ONE: I have norton 360 and have been receiving repeated notices of blocked attacks like the one below:
Category: Intrusion Prevention
Date & Time,Severity,Activity,Status,Recommended Action,Category,Risk Name,Attacking Computer,Destination Address,Source Address,Traffic Description,Attacker URL
12/05/2010 11:15 PM,High,"An intrusion attempt by 91.212.226.59 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.59, 443","OWNER-089EAD158 (192.168.1.64, 4764)",91.212.226.59,"TCP, https",
TWO: I ran a scan on Safe Mode which listed the backdoor virus and inabilty to remove it.
Category: Unresolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State
12/05/2010 11:47 PM,High,Backdoor.Tidserv!inf detected by Virus scanner,Manual Removal Required,Review risk details on Symantec Web site.,Virus scanner,2010.05.12.022,109.2.3.12,Backdoor.Tidserv!inf,Virus,File Based,Not safe to remove
THREE: I followed the 8 steps indicated at the top of this section. I have completed the scans and have inlcuded them with this message as well as the norton log scan.
If someone can help me with this it will be most appreciated.
Category: Intrusion Prevention
Date & Time,Severity,Activity,Status,Recommended Action,Category,Risk Name,Attacking Computer,Destination Address,Source Address,Traffic Description,Attacker URL
12/05/2010 11:15 PM,High,"An intrusion attempt by 91.212.226.59 was blocked. Application path <path>\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\SVCHOST.EXE</path>",Blocked,No Action Required,,HTTPS Tidserv Request 2,"91.212.226.59, 443","OWNER-089EAD158 (192.168.1.64, 4764)",91.212.226.59,"TCP, https",
TWO: I ran a scan on Safe Mode which listed the backdoor virus and inabilty to remove it.
Category: Unresolved Security Risks
Date & Time,Severity,Activity,Status,Recommended Action,Component,Definitions Version,ERASER Version,Risk Name,Risk Category,Risk Type,Risk State
12/05/2010 11:47 PM,High,Backdoor.Tidserv!inf detected by Virus scanner,Manual Removal Required,Review risk details on Symantec Web site.,Virus scanner,2010.05.12.022,109.2.3.12,Backdoor.Tidserv!inf,Virus,File Based,Not safe to remove
THREE: I followed the 8 steps indicated at the top of this section. I have completed the scans and have inlcuded them with this message as well as the norton log scan.
If someone can help me with this it will be most appreciated.