Malware keeps on popping, attached are the logs generated by frst.exe
Please help
Object: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\WINDOWS\SysWOW64\msiexec.exe
Malware keeps on popping, attached are the logs generated by frst.exe
Please help
Object: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\WINDOWS\SysWOW64\msiexec.exe
Hi I have found the file, however, this is a new variant and I can not yet see where it is being launched from
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: S2 0256611381287776mcinstcleanup; C:\Users\ADMINI~1\AppData\Local\Temp\025661~1.EXE -cleanup -nolog [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] 2012-07-26 10:06 - 2012-07-26 11:20 - 83165312 ___SH () C:\ProgramData\msruds.exe RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
It seems the popup stopped, thank you very much for the assistance.
Again, thanks.
Are you getting any errors on system start ?