system
December 3, 2015, 7:34am
1
Hello,
I started getting a pop up from avast saying it has blocked a harmful webpage or file and it hasnt stopped ever since. I believe my pc has been hit with some kind of malware.
Below is the message displayed in the pop up
URL: http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
Also my browsers are constantly getting hijacked by adware websites like delta homes etc.
How do I fix this?
Asyn
December 3, 2015, 7:38am
2
Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0
system
December 3, 2015, 10:24am
3
Hey!
Here are the logs you asked me for. The pop up from Avast has stopped.
Asyn
December 3, 2015, 10:27am
4
OK, now you’ve to wait a bit…
On completion of this could you copy the folder C:\FRST to your dropbox public folder and post the link for me to collect it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2013-08-22 09:26 - 2013-08-22 09:26 - 88518656 ___SH () C:\ProgramData\msrhdwnm.exe
2015-11-24 13:33 - 2015-11-24 13:33 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
system
December 4, 2015, 7:13am
7
Here you go! I hope Ive attached the right file.
All alerts should now have ceased… Were you able to copy the FRST folder to your dropbox for me to collect