Help with http://disorderstatus.ru/order.php

[REDACTED]

Hi,

Hoping to get help with this new detection repeatedly popping up on Avast:

Avast Web Shield has blocked a harmful webpage or file

URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

I suspect I was infected through a thumb drive, although Avast didn't detect anything when I initially scanned the drive, which seems strange to me.

MBAM, FRST and aswMBR logs attached.

Thanks in advance!

[TwinHeadedEagle]

Hello,


Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Hi TwinHeadedEagle,

As requested, Zoek-results attached here. Thanks for the help!

[REDACTED]

The detection seems to have stopped so far after the ZOEK reboot

[TwinHeadedEagle]

Very good. Anything else I can help?

[REDACTED]

Thank you very much TwinHeadedEagle!

[REDACTED]

Hi TwinHeadedEagle i have the same problem of : gcbaluyut
Avast is always detecting a virus
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
I'm following the instructions that you gave in the topic.
What should i do after using Zoek???

[TwinHeadedEagle]

Please open your own topic.

[REDACTED]

Hi TwinHeadedEagle i have the same problem with
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe
I'm following the instructions that you gave in the topic.

[REDACTED]

Hi TwinHeadedEagle, 

I have the same problem with
URL: http://disorderstatus.ru/order.php
Infection: URL:Mal
Process: C:\Windows\SysWOW64\msiexec.exe

I followed the instustions u have mentioned above, and i have attached my Zoek-results here. But my problem is not solved

[REDACTED]

Hi TwinHeadedEagle,
I just do what you told and the ZOEK is work for me...
 Thanks a lot!

sorry for my bad english

[REDACTED]

Greatings !

I had the same problem and followed the instructions .
The problem was solved but my laptop has no sound after the procedure ..
What can I do about it ? I've checked all of the drivers and the speakers... And the system didn't detect any problems ..