system
August 5, 2015, 5:34am
1
Hi Avast,
I need help on this ‘Disorder Status’ malware. I plugged in a pen drive today and it had some kind of malware, I have tried scanning with avast but with no result.
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
I’ve attached two logs from Farbar Recover Scan Tool, one from aswmbr, one from Malwarebytesscan.
Please help,
Thank you
MBAM left the file behind
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2015-07-18 16:25 - 2015-06-16 01:16 - 74556928 ___SH () C:\ProgramData\msefc.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-18] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-18] (McAfee, Inc.)
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that