Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on July 30, 2015, 11:38:27 PM

Title: disorderstatus.ru - msiexec.exe
Post by: REDACTED on July 30, 2015, 11:38:27 PM

Hello good people,

I'm keep getting this pop out from AVAST about some threat:

Quote
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

I feel lost and I don't know what to do (I'm really bad at this kind of stuff and also feel scared of deleting some crucial part of the system).
 
I would really appreciate your help!
Please, find the attachments (aswMBR logs, FRST, Addition and Mbam logs)
Best regards.

Title: Re: disorderstatus.ru - msiexec.exe
Post by: dbrisendine on July 31, 2015, 03:37:44 AM

FIRST >>>>
(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Fix with Farbar Recovery Scan Tool

(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) This fix was created for this user for use on that particular machine. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)
(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) Running it on another one may cause damage and render the system unstable. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here (http://www.bleepingcomputer.com/download/adwcleaner/) or from here (https://toolslib.net/downloads/viewdownload/1-adwcleaner/). Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  (http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v4111_zpsn56hzjza.png)
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this

(http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg)

• On reboot a log will be produced; please attach that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
  
  Optional:
  
  NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

Title: Re: disorderstatus.ru - msiexec.exe
Post by: REDACTED on July 31, 2015, 08:01:16 AM

Thanks a lot!

So far I don't see any pop up from AVAST. I think it's fine :)

I atteched the fix logs. Thank you for your help!

Title: Re: disorderstatus.ru - msiexec.exe
Post by: dbrisendine on July 31, 2015, 10:01:51 PM

Please check your System Restore settings; it seems to be disabled (if you did not know this).  You can find the settings in System > System Protection.

---

Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here (https://toolslib.net/downloads/finish/2/) to your desktop and double click it to start the program
  
• Ensure Remove disinfection tools is ticked
  Also tick:
  
• Activate UAC
• Create registry backup
• Purge system restore
• Reset system settings

(http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png)

• Click Run
  
• The program will run for a few moments and then notepad will open with a log. Please attach the log in your next reply.
  

You can delete any log files left on your desktop as these are no longer needed.

Title: Re: disorderstatus.ru - msiexec.exe
Post by: REDACTED on August 01, 2015, 01:18:29 PM

Thanks!

Title: Re: disorderstatus.ru - msiexec.exe
Post by: REDACTED on August 04, 2015, 07:23:34 PM

@dbrisendine

It didn't worked :( I'm still getting the same message, and now it's even more often...

and there is also a new one (besides the old one):
Quote
http://differentia.ru/diff.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

should I scan with all this programs more time? what can I do more? :(

Title: Re: disorderstatus.ru - msiexec.exe
Post by: dbrisendine on August 05, 2015, 07:13:17 AM

Yes, please run through these scans once again.  (Sorry for the delay!)

Please follow the scans in this topic and attach as many of the logs as you can run.
Logs to assist in cleaning malware  (https://forum.avast.com/index.php?topic=53253.0)