Internet Explorer Redirect virus Options

[sarahkm2]

I am having problems with being redirected to random websites every time I go online (I have Internet Explorer) and type in a search. The problem started last week (end of March).
I tried scanning with Kaspersky 2009 version, nothing was found. Took to Best Buy and they did a basic scan and found nothing. I updated to Kaspersky 2011 and did a deep scan in safe mode. Here's what I found:

3/31/2011 4:04:25 PM Suspicious phishing URL xxp://ra.pcsecurityshield.com/n/VHTcvq1BAAL91kMAAAhnQgAAcXpmMQA-A/" /ra.pcsecurityshield.com/n/VHTcvq1BAAL91kMAAAhnQgAAcXpmMQA-A/"//ra.pcsecurityshield.com/n/VHTcvq1BA...nQgAAcXpmMQA-A/[/url] High
3/31/2011 4:04:26 PM Suspicious phishing URL xxp://ra.pcsecurityshield.com/favicon.ico//ra.pcsecurityshield.com/favicon.ico[/url] High
4/4/2011 9:33:54 AM Detected legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f c:\program files (x86)\common files\supportsoft\bin\ssrc.exe//data0000.res Low
4/4/2011 9:33:54 AM Detected legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f c:\program files (x86)\common files\supportsoft\bin\ssrc.exe//data0000.res//VncViewer.class Low
Also, some QuickBooks files were listed.

Here is the report from system info:
http://www.getsysteminfo.com/read.php?file...c07e1ca9b302df4

What do I need to do next??

_{edit: links disabled.}

This post has been edited by richbuff: 5.04.2011 04:26

[richbuff]

Your gsi report has a big, red, bold Warning emblazoned across it. Please upload a non-altered gsi report.

Why no Vista SP2?

The first Important topic has instructions for two logs. Please attach the other log.

[sarahkm2]

Here is the new gsi report:
http://www.getsysteminfo.com/read.php?file...d18c15547fa1ecb
please let me know if it is "altered." I don't know why the first one was.

Why no Vista SP2? i was just told this was something i needed to do!

I've attached the other log that you were asking for.

Attached File(s)

 virusinfo_syscure.zip ( 43.57K ) Number of downloads: 3

 

[richbuff]

Run this script, instructions: http://forum.kaspersky.com/index.php?showt...mp;#entry678368 PC will reboot:

CODE

begin
QuarantineFile('C:\Users\Hannah\appdata\roaming\systemproc\lsass.exe','');
DeleteFile('C:\Users\Hannah\appdata\roaming\systemproc\lsass.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.

[sarahkm2]

I've attached the log from the scan.

Attached File(s)

 mbam_log_2011_04_11__09_59_36_.txt ( 1.2K ) Number of downloads: 8

 

[richbuff]

Remove Selected what Malwarebytes detects > reboot. Any changes noted with your issue?

[sarahkm2]

Yes! I am not having the redirect problem now! Thank you so much!
Kaspersky is still saying, though, that my computer security is at risk and showing yellow instead of green. It says it detected legal software that can be used by criminals for damaging computer or personal data. This may be from QuickBooks, since i've seen QuickBooks files show up when I do scans. Is this something I shouldn't worry about since my redirect problem is fixed now?

[richbuff]

You're welcome. Please post the full, complete detection details. Post screenshot of Detected > Active threats. and a screenshot of All detected, too.
With columns widened to show full detected and name and object and path/location details.

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or
png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

[sarahkm2]

Here's the first part. The files are too big to upload both at once.

Attached File(s)

 Screen_shot_4.png ( 169.78K ) Number of downloads: 12

 

[sarahkm2]

Here's the second part. I did a new scan with Kaspersky this morning and it looks like it may have fixed something automatically because it went from flashing red to showing just warning yellow now.

Attached File(s)

 Screen_shot_5.png ( 151.06K ) Number of downloads: 8

 

[richbuff]

Please delete the desktop\quarantine folder.

The first two detections were detected on website and blocked.

The remote admin detections: Those are ok. Kaspersky is letting you know that you may want to be advised of those Intuit Quickbooks remote admin support items. Those are legal and safe. You can right click those detections and Add to exclusions.

[sarahkm2]

Thanks! Will do it!