Problem with differentia.ru

[adikolo 0]

Hello!

 

I have a problem with malware "differentia.ru". My Eset Smart Security pops up every 30 s and says that: "Adress hxxp://differentia.ru/diff.phphas been blocked" It is really annoying. Following the instrctions on the other topic on this forum I run the Farbar Security Scan Tool and did the scan. I attach the two txt files.

 

Can anyone help me please?

FRST.txt

Addition.txt

[Marcos 5,070]

First of all, please update ESET and run a full disk scan. If no malware is found, collect logs using ESET Log Collector as per the instructions here and drop me a pm with the output archive attached.

Also enclose the file C:\ProgramData\mscnzdbiu.exe.

Then start Windows in safe mode and rename the above mentioned file to mscnzdbiu.ex for instance so that it's not started automatically with Windows. Most likely that's the malware which is attempting to access the website blocked by ESET.

[Maniac 2]

Hello adikolo and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Step 1

Before we proceed further, we should take care for some remnants from your old antivirus program - Avast.

• Download avastclear.exe on your desktop
• Start your Windows in Safe Mode
• Open (execute) the uninstall utility
• If you installed Avast in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
• Click REMOVE
• Restart your computer

Step 2

Please uninstall this program: Aide PDF to DXF Converter 9.6 Packages

Step 3

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 4

Please make sure your ESET NOD32 Antivirus is up-to-date and perofrm a full system scan. Let me know about the scan results.

fixlist.txt

[Marcos 5,070]

Please do not follow the advice above unless we are able to get the file for analysis and solve the issue ourselves.

[Maniac 2]

Please do not follow the advice above unless we are able to get the file for analysis and solve the issue ourselves.

This tool makes backup for all removed entries, so we can send them to the ESET lab. Did the same way here:

https://forum.eset.com/topic/4939-usb-flash-drive-virus/

I posted the result too:

 

Hello Majama,

I would like to tell you that there are already results from the samples we took from your system. It is already in latest updates from ESET - Win32/TrojanDownloader.Wauchos.AK .

I recommend you to perform a full system scan to make sure that your system is already clean.

A little later Symantec added it too: 2 / 57

Edited June 15, 2015 by Maniac

[Alice Bonnie 0]

Hi, I'm Bonnie. I'm glad to answer for you. Computer gets infected with malware is really an annoying thing. To deal with such stubborn browser hijacker, you can reset your browser to default setting. I show you the detailed steps below.
 
For IE
 
Step1. Click Tools menu and then select Internet Options.
 
Step2. Click Advanced tab and then click Reset button, 
 
For Firefox
 
Step1. Click the menu button at the upper right corner and then click the help icon located in the lower right corner.
 
Step2. Select Troubleshooting Information.
 
Step3. Click Refresh Firefox.
 
For Chrome
 
Step1. Click the menu button at the upper right corner and then choose Settings from the list.
 
Step2. Scroll down to the bottom and click Show advanced settings.
 
Step3. Continue scrolling down the bottom and click Reset setting button.
 
Besides, you still need to run your security program to scan your PC and check whether there are any suspicious programs in your computer. Good luck to you.


Moderator EDIT: Following this advice will also reset all your browser preferences, bookmarked pages, browsing history, saved data, etc.

Edited May 9, 2016 by TomasP