SVCHOST.EXE Malware. Please HELP.

[SyedAmin]

I have been receiving a message from my Norton Antivirus program as follows:

"System Infected: TidServ Activity 2. Attacking Computer: Io4undreyk.com (93.114.40.221, 443). The attack was resulted from \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE. Source Address: 93.114.40.221"

 

Is there any way you please help to remove that virus? This virus is redirecting my searches to various commercial sites. Norton sometimes can NOT block its operations, sometimes can.

 

Thank you for your help.

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

****************************************************

If it actually is TidServ Activity 2 I'm required to give you this information.

 

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

 

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

 

I would counsel you to disconnect this PC from the Internet immediately.

 

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

 

When Should I Format, How Should I Reinstall?

 

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

 

Should you have any questions, please feel free to ask.

 

Please let us know what you have decided to do in your next post.

[SyedAmin]

System Infected: SVCHOST.EXE

 

Can please someone help me to remove the virus resident in the above? The virus redirects me to various sites.

 

Thanks for your help.

 

Regards,

[SyedAmin]

I also see Walmart Contest popup.

 

Please help.

[SyedAmin]

TidServ Activity 2

 

Thanks a lot Dave. Yes, you are right. Norton confirmed that its is a TidServ Activity 2 visrus infected SVCHOST.EXE. I will change all passwords (guess its already late though) though other computer. Do you suggest that I should reload Windows XP?

 

Thanks again.

 

Syed Amin

[Superdave]

Do you suggest that I should reload Windows XP?

A complete re-format and re-install your OS would be the safest thing to do, especially if you use your computer for financial transactions. You can save your important data to DVD's but make sure you scan them first before putting them back on your computer. If you need more help with any of this, please let me know.

[Superdave]

Have you decided whether you're going to re-format or do you want to try cleaning the computer?