Help! disorderstatus.ru/order.php and http://differentia.ru/diff.php

Hello. I started getting popups from Avast around 30 mins ago and they haven’t stopped. Is it a consistent/continuous malware attack? I don’t know anything at all :-\ was hoping to get some help as to how I can get this virus/malware cleaned from my system.

1st Popup:

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

2nd Popup:

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

thank you very much! and good day

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Will do so now

Monitoring…

Malwarebytes Scan Log
FRST Scan Log
ADDITION Log
aswMBR Scan Log

sorry for the little bit late reply. Power was out.

*note: Popups stopped appearing right after MalwareBytes detected, and deleted, 3 infection.

MalwareBytes deleted registry entries, but file is still there:

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Here it is

Would also like to follow on the status of my flash drive. I’m only guessing that this is where I got the infection in the first place? Would want to know how I could clean it, if ever; and if I have to do the whole cleaning process again if ever I plug my flash drive into my laptop

Please download MCShield from one of the following links:

MCShield -Official download link

[*]Double click on MCShield-Setup to install the application.
Next => I Agree => Next => Install … per installation click on Run! button.
[]Wait a few seconds to MCShield finish initial HDD scan…
[
]Connect all your USB storage devices to the computer one at a time. Scanning will be done automatically.
[*]When all scanning is done, you need to post a logreport that MCShield has created.

Under Logs tab (in Control Center) for AllScans.txt log section click on Save button. AllScanst.txt report shall be located on your Desktop.

=> Post here AllScanst.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

Here is all scans log from MCShield. Are we all clean now? :slight_smile:

Can you copy/paste MCShield report?

MCShield AllScans.txt <<<


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.7.25.1 / Windows 8.1 <<<

8/5/2015 7:39:00 PM > Drive C: - scan started (Acer ~719 GB, NTFS HDD )…

=> The drive is clean.

8/5/2015 7:39:01 PM > Drive E: - scan started (no label ~195 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.7.25.1 / Windows 8.1 <<<

8/5/2015 7:39:55 PM > Drive G: - scan started (Sandisk ~7632 MB, NTFS flash drive )…

G:\Sandisk (8GB).lnk - Malware > Deleted. (15.08.05. 19.39 Sandisk (8GB).lnk.402355; MD5: e7c10cf75a4f66f2039b52be686d0df7)

Resetting attributes: G:\ < Successful.

=> Malicious files : 1/1 deleted.
=> Hidden folders : 1/1 unhidden.


::::: Scan duration: 1sec ::::::::::::::::::


MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.7.25.1 / Windows 8.1 <<<

8/5/2015 7:41:59 PM > Drive G: - scan started (Sandisk ~7632 MB, NTFS flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.7.25.1 / Windows 8.1 <<<

8/5/2015 7:43:34 PM > Drive G: - scan started (Sandisk ~7632 MB, NTFS flash drive )…

=> The drive is clean.

was that the report you were looking for?

Yes, and with this report we’re done here :slight_smile:

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:

[]Remove disinfection tools
[
]Purge system restore
[*]Reset system settings

[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thank you very much!! a great first time asking for help on the avast forums. big thumbs up

hello sir. I stumbled on this thread looking for solutions for the same problem. i was about to do the same but you said that “This fix was created for this user for use on that particular machine.” please help me with this problem also. Thanks in advance :slight_smile:

Start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0

Same problem here. I am using Win7. Should I do the same process that you have instructed?

Start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0

Hai, my name is Hendra. I’m from indonesia. I get same problem with this malware
What should I do to fix the problem? Or I should be re-instal my PC? :-
Thank you , please help as soon as possible :slight_smile: