Mal Alerts: http://disorderstatus.ru/order.php & http://differentia.ru/diff.php

system · 2015-09-14T08:46:07.000Z

I see this is a common concern on this forum. Someone borrowed my USB and gave me this virus. I would really appreciate any help. The constant alerts are driving me nuts and keeping me from being productive at work. :-\

1st Alert:

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

2nd Alert:

URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

Pondus · 2015-09-14T08:55:59.000Z

there may be some hours wait before malware team is online, usually after work hours european time

to clean your USB stick install MCShield http://www.mcshield.net/
you find instructions here https://forum.avast.com/index.php?topic=53253.0 if you scroll down to … SPECIFIC INFECTIONS LOGS

this log you copy and paste here (not attach) or we cant read it, some forum issue

system · 2015-09-14T09:19:57.000Z

Hi there. Thanks for helping me out! I ran MCShield some time back. Here is the log:

MCShield AllScans.txt <<<

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2015.9.13.1 / Windows 7 <<<

14-Sep-15 12:50:54 PM > Drive C: - scan started (OS ~59 GB, NTFS HDD )…

=> The drive is clean.

14-Sep-15 12:50:55 PM > Drive D: - scan started (no label ~230 GB, NTFS HDD )…

=> The drive is clean.

14-Sep-15 12:50:55 PM > Drive F: - scan started (no label ~7424 MB, FAT32 flash drive )…

F:\Removable Drive (8GB).lnk - Suspicious > Renamed. (MD5: 3759aac8f4925902c58738b9d4b4bf1f)

Resetting attributes: F:\ < Successful.

=> Suspicious files : 1/1 renamed.
=> Hidden folders : 1/1 unhidden.

::::: Scan duration: 2sec ::::::::::::::::::

I figured out how to stop all the Avast alert popups by going to settings and checking gaming mode. But I would still love to get rid of this malware!

dbrisendine · 2015-09-15T05:57:54.000Z

FIRST >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

- [b]Vista/7/8 users:[/b] Right click the [b]AdwCleaner[/b] icon on the desktop, click [b]Run as administrator[/b] and accept the UAC prompt to run AdwCleaner.

You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v4111_zpsn56hzjza.png

- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

- On reboot a log will be produced; please attach that in your next reply. This report is also saved to [b]C:\AdwCleaner\AdwCleaner[C#].txt[/b]  (Note: # will be replaced with a number relative to the scan times.)

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

Announcements