« previous next »
Pages: [1]   Go Down

Author Topic: http://disorderstatus.ru/order.php  (Read 1453 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
http://disorderstatus.ru/order.php
« on: July 29, 2015, 05:32:44 PM »
Hi Avast,

I need help ..

aaa.txt is the malware history log..

Thanks.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: http://disorderstatus.ru/order.php
« Reply #1 on: July 29, 2015, 06:46:31 PM »
Could you let me know if this stops it

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
HKU\S-1-5-21-3043237361-960592186-1168485760-1001\...\Run: [pnwqahtfhe] => wscript.exe //B "C:\Users\Aris\AppData\Local\Temp\pnwqahtfhe.vbs" <===== ATTENTION
CHR HKU\S-1-5-21-3043237361-960592186-1168485760-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-3043237361-960592186-1168485760-1002] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing
S2 UpdaterSvcHulaToo; "C:\Program Files (x86)\HulaToo\updater.exe" [X]
AlternateDataStreams: C:\Users\Aris\Local Settings:ma7cCFEHHtZ1hMVecwwWk
AlternateDataStreams: C:\Users\Aris\AppData\Local:ma7cCFEHHtZ1hMVecwwWk
AlternateDataStreams: C:\Users\Aris\AppData\Local\Application Data:ma7cCFEHHtZ1hMVecwwWk
AlternateDataStreams: C:\Users\Aris\AppData\Local\OqvGtG6xlaR6N:8zVxuS1x7Lq2kdfBVCBgow
AlternateDataStreams: C:\Users\Aris\AppData\Local\Temp:cdgWvWfPtCcqjhP31ta5EjULPgZ
C:\Users\Aris\AppData\Local\Temp\pnwqahtfhe.vbs
C:\ProgramData\msocgc.exe
C:\Program Files (x86)\HulaToo
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download  Anti VBS/VBE to your desktop

  • download the appropriate version (32 bit or 64 bit) and double click the file to run it.
  • After a couple of seconds (might also take a whole minute if the machine is heavily infected and/or slow) a report will open in Notepad.
  • Post that report
Be aware this is a very new programme and as such is not recognised by any Antivirus or Windows, it is safe so allow it to run
Logged
Pages: [1]   Go Up
« previous next »