Please help "dinoraptzor.org"

Hi,

i have a problem on my computer. Every time i turn it on a pop up website with tons of adds appears (dinoraptzor.org) and i can’t get rid of him. When i unistall the browser i’m on it appears on the other and so on so on, it’s quit annoying. I use avast and search for it but it says that my pc is clean. Does anyone had this problem? How can i erase it from my pc? Please help.
Thx

Install and run:

Malwarebytes AdwCleaner >> https://www.malwarebytes.com/adwcleaner/

also recomended Malwarebytes Antimalware, install and run free version >> https://www.malwarebytes.com/

If you still have problems after doing the above then follow instructions in step #2 here and attach the two diagnostig logs from FRST >> https://forum.avast.com/index.php?topic=194892.0

Hello,

i tried the first option and din’t work, sitll appears when i start my computer.
I follow the steps and here are the results.

Malware expert @Sass Drake is notified and will check logs when he is online, it may take hours before he is online

  • Open Notepad (click Start button → type notepad.exe → press Enter)
  • Copy text from code block below and paste it into Notepad
HKU\S-1-5-21-1381026806-2505369906-469577330-1001\...\Run: [Adriano] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
Task: {9A6139E3-7399-4DFD-A5AD-CC4513EB7A43} - System32\Tasks\Adriano => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adriano /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
Task: {B2B1C095-4E96-49A2-A122-447AFD959F31} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe <==== ATTENTION
VirusTotal: C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe;
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe
  • Go to FileSave As
  • Make sure that UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Hi ahmunra79,

This site has been blacklisted -dinoraptzor.org

The infection and cleansing by Sass Drake has proven it is best to block and shun this site.
Threat that this Dutch/French website holds, is Threat Name:Web Attack:
Fake TechSupport Website
Location:htxps://dinoraptzor.org & hoster is French ISP online SAS. (Dutch ISP = online dot nl).

See all vulnerabilities for the hosted IP: https://www.shodan.io/host/163.172.85.109
10 red out of 10 Netcraft Risk Grade: https://toolbar.netcraft.com/site_report?url=163-172-85-109.rev.poneytelecom.eu
Consider also: https://securitytrails.com/list/ns/nsa.online.net

This for the website and webserver part of this threat,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Done what you said, here’s the file

What is system status now?

hi,
Everything looks normal now.
Thank you for all the help u give. :wink: :wink: