Also got a problem with disoderstatus.ru

This morning I got pop ups from Avast saying:

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

I haven’t done anything but a scan from Avast, because after reading this topic https://forum.avast.com/index.php?topic=53253.0 I’m not sure what are the first steps I should do.

Ok, I followed the steps and here are the logs (attachements).

I would really appreciate the help.

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-1282577008-4036829767-2089237545-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msrtv.exe <===== ATTENTION 2015-09-14 20:17 - 2015-06-15 22:42 - 89971584 ___SH () C:\ProgramData\msrtv.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

Here is the log file.

Have the alerts ceased ?

No, it’s still happening.

But after I got the Fixlog, it was quiet for like a few minutes and then I plugged in my usb drive and it started again, although MCShield said that there is no malware on it. I’m not sure if it’s related.

And now MCShield detects a malware on the usb drive…

Your USB is the source of the infection. Let MCShield clean it then post a fresh FRST log

Ok, here is the FRST log

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-1282577008-4036829767-2089237545-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msrtv.exe <===== ATTENTION 2015-09-14 20:17 - 2015-06-15 22:42 - 76138112 ___SH () C:\ProgramData\msrtv.exe RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

I think it’s solved. There’s no pop up messages, for now. Hope there won’t be any more. And I can successfully format my usb without leftover folders.

I was in a hurry today, so I took a second usb drive to take some files with me, and now I’m not sure if it’s infected as well. I’m hesitating to plug that one in. Will I need to repeat all of this again with the second usb?

Thank you for your help and patience.

When you insert the USB hold the shift key down and it will not autorun, then scan with MCShield