removing a virus

i m receiving thismessage from avast again and again. Which is as following
avast!Web Shield has blocked a harmful webpage or file
object: http://disorderstatus.ru/order.php
infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

i have run avast quick, full and boot scans and hitman pro and malware bytes with no success

Monitoring

Thanks! is there anything else you need to help you? How long do these things take, just out of interest, not meaning to be impatient or anything :slight_smile:

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

One of the problems is that you are using things from IoBit:
https://forums.malwarebytes.org/index.php?/topic/29681-iobit-steals-malwarebytes-intellectual-property/

Also consider:

That this was an insecure connection a priori, content-security-policy and cache-control headers insecure with no header response and that autocomplete settings did not apply due to an overriding factor such as the insecure connection here.

See: https://www.virustotal.com/nl/url/9327dba6048752b51c9d8e1d76cf2b6df7a34efdd4fae7ff51ac4c9e3abe2d8d/analysis/
Malware detected here: http://urlquery.net/report.php?id=1429538091866
Quttera blacklisted domain. PHP/5.4.39-0+deb7u2 → http://www.intelligentexploit.com/view-details.html?id=21223
Pingback vulnerable.

polonus

Hi Argus,

It appears to have worked! Thank you so much i really appreciate it. After years of using Avast that was only the second time i have had a virus. I’m sure you’re busy but any chance you could give me a quick explanation of what you did? I’m curious as to how these things work.

HKU\S-1-5-21-2102785434-1990896426-4288645876-1001.…\CurrentVersion\Windows: [Load] C:\ProgramData\msjddorjr.exe <===== ATTENTION

Malware in startup.

Uninstall IObit it’s fake program.

The following will implement some post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:

[]Remove disinfection tools
[
]Purge system restore
[*]Reset system settings

[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)

[SIZE=1]The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.