Disorderstatus and differentia.ru

Viruses and worms
1

Hello!

I’ve started to getting popus from Avast telling me that I do have these malwares.

Would someone help me, please?

1st Popup:

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

2nd Popup:

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

2

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

3

About the mbam log, I’ve made two. The first one I did using the program in portugeuse and it accused a Trojan, the second one is in English and didn’t accuse an error.
Both attached

Thank you for your attention :slight_smile:

4

OK, now you’ve to wait a bit…

5

That’s fine, thank you so much. It’s 02am in Brazil, so I’m going to sleep atm haha but I’m back as soon as I can.

Thank you again for your help anyway :slight_smile:

6

You’re welcome, good night.

7

Could you let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] 2015-07-17 09:46 - 2015-06-15 18:16 - 74387072 ___SH () C:\ProgramData\msbnuznf.exe C:\ProgramData\FileSplitUpLoad.dll C:\ProgramData\msbnuznf.exe C:\Users\Todos os Usuários\FileSplitUpLoad.dll C:\Users\Todos os Usuários\msbnuznf.exe RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that