IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Internet Explorer Redirect virus
sarahkm2
post 4.04.2011 17:50
Post #1


Newbie
*

Group: Members
Posts: 7
Joined: 1.04.2011




I am having problems with being redirected to random websites every time I go online (I have Internet Explorer) and type in a search. The problem started last week (end of March).
I tried scanning with Kaspersky 2009 version, nothing was found. Took to Best Buy and they did a basic scan and found nothing. I updated to Kaspersky 2011 and did a deep scan in safe mode. Here's what I found:

3/31/2011 4:04:25 PM Suspicious phishing URL xxp://ra.pcsecurityshield.com/n/VHTcvq1BAAL91kMAAAhnQgAAcXpmMQA-A/" /ra.pcsecurityshield.com/n/VHTcvq1BAAL91kMAAAhnQgAAcXpmMQA-A/"//ra.pcsecurityshield.com/n/VHTcvq1BA...nQgAAcXpmMQA-A/[/url] High
3/31/2011 4:04:26 PM Suspicious phishing URL xxp://ra.pcsecurityshield.com/favicon.ico//ra.pcsecurityshield.com/favicon.ico[/url] High
4/4/2011 9:33:54 AM Detected legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f c:\program files (x86)\common files\supportsoft\bin\ssrc.exe//data0000.res Low
4/4/2011 9:33:54 AM Detected legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f c:\program files (x86)\common files\supportsoft\bin\ssrc.exe//data0000.res//VncViewer.class Low
Also, some QuickBooks files were listed.

Here is the report from system info:
http://www.getsysteminfo.com/read.php?file...c07e1ca9b302df4

What do I need to do next??

edit: links disabled.

This post has been edited by richbuff: 5.04.2011 04:26
Go to the top of the page
 
+Quote Post
richbuff
post 5.04.2011 04:33
Post #2


Oldtimer
****************

Group: Moderators
Posts: 47388
Joined: 14.06.2007




Your gsi report has a big, red, bold Warning emblazoned across it. Please upload a non-altered gsi report.

Why no Vista SP2?

The first Important topic has instructions for two logs. Please attach the other log.



--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
sarahkm2
post 9.04.2011 00:08
Post #3


Newbie
*

Group: Members
Posts: 7
Joined: 1.04.2011




Here is the new gsi report:
http://www.getsysteminfo.com/read.php?file...d18c15547fa1ecb
please let me know if it is "altered." I don't know why the first one was.

Why no Vista SP2? i was just told this was something i needed to do!

I've attached the other log that you were asking for.
Attached File(s)
Attached File  virusinfo_syscure.zip ( 43.57K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
richbuff
post 9.04.2011 05:04
Post #4


Oldtimer
****************

Group: Moderators
Posts: 47388
Joined: 14.06.2007




Run this script, instructions: http://forum.kaspersky.com/index.php?showt...mp;#entry678368 PC will reboot:
CODE
begin
QuarantineFile('C:\Users\Hannah\appdata\roaming\systemproc\lsass.exe','');
DeleteFile('C:\Users\Hannah\appdata\roaming\systemproc\lsass.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
sarahkm2
post 11.04.2011 18:01
Post #5


Newbie
*

Group: Members
Posts: 7
Joined: 1.04.2011




I've attached the log from the scan.
Attached File(s)
Attached File  mbam_log_2011_04_11__09_59_36_.txt ( 1.2K ) Number of downloads: 8
 
Go to the top of the page
 
+Quote Post
richbuff
post 12.04.2011 04:19
Post #6


Oldtimer
****************

Group: Moderators
Posts: 47388
Joined: 14.06.2007




Remove Selected what Malwarebytes detects > reboot. Any changes noted with your issue?


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
sarahkm2
post 12.04.2011 17:35
Post #7


Newbie
*

Group: Members
Posts: 7
Joined: 1.04.2011




Yes! I am not having the redirect problem now! Thank you so much!
Kaspersky is still saying, though, that my computer security is at risk and showing yellow instead of green. It says it detected legal software that can be used by criminals for damaging computer or personal data. This may be from QuickBooks, since i've seen QuickBooks files show up when I do scans. Is this something I shouldn't worry about since my redirect problem is fixed now?
Go to the top of the page
 
+Quote Post
richbuff
post 13.04.2011 04:42
Post #8


Oldtimer
****************

Group: Moderators
Posts: 47388
Joined: 14.06.2007




You're welcome. Please post the full, complete detection details. Post screenshot of Detected > Active threats. and a screenshot of All detected, too.
With columns widened to show full detected and name and object and path/location details.

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or
png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
sarahkm2
post 14.04.2011 19:20
Post #9


Newbie
*

Group: Members
Posts: 7
Joined: 1.04.2011




Here's the first part. The files are too big to upload both at once.
Attached File(s)
Attached File  Screen_shot_4.png ( 169.78K ) Number of downloads: 12
 
Go to the top of the page
 
+Quote Post
sarahkm2
post 14.04.2011 19:23
Post #10


Newbie
*

Group: Members
Posts: 7
Joined: 1.04.2011




Here's the second part. I did a new scan with Kaspersky this morning and it looks like it may have fixed something automatically because it went from flashing red to showing just warning yellow now.
Attached File(s)
Attached File  Screen_shot_5.png ( 151.06K ) Number of downloads: 8
 
Go to the top of the page
 
+Quote Post
richbuff
post 15.04.2011 05:11
Post #11


Oldtimer
****************

Group: Moderators
Posts: 47388
Joined: 14.06.2007




Please delete the desktop\quarantine folder.

The first two detections were detected on website and blocked.

The remote admin detections: Those are ok. Kaspersky is letting you know that you may want to be advised of those Intuit Quickbooks remote admin support items. Those are legal and safe. You can right click those detections and Add to exclusions.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
sarahkm2
post 15.04.2011 21:54
Post #12


Newbie
*

Group: Members
Posts: 7
Joined: 1.04.2011




Thanks! Will do it!
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 20.04.2014 23:05