. All seemed okay after quick inspection, and I didn't use my PC again until this evening. This is where it gets interesting - now everytime I type something in a search engine (doesn't matter what the search string or engine - google, bing, ask, etc...) and search, I get the Norton intrusion detection popup with the details as per mine and Ciaran's screenshots...
This was pretty disturbing, so I got onto Norton online support again (7 day warranty on virus removal service) and have spent the last two hours watching them try and remotely fix it (basically they reinstalled atapi.sys). While watching them try and fix it, I noticed that the technician went into my norton and turned off the "Notify Me" option for this particular alert, then did some test internet searches and proceeded to tell me it was fixed. I went into the Norton intrusion log and showed them otherwise(!) and they then told me it is complicated and that I will need to reinstall Windows....????
So this is a bit worrying for several reasons, apart from the fact that I've got a weird infection, the people that I trust to look after my machine seem a bit confused as well... Whn I tried to ask questions about what is actually going, I get brush off answers. As it's now after midnight here and I have to get up for work in the morning, I told the Norton tech that we'll have to resume this evening. He's going to be calling me in about 16 hours to discuss the reinstallation, and not really feeling confident with events thus far, thought I would so some googling (complete with intrusion alerts ;-)), and here I am....
Would appreciate anyone's thoughts/advice etc.... as I said in my intro, particularly curious that both Ciaran and myself, seasoned IT users seem to have come across this at the same point in time.
Thanks for your time and thoughts.
James.
[edit: Clarified subject to reflect move.]