Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
10 Dec 2008
The W32.Tidserv application multiplies through removable drives. The systems affected include Windows Vista, Windows XP, Windows Server 2003, Windows NT and Windows 2000.
W32.Tidserv Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Tidserv from your computer.
More details about W32.Tidserv
Once this worm was executed, the worm replicates itself and creates a file containing capabilities of rootkit. This worm may create multiple files and then copies files. It creates an entry from the registry and creates the TDKP event. Also this worm propagates by replicating to all of the removable drives for instance is the USB. It tries to generate infinite loop to avoid the removal of it. In a remote location, W32.tidserv connects with. Also this downloads a file having capabilities of a rootkit then saves it. The capability of rootkit was being used to hide the files and the registry keys having names that start with msqpdx strings. This worm can also create a service by adding some entries to the subkeys of the registry.
The W32.tidserv has the ability to redirect to the Internet access in case the URL that you have requested contains youtube.com, www.ask.com, altavista.com, search.aol.com, alltheweb.com, microsoft.com, tribalfusion.com, trafficmp.com, yimg.com, ask2.pricegrabber.com, .adrevolver.com, google, opselect.com, search.icq.com etc. The worm also changes the server options of DNS to the fixed IPs 18.104.22.168, 22.214.171.124, 126.96.36.199, and 188.8.131.52. The worm may redirect at random to some Internet sites that are displaying advertisements or to locations that may takes information that are confidential. It can also download extra malware on to the computers that are compromised. W32.tidserv may lower the security settings by immobilizing your antispyware software.