“HTTPS Tidserv Request” or “HTTPS Tidserv Request 2”is a signature which detects your antivirus (Norton 360, Norton Antivirus, etc). It indicates that your computer is infected with a Tidserv trojan. The trojan also known as Backdoor.Tidserv [PCTools], Backdoor.Tidserv.I!inf [Symantec], Rootkit.Win32.TDSS.y [Kaspersky Lab], Patched-SYSFile.a [McAfee], Mal/TDSSRt-A [Sophos], Virus:Win32/Alureon.F [Microsoft].
Tidserv (TDSS) trojan installs onto your computer through a vulnerabilities in an already installed programs (mostly in InternetExplorer, Java and Adobe Acrobat reader) or with the help of a rogue antispyware programs (latest is Protection Center). The trojan is very dangerous and uses rootkit-specific techniques designed to hide the software presence in the system. It is practically not detected by standard means Windows, you will not find its files on the disk, as well as writing about it in the Windows registry.
When installed, Tidserv (TDSS) trojan creates a hidden driver and hidden service to run automatically when Windows loads. While is running, the trojan can hijack Internet Explorer (an other browsers), redirect search results in Google, Yahoo, MSN to non related sites, block most of antivirus and antispyware programs from running, block an access to security websites, disable Windows Task Manager, Windows Security Center and Registry editor, and much more.
If you find that your antivirus detects “HTTPS Tidserv Request”, then follow the step-by-step guide below which will remove Tidserv (TDSS) trojan and any associated malware for free.
How to remove HTTPS Tidserv Request (Tidserv trojan removal)
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Tidserv (TDSS) trojan. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Tidserv (TDSS) trojan. MalwareBytes Anti-malware will now remove all of associated Tidserv (TDSS) trojan files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Patrik, I’ve got everything working fine. Thank you!
It’s work.thanks a lot.
Thanks a lot for this. It really get rid of the annoying pop up balloon saying “HTTPS Tidserv Request detected”.
THANK YOU THANK YOU THANK YOU… looks like I got rid of this stupid infection once and for all…!!!! 😉
I hope people realize that Norton AV, MBAM, Hijackthis, Rootkit, they are all GOOD programs, people don’t understand that virus’s like this are designed to be undetectable. They are even designed to disable your AV, meaning it will not be picked up. The reason this works is because it was designed specifically to seek out this service, delete it and reboot. I am thankful they designed the program for removing it, but Norton and all of the others are not to blame for “missing” it, it was just the virus’s job to make sure they dont detect it….
Have you ever noticed if a computer is infected, oh mbam is not running, it just uninstalls/doesn’t update??? Try renaming it to iexplorer.exe, because that is a file that the virus will allow to run. funny how they can do that but no need to downgrade a good product because someone found a way around it.
Either way, I do apreciate Kaspersky’s efferts on creating this to remove that service.
Hi, how do you unzip tdsskiller, I’ve downloaded it but it opens with windows calender. What do I do???
hammy, right click to it and select Extract all, follow the prompts.
Thanks guys, much appreciated.