system
August 7, 2015, 5:15am
1
So, I came home to find the family computer infected, this messages are popping up:
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
I´m not sure about the source of infection. I’m attaching the recommended logs, though aswMBR.exe keeps crashing and cant get that log.
Hope someone can help me T_T.
MBAM killed the launch point but left the file behind
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2011-01-15 09:53 - 2011-01-15 09:53 - 75100544 ___SH () C:\ProgramData\mssdbn.exe
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
August 7, 2015, 2:20pm
3
So far so good, i´m attaching the fixlog from FRST. Hope is over :3.
Have the alerts now ceased ?