Jump to content
sarahkm2

Internet Explorer Redirect virus

Recommended Posts

sarahkm2   

I am having problems with being redirected to random websites every time I go online (I have Internet Explorer) and type in a search. The problem started last week (end of March).

I tried scanning with Kaspersky 2009 version, nothing was found. Took to Best Buy and they did a basic scan and found nothing. I updated to Kaspersky 2011 and did a deep scan in safe mode. Here's what I found:

 

3/31/2011 4:04:25 PM Suspicious phishing URL xxp://ra.pcsecurityshield.com/n/VHTcvq1BAAL91kMAAAhnQgAAcXpmMQA-A/" /ra.pcsecurityshield.com/n/VHTcvq1BAAL91kMAAAhnQgAAcXpmMQA-A/"//ra.pcsecurityshield.com/n/VHTcvq1BA...nQgAAcXpmMQA-A/[/url] High

3/31/2011 4:04:26 PM Suspicious phishing URL xxp://ra.pcsecurityshield.com/favicon.ico//ra.pcsecurityshield.com/favicon.ico[/url] High

4/4/2011 9:33:54 AM Detected legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f c:\program files (x86)\common files\supportsoft\bin\ssrc.exe//data0000.res Low

4/4/2011 9:33:54 AM Detected legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f c:\program files (x86)\common files\supportsoft\bin\ssrc.exe//data0000.res//VncViewer.class Low

Also, some QuickBooks files were listed.

 

Here is the report from system info:

http://www.getsysteminfo.com/read.php?file...c07e1ca9b302df4

 

What do I need to do next??

 

edit: links disabled.

Edited by richbuff

Share this post


Link to post
Share on other sites
richbuff   

Your gsi report has a big, red, bold Warning emblazoned across it. Please upload a non-altered gsi report.

 

Why no Vista SP2?

 

The first Important topic has instructions for two logs. Please attach the other log.

 

 

Share this post


Link to post
Share on other sites
richbuff   

Run this script, instructions: http://forum.kaspersky.com/index.php?showt...mp;#entry678368 PC will reboot:

begin
QuarantineFile('C:\Users\Hannah\appdata\roaming\systemproc\lsass.exe','');
DeleteFile('C:\Users\Hannah\appdata\roaming\systemproc\lsass.exe');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.

Share this post


Link to post
Share on other sites
sarahkm2   

Yes! I am not having the redirect problem now! Thank you so much!

Kaspersky is still saying, though, that my computer security is at risk and showing yellow instead of green. It says it detected legal software that can be used by criminals for damaging computer or personal data. This may be from QuickBooks, since i've seen QuickBooks files show up when I do scans. Is this something I shouldn't worry about since my redirect problem is fixed now?

Share this post


Link to post
Share on other sites
richbuff   

You're welcome. Please post the full, complete detection details. Post screenshot of Detected > Active threats. and a screenshot of All detected, too.

With columns widened to show full detected and name and object and path/location details.

 

How to take and post screenshot: PrtSc (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or

png, Not bmp). When replying, Browse > click once to select file > Open > Upload > add reply.

Share this post


Link to post
Share on other sites
sarahkm2   

Here's the second part. I did a new scan with Kaspersky this morning and it looks like it may have fixed something automatically because it went from flashing red to showing just warning yellow now.

post-344521-1302794543_thumb.png

Share this post


Link to post
Share on other sites
richbuff   

Please delete the desktop\quarantine folder.

 

The first two detections were detected on website and blocked.

 

The remote admin detections: Those are ok. Kaspersky is letting you know that you may want to be advised of those Intuit Quickbooks remote admin support items. Those are legal and safe. You can right click those detections and Add to exclusions.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×