please help http;//atomictrivia.ru/atomic.php and http://differentia.ru/diff.php

Viruses and worms
1

I’ve got http;//atomictrivia.ru/atomic.php and http://differentia.ru/diff.php from flash drive. Avast Antivirus popping up a warning every few minutes

2

follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs … 3 logs total

see below the box you write in … Attachments and other options

then scoll down to … SPECIFIC INFECTIONS LOGS … follow MCShield instructions
this log you copy and paste

3

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-09-03 11:37:21

11:37:21.794 OS Version: Windows x64 6.1.7601 Service Pack 1
11:37:21.794 Number of processors: 4 586 0x2A07
11:37:21.794 ComputerName: KAMOL-PC UserName: kamol
11:37:23.374 Initialize success
11:37:23.454 VM: initialized successfully
11:37:23.464 VM: Intel CPU BiosDisabled
11:37:27.494 AVAST engine defs: 15090201
11:37:40.079 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
11:37:40.089 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA50A Size: 610480MB BusType: 11
11:37:40.239 Disk 0 MBR read successfully
11:37:40.249 Disk 0 MBR scan
11:37:40.259 Disk 0 Windows 7 default MBR code
11:37:40.259 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:37:40.289 Disk 0 default boot code
11:37:40.299 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149900 MB offset 206848
11:37:40.339 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460478 MB offset 307202048
11:37:40.469 Disk 0 scanning C:\Windows\system32\drivers
11:37:51.484 Service scanning
11:38:20.061 Modules scanning
11:38:20.081 Disk 0 trace - called modules:
11:38:20.111 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:38:20.111 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8004f37060]
11:38:20.121 3 CLASSPNP.SYS[fffff8800199c43f] → nt!IofCallDriver → [0xfffffa8005098b10]
11:38:20.131 5 hpdskflt.sys[fffff88001943189] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004f63060]
11:38:20.661 AVAST engine scan C:\Windows
11:38:22.341 AVAST engine scan C:\Windows\system32
11:41:38.418 AVAST engine scan C:\Windows\system32\drivers
11:41:52.134 AVAST engine scan C:\Users\kamol
11:42:58.089 Disk 0 MBR has been saved successfully to “C:\Users\kamol\Desktop\MBR.dat”
11:42:58.199 The log file has been saved successfully to “C:\Users\kamol\Desktop\aswMBR.txt”

4

Need the other three logs please.

5

Sorry, Here you are.

6

Please check and see if there is a complete FRST.txt file either on the desktop or in the C:\FRST\logs directory. The file attached is not complete.

Also, did you not scan with Malwarebytes Antimalware?

7

Please help, i’m do it again.

8

Thanks for the fresh logs!

[b]First, Reset Chrome Start URLS[/b]

If Chrome was giving you problems then the best thing to do is to manually check the settings and adjust them if you find anything you did not install or use any more. Our scanners / script programs can fix Chrome but by removing some things from outside of Chrome’s own settings, there is a chance of corrupting the user profile and making Chrome not start up properly.

Home Page - The Home Page is the page that the browser will open whenever you tell it start up. When you first open the browser, it loads your Home Page that is set in the browser’s properties. To change the Home Page for Google Chrome, follow these directions:

  1. Open Chrome and click on the menu button in the upper right corner of the browser. The Menu Button looks like three bars (see below).

http://i1351.photobucket.com/albums/p785/dbreeze2/Google%20Chrome%20Settings/Menubutton_zps786b9612.jpg

  1. On the Menu that opens down, click on Settings to open the Settings page in Chrome.

http://i1351.photobucket.com/albums/p785/dbreeze2/Google%20Chrome%20Settings/Menudropdown_zps78855c3e.jpg

  1. Look for the Appearance section in the Settings page and make sure the Show Home button box is checked. Then click on the blue Change next to New Tab Page.

http://i1351.photobucket.com/albums/p785/dbreeze2/Google%20Chrome%20Settings/Appearance_zps348843d2.jpg

  1. A box will pop up and allow you to either set a New Tab Page as your home page or type a URL address for a Home Page ( for example, you could enter www.google.com there to set Google as your home page). Click OK when you have made the setting you want and the box will close. Close the Settings page when you are done making the changes to the Home Page.

http://i1351.photobucket.com/albums/p785/dbreeze2/Google%20Chrome%20Settings/Homepagesetting_zps4f152998.jpg

Second, Run a FRST Fixlist script

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Third, An AdwCleaner scan

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v4111_zpsn56hzjza.png

- Click the [b]Scan[/b] button and wait for the scan to finish.
- After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: [b]Waiting for action. Please uncheck elements you don't want to remove.[/b]
- Click the [b]Clean[/b] button.
- [b]Everything checked[/b] will be deleted.
- When the program has finished cleaning a report appears.
- Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

  • On reboot a log will be produced; please attach that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

9

every things seem to be clear, Thank you very much.

10

If your system is fine with you now, let’s clean the tools off of it and get you going again …

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[]Activate UAC
[]Create registry backup
[]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

11

Thanks for tour help.