1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: HTTP Tidserv Download Request

System Infected: HTTP Tidserv Download Request

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Tidserv Trojan activity on the infected machine.

Additional Information

Backdoor.Tidserv is a Trojan horse that uses an advanced rootkit to hide itself. It also displays advertisements, redirects user search results, and opens a back door on the compromised computer. When a computer is compromised by the Trojan, it may attempt to contact a remote computer to provide information or status and also to receive commands.
If you see an alert informing you that this signature has been triggered, it means your computer is infected by a risk and you need to take action to contain and remove the risk from your computer.

Affected

  • Microsoft Windows based operating systems.

Response

Your system is infected with a variant of Backdoor.Tidserv. If your Symantec product reports this IPS signature, it could indicate the presence of a Backdoor.Tidserv variant that is not detected by the current antivirus signatures on the computer.

We recommend the following steps to help protect and verify the integrity of the computer:
• Run the Backdoor.Tidserv removal tool.
Update your product definitions and perform a full system scan.
Identify suspect files.
Submit suspected files to Symantec for analysis.

If you believe that the signature is reported erroneously, please try the following:
Changing the behavior of Symantec IPS signatures.
Report possible false positive to Symantec.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube