Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HTTP Tidserv Requests, browser redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HTTP Tidserv Requests, browser redirection

Unread postby Airscape » June 10th, 2010, 6:06 pm

The infected files shown in Kaspersky are false positives.

Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.

Therefore it may be prudent to:

1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)

What are rootkits from Wikipedia

How do I respond to a possible identity theft and how do I prevent it


Well done your pc now appears to be Malware free. Please advise on any problems you still have.

Don't forget to re-enable any protection programs you may have disabled during the fix.

Please delete the Gmer random.exe file. It should look like this mbh3vxqk.exe on your desktop.
Remove the Kaspersky online scanner and also HijackThis through Control Panel > Add/Remove Programs (if present)
You can keep TFC.exe to clean out temporary files. I recommend running it once or twice a week.
I recommend keeping MBAM installed. Run a scan once a week.

Uninstall ComboFix
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

The above will implement some cleanup procedures as well as reset System Restore points.

Clean up with OTC
  • Download OTC by Old Timer here and save it to your desktop.
  • Double click on OTC.exe. Click on CleanUp!.
  • You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
  • It will restart your computer automatically. If it doesn't, please restart your computer manually.

The above will remove the majority of tools/logs used in the removal process. If any still exist, please delete them yourself.


Now some advice for keeping your pc safe and secure for the future:

  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. You can download it HERE
    Note:You will need to manually update it, then click enable all protection at the main screen. Repeat this process every two days.
  • AnalogX Script Defender
    Windows by default allows scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. AnalogX Script Defender will prevent malicious scripts from running on your pc by giving you the option to allow a script or not. You can download it HERE
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information please visit HERE
  • Download and Install a HOSTS File
    A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
    Install MVPS Hosts File From Here
    The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.
    Basically, this prevents your computer from connecting to those sites by redirecting them to which is your local computer.
    You can Find the Tutorial HERE

    If you do decide to use a Hosts file to block unwanted and dangerous sites and notice a slowdown, you will need to disable the DNS Client Service:

    Click Start > Run type services.msc into the Open: box, then click OK.
    This will open the Services window.
    Scroll down to DNS Client and double click on it.
    Click the Stop button to stop the service.
    Set Startup type to Manual.
    Click OK
    Exit the Services window.

Here is a great article by miekiemoes How to prevent Malware

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it, and if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
Regular Member
Posts: 1858
Joined: November 1st, 2008, 11:06 pm
Register to Remove

Re: HTTP Tidserv Requests, browser redirection

Unread postby Elrond » June 13th, 2010, 2:51 am

Robz99 this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Admin/Teacher Emeritus
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem


  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: pgmigg and 71 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware