Tidserv infections

Tidserv infections are very common nowadays, and more then just a little annoying. Tidserv malware can be installed on an unsuspecting clients machine with no clear indication that they have even been affected.  Fake URLS, peer to peer (P2P) software (like uTorrent), instant messaging links and/or downloads, and even legitimate websites hacked by some ill-willed individual may be one of the ways a computer may become infected.

Internet scamming has become even more profitable then the drug trade.  Tidserv is a major contributing factor in this. The process is simple.  A malicious coder will disperse the infection in the aforementioned ways. Once he/she has infected computers, he/she will be able to send out even MORE malicious code, or, the “flavor of the week.” They may have complete control of that computer, with the ability to install key-loggers to steal password and bank information.  They may also install rogue “anti-virus” software like “XP Security Software 2012.” Cleverly named to mislead people, this fake anti-virus will claim to detect multiple infections on your computer, and you would need to pay for the program in order to remove them. But, of course, when you pay, nothing happens. You just give a crook your hard-earned money and get more malware in the process. Tidserv may also hijack your web browser, and no matter how many times you change it, it always goes back to whatever website tidserv sets the browser to be in.

Even more annoying are the tidserv infections that attack the master boot record (MBR). These infections are on a seperate partition on the hard drive, so even a format wouldnt rid the hard drive of the infection. Upon re-installation of the operating system, the infected MBR would just re-infect the computer.  Specialized tools are needed to remove tidserv from the MBR of a hard drive.

Tidserv infections are versatile, and sometimes pretty tricky to fight. They have the ability to phone home for the latest updates to itself, making it just that much harder to get rid of. By infecting a system with its own code, the infection can sometimes remain virtually hidden from even the best anti virus programs out there.  Education is the best way to help prevent a computer from being infected, thought nothing is 100%. Keep an eye out for sudden changes in your computers performance, check to see if a new process has started to run during start up, and never click on a “fishy” looking link, and never pay for a program that suddenly has appeared on your computer!


3 thoughts on “Tidserv infections

  1. It’s a shame that scammers develop this software to trick people into purchasing their “fix” to remove the program. I wonder how many people fall victim to paying what they ask, and still result with the infection on their computers..

  2. It’s very good advice, but I wonder what the big picture solution to this problem is. For a while, I thought Microsoft was going in the “trusted developer” route, and I was happy for that, but they didn’t really pursuit it greatly.

  3. Even with a patched OS, up to date AV, an anti-spyware program or 2 with real-time protection, WPA2, and the latest Firefox with popup blocking and secure settings, your computer is still at risk. You still need to be careful about what you click on. In my opinion those drive by downloads are the scariest. For example, you’re googling something and one of the top results seems to have what you’re looking for so you click the link. Before you know it, you’ve got a popup dialog box that only allows you to click OK and the only way to get around this is to go to task manager and end the process firefox.exe or do a hard reboot. If I were someone that didn’t know better I might have just clicked OK to get rid of the window but by then you’re infected. But it might not even appear in a window; the drive by downloads can run silently which is even worse.

Comments are closed.