Hello. I started getting popups from Avast around 30 mins ago and they haven’t stopped. Is it a consistent/continuous malware attack? I don’t know anything at all :-\ was hoping to get some help as to how I can get this virus/malware cleaned from my system.

1st Popup:

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

2nd Popup:

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

thank you very much! and good day

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

here is the file, thanks ;D ;D

btw, the verification image is too hard, cant u guys make it easier? :-\

1. OK, now you’ve to wait a bit…
2. Only needed for your first 3 posts. (Spam protection)

MBAM should have stopped the alerts and I just need to remove the file

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: C:\ProgramData\msbruuoz.exe RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

here it is, is that thing gone from my laptop? :o

It looks like it

Any further problems ?

i think my phone is infected, because it happen after i connect my phone to my laptop.

see here https://forum.avast.com/index.php?topic=53253.0
scroll down to SPECIFIC INFECTIONS LOGS and follow instructions for MCShield
connect your phone and any usb stick / removable drive you have

when done, copy and paste MCShield log here (do not attach this log)

so i must copy paste everything from there, and not attach it?

yes