Hi,
i have a problem on my computer. Every time i turn it on a pop up website with tons of adds appears (dinoraptzor.org ) and i can’t get rid of him. When i unistall the browser i’m on it appears on the other and so on so on, it’s quit annoying. I use avast and search for it but it says that my pc is clean. Does anyone had this problem? How can i erase it from my pc? Please help.
Thx
Pondus
November 21, 2019, 11:39am
2
Install and run:
Malwarebytes AdwCleaner >> https://www.malwarebytes.com/adwcleaner/
also recomended Malwarebytes Antimalware, install and run free version >> https://www.malwarebytes.com/
Pondus
November 21, 2019, 11:42am
3
If you still have problems after doing the above then follow instructions in step #2 here and attach the two diagnostig logs from FRST >> https://forum.avast.com/index.php?topic=194892.0
Hello,
i tried the first option and din’t work, sitll appears when i start my computer.
I follow the steps and here are the results.
Pondus
November 21, 2019, 12:11pm
5
Malware expert @Sass Drake is notified and will check logs when he is online, it may take hours before he is online
Open Notepad (click Start button → type notepad.exe → press Enter )
Copy text from code block below and paste it into Notepad
HKU\S-1-5-21-1381026806-2505369906-469577330-1001\...\Run: [Adriano] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
Task: {9A6139E3-7399-4DFD-A5AD-CC4513EB7A43} - System32\Tasks\Adriano => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adriano /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
Task: {B2B1C095-4E96-49A2-A122-447AFD959F31} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe <==== ATTENTION
VirusTotal: C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe;
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe
Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
polonus
November 21, 2019, 5:50pm
7
Hi ahmunra79,
This site has been blacklisted -dinoraptzor.org
The infection and cleansing by Sass Drake has proven it is best to block and shun this site.
Threat that this Dutch/French website holds, is Threat Name:Web Attack:
Fake TechSupport Website
Location:htxps://dinoraptzor.org & hoster is French ISP online SAS. (Dutch ISP = online dot nl).
See all vulnerabilities for the hosted IP: https://www.shodan.io/host/163.172.85.109
10 red out of 10 Netcraft Risk Grade: https://toolbar.netcraft.com/site_report?url=163-172-85-109.rev.poneytelecom.eu
Consider also: https://securitytrails.com/list/ns/nsa.online.net
This for the website and webserver part of this threat,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Done what you said, here’s the file
What is system status now?
hi,
Everything looks normal now.
Thank you for all the help u give.