“HTTPS Tidserv Request” or “HTTPS Tidserv Request 2”is a signature which detects your antivirus (Norton 360, Norton Antivirus, etc). It indicates that your computer is infected with a Tidserv trojan. The trojan also known as Backdoor.Tidserv [PCTools], Backdoor.Tidserv.I!inf [Symantec], Rootkit.Win32.TDSS.y [Kaspersky Lab], Patched-SYSFile.a [McAfee], Mal/TDSSRt-A [Sophos], Virus:Win32/Alureon.F [Microsoft].
Tidserv (TDSS) trojan installs onto your computer through a vulnerabilities in an already installed programs (mostly in InternetExplorer, Java and Adobe Acrobat reader) or with the help of a rogue antispyware programs (latest is Protection Center). The trojan is very dangerous and uses rootkit-specific techniques designed to hide the software presence in the system. It is practically not detected by standard means Windows, you will not find its files on the disk, as well as writing about it in the Windows registry.
When installed, Tidserv (TDSS) trojan creates a hidden driver and hidden service to run automatically when Windows loads. While is running, the trojan can hijack Internet Explorer (an other browsers), redirect search results in Google, Yahoo, MSN to non related sites, block most of antivirus and antispyware programs from running, block an access to security websites, disable Windows Task Manager, Windows Security Center and Registry editor, and much more.
If you find that your antivirus detects “HTTPS Tidserv Request”, then follow the step-by-step guide below which will remove Tidserv (TDSS) trojan and any associated malware for free.
How to remove HTTPS Tidserv Request (Tidserv trojan removal)
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.
TDSSKiller
Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.
TDSSKiller – Scan results
Click Continue button to remove TDSS trojan.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Tidserv (TDSS) trojan. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Tidserv (TDSS) trojan. MalwareBytes Anti-malware will now remove all of associated Tidserv (TDSS) trojan files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Thanks my friend was infected with some variant of tdss and MBAM failed to detect it but tdsskiller found an infection in system32\drivers\ipsec.sys and reboot-removed it..
hopefully thats it but we’ll see if Norton detects any more HTTPS Tidserv request’s.. Thanks!
Malwarebytes actually failed to detect Tidserv which is a 3rg gen rootkit. Kapersky’s tool did remove it however, Malwarebytes missed it everytime so I’m not sure it’s a useful step but it will help you with other things and it never hurts to do a complete scan.
My dad’s computer is infected with the Backdoor Tidserv I!inf [Symantec] virus you speak of above.
We cannot get to the internet — so how do I download…..can I download to a thumbdrive and use it on my dad’s PC. The virus will not let us get to the internet at all.
If you have a solution, please let me know.
Thanks.
Karen
Karen, yes you can download both suggested apps above to a thumb drive and move them to your infected PC.
I have been infected by HTTP Tidserv Request for over a week. Ater 40 + hours of attempts to find and remove the pest… 10 minutes with my new friend TDSSkiller.exe found and cleaned C:\WINDOWS\system32\DRIVERS\pciide.sys file infected by TDSS rootkit.
Thank you and Kaspersky Antivirus Lab and no thanks to Norton 360,spybot,malwarebytes, rootkitbuster who missed it everytime.
With so many would be experts willing to advise it makes it hard to find the real gems.
Strong work Myantispyware.
Michael
When Norton said it had found the Tidserv Request2 virus on my computer, I was not worried because the message also said it was ‘blocked’. Unfortunately my IE Explore no longer worked.
Googling for Tidserv on another computer turned up MyAntiSpyware as a potential removal tool. After a check of the reviews on MyAntiSpyware all came up positive, I downloaded TDSSkiller and MBAM to a flash drive and then installed them on my infected computer.
Following your clear instructions on how to remove the Tideserv Request virus was easy and the process worked flawlessly. MBAM took 25 min to scan my system, found 14 infected files, and removed them all.
Thank you very much. I’m now back in business!
guys thank u very much.. i have had this for 6 months with norton internet security just blocking it, i kept wondering why, why block it if its attacking the computer but this site has helped me in alot from my first trojon to now gg thanks guys.
to sum it all up it got removed easy fast i had some douts but i trusted it. and this is a real person not from thos fake sites where they make 10 accounts and comment on there virus or spyware scanner or fake help to hack your computer, if ur gonna try this method out it will work takes up to 3mins to do and u will have no more problems gg.
hi, i have tried all of this but i keep getting the blue screen of death after kaspersky rebooted! I also tried avenger but it said no rootkit found! any advice? thanks
sophie, please start a new topic in our Spyware removal forum. I will help you.
I got hit with “Antimalware Doctor” in a drive-by Web site attack. Norton Security Suite and Malwarebytes cleaned it up, but a TDSS rootkit was left behind. It kept “phoning home” to a rogue IP in Taiwan: 61.61.20.135, up to 50 times a day, but Norton blocked the IP’s callback. Stalemate.
Still, a lot of my functionality was disabled, especially Windows Update, which refused to connect. A little Google digging led me here, and the Kaspersky tool cleaned up the rootkit in seconds. Everything’s back to normal, but from now on I’m surfing in a sandbox!
THANKS FOR YOUR HELP!
Norton detected Tidserv Request 2 which it blocked but it was HIGH severity and every 2 minutes which was annoying. I read this virus was even deleting files so I was very concerned. Followed direction above and so far so good, looks like we got ’em. I did Google searches on the link Kaspersky which came up legit. I’ve used Malwarebytes for Vitumonde and it worked fine. I’m surprised the reports are they missed this one. Ran it in step (2) though and it caught the Rootkits infected files. I love removing those things, feels great. They should have graphics and sound of little screaming files as they are deleted. Wish all those brilliant hackers would put their talents to better use though…THANKS myantispyware!
For a month I have been working at removing a rootkit virus. At first it was vary scary, files being reported as infected. My system was going down fast. I was able to block some of the bad stuff after a restore. But kept getting uninvited web sites poping up.
Following the above instructions, Kaspersky found a problem and corrected it. MalwareBytes’ found no problems. And now everything is back to normal.
Thank you very much!
Symantec and MBAM does not detect it. I followed your instructions and Kaspersky finds a RootKit.Win32,TDSS.td14. However, after reboot I rescan the same infection is detected. The report says it’s in the MBR, /HardDisk0/MBR to be exact.
What do I do next?
Jim, please start a new topic in our Spyware removal forum.
Just wanted to say thanks! I used your site to get rid of the Tidserv issue without a problem. I appreciate the time you give to help people out!
Thanks, it really worked 😀
I got another problem, now i got HTTP Tidserv Request 2, but TDSSkiller doesn’t detect it, neither does MBAM, please help?
Paul, start a new topic in our Spyware removal forum. I will check your PC to help you to remove this malware.
Excellent! I wonder why you guys work so hard to help people, never asking for anything in return. I am thankful you do, for you have saved me countless hours of work. A humble thanks!
Thank you ! I’ve been working on this problem for 3 days and the TDSSKiller detected and removed the rootkit.
Whether or not this tool works remains to be seen… through all the hoops you have to navigate it fails to mention up front that it will cost you to “fix” your computer. The tool downloads and installs just fine, but once it tells you, and be sure it WILL tell you, that your computer is “infected”, you are then told that you have to spend $NN dollars in order to remove the “virus” using blind trust. Are you freakin’ kidding me??? This thing found 4 threats and 26 infections on my computer, allegedly–I might add, but none of them were the trojan that I thought I had and is what led me to this website in the first place.
I have always, still say, and will ALWAYS say that all the antivirus companies are the same ones who spread viruses and trojans across the internet in the first place because it keeps them in business. Without these malicious attacks, they would be out of business. Think about it.
Wowzers, that was easy. I was apprehensive at first, but I’m glad I followed your simple instructions here and used the free download. How fabulous!! I didn’t get the black screen prompting me to enter “Y” but it still worked on the “Tidserv Request 2” virus. Ahh, nice and clean. Thank You Thank You Thank You !!!
Thank you for your simple instructions. I can’t understand why Norton 360 just blocks the incoming intruder but they have NO FIX for getting rid of the TIDSERV Trojan!
OMFG TYSM TYTYTY norton power eraser couldnt even find this but this page needs to be updated the programs changed a lot but i used common sense : P but omg ty you saved me from this huge annoyance
Recently i’ve had trouble with my computer and so i finally got Norton security suite since i get it for free for having comcast. After i did i full scan, it found and removed all these stuff. A day later i kept getting a pop up saying it blocked TIDSERV. So i followed the instruction that was provided to get rid of it but when i did all that nothing was found except for PUM.hijack.startmenu. But the pop up about the TIDSERV finally stopped. The only thing now is that i have Norton security suite, kaspersky lab and malwarebytes anti malware. Is it okay to keep all these three at once??
Thank you for the help. Really impressive how fast and effective it was. I was in a tight jam and could not find a solution to this problem. Your free download was so helpful in my time of need.
Thank all you awesome people from this site……..
I followed the steps above, made sure Malwarebytes was updated, then started a full scan. Malwarebytes ran for 50 minutes and had picked up 2 infected objects. The program then hung up with the following:
C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
At this point nothing happens and I can’t even get my cursor to move. I have no option but to do a hard shutdown. Any other suggestions?
Paul, start a new topic in our Spyware removal forum. I will help you to remove this malware manually.