HELP: C:\Windows\SysWOW64\msiexec.exe PROBLEM

I have problems since today with C:\windows\SysWOW64\msiexec.exe that is detected every 10 seconds by AVAST web shield, but cant delete that virus or infected file

Am a newbie so pardon if wrong procedure… Creating a new thread since the URLs in the avast look different from other threads.

AVAST shows these two messages:


Blocked infection

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

and…

URL: http://atomictrivia.ru/atomic.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

Ran the Farbar Recovery Scan Tool and attaching the generated Addition.txt and FRST.txt files.

Thanks a million in advance. Kindly advice on further action.

Have you run Malwarebytes as I cannot see the trigger ?

Here is the Malwarebytes Anti-Malware ScanLog… I hope this is what you were asking for… Do guide me if this is not the file you were expecting…

OK this beast has changed if you are still getting alerts

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Dear essexboy,

Deeply thankful for your prompt help. Greatly respect the time and effort you are putting in. A few hours before your reply I was able to get a friend of mine to visit and inspect my system. He works for a company that provides Maintenance Contracts for computer systems.

He fixed the issue and i had to do some coaxing to tell him what tools he used so that i could post to tell you. He said he used something called Trojorm Removal Tool

Now the Avast alerts are not coming up and the flash/thumb drives that i plugin are not getting the files hidden and replaced with that shortcut. I think the issue is fixed.

I followed the instructions provided in another thread for the same problem in this forum [ https://forum.avast.com/index.php?topic=176379.0 ] and installed MCShield as an additional layer of protection over avast for thumb drives after my friend fixed the issue.

Im sure the fix you provided would have worked perfectly as well. I am really thankful for you finding time to analyze the logs and posting a fix.

Keep up the great work.

Lots of thanks and regards
Michael

What file name was detected ?