Disorderstatus.ru/order.php detected

Viruses and worms
1

Hello

My avast has been detecting http://disorderstatus.ru/order.php all the time

Tips on how to proceed?

Thanks a lot!

2

Hi Thatbruno, welcome to the forum :slight_smile:

Please follow this turtorial https://forum.avast.com/index.php?topic=53253.0 and attach the requested logs in your next reply.
As soon as an expert is online and available he/she will help you.

Greetz, Red.

3

Thank you!

Here are my logs.
Things seem to be back to normal already

4

Let me know if there are any problems after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-1547161642-606747145-1417001333-1003\...\Winlogon: [Shell] C:\WINDOWS\Explorer.exe [1035776 2008-04-14] (Microsoft Corporation) <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:3059;https=127.0.0.1:3059; HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac" FF NetworkProxy: "type", 2 C:\Windows\Tasks\At1.job C:\Documents and Settings\All Users\mshcqocz.exe Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\MARIAN~1\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.