This is similar to the problem from the following thread: http://community.norton.com/t5/Norton-Internet-Security-Norton/Repeated-Instrusion-attempt/td-p/227402
However, due to someone saying the problem could still be different in terms of how I got the infection or what areas of my computer are being affected, I decided to post again. I also decided to start here before going to bleeping computer as not to have help from two different sites at the same time.
This is somewhat of a long story, and some details might be unnecessary, but I thought i'd include them anyways just in case, so please bare with me:
About a week ago I visited a website that i'm pretty sure infected my computer. After that website visit I got popups of "an intrusion attempt has recently been blocked" from Norton Internet Security 2005 which was on this computer. A couple of days later I got a "scan" from something along the lines of Microsoft malicious software removal tool, and found 3 corrupt files, saying it removed 2 of them completely and only partly removed the other.
After this, my mom attempted to update her Norton stuff on here and after Norton 2010 removed the old Norton IS 2005, we were unable to install Norton Antivirus 2010 and we kept getting popups and problems described on this page:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FFakeSpypro
So after calling Norton, they informed me that all that stuff was rogue software, and I gave them remote access to my computer to fix it. They fixed it, installed and updated Norton AV 2010, and I presumed everything was all right. I got the first intrusion attempt pop up but the person I was speaking with said I had nothing to worry about as Norton will just continue to block these attempts.
Since then (it's now been 5 days since I called them), I keep getting pop ups of "intrusion attempts"
The one that always seems to show up when i'm google contains the following info:
"Network traffic from 85.12.46.159 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE. To stop being notified for this type of traffic, in the Actions Panel, click Stop Notifying Me. Network traffic from 7gafd33ja90a.com/(continues with long url name of letters and number combination) matches the signature of a known attack. The attack resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE.
The Risk name is under HTTP Tidserv Request.
I also get similar attacks from the IP addresses 202.157.171.207, 91.212.226.59, and 91.212.226.67 under the Risk name HTTPS Tidserv Request 2 when i'm just generally browsing regardless of what websites.
I found a thread on here from someone who had a very similar problem, but like stated above I decided to post a new thread since every problem may still be different even if they appear similiar.
So far, i've done scans with Norton Antivirus, Ad-Aware, and now MalwareBytes Anti-Malware, the latter of which found 45 corrupted files. I have yet to do a second scan since it takes 3-4 hours with this computer, but will do so ASAP in a few hours when I have the computer to myself without interruptions. I will then post both logs if needed.
Any help would be appreciated, as since this is a similar problem to the thread I posted above (which I have posted in), maybe there is now a little bit more info from some of the people who have had this infection. I apologize in advance if I should have not posted this here and maybe somewhere else (whether in another sub-forum, or another computer help website), but I thought starting here would be logical.
I'm also on Windows XP SP3, and using Norton Antivirus 2010.
Again, thank you very much in advance. Any help is appreciated.
Anthony