Avast WEBforum
Other => Viruses and worms => Topic started by: ahmunra79 on November 21, 2019, 12:28:08 PM
-
Hi,
i have a problem on my computer. Every time i turn it on a pop up website with tons of adds appears (dinoraptzor.org) and i can't get rid of him. When i unistall the browser i'm on it appears on the other and so on so on, it's quit annoying. I use avast and search for it but it says that my pc is clean. Does anyone had this problem? How can i erase it from my pc? Please help.
Thx
-
Install and run:
Malwarebytes AdwCleaner >> https://www.malwarebytes.com/adwcleaner/
also recomended Malwarebytes Antimalware, install and run free version >> https://www.malwarebytes.com/
-
If you still have problems after doing the above then follow instructions in step #2 here and attach the two diagnostig logs from FRST >> https://forum.avast.com/index.php?topic=194892.0
-
Hello,
i tried the first option and din't work, sitll appears when i start my computer.
I follow the steps and here are the results.
-
Malware expert @Sass Drake is notified and will check logs when he is online, it may take hours before he is online
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
HKU\S-1-5-21-1381026806-2505369906-469577330-1001\...\Run: [Adriano] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
Task: {9A6139E3-7399-4DFD-A5AD-CC4513EB7A43} - System32\Tasks\Adriano => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adriano /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
Task: {B2B1C095-4E96-49A2-A122-447AFD959F31} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe <==== ATTENTION
VirusTotal: C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe;
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
Hi ahmunra79,
This site has been blacklisted -dinoraptzor.org
The infection and cleansing by Sass Drake has proven it is best to block and shun this site.
Threat that this Dutch/French website holds, is Threat Name:Web Attack:
Fake TechSupport Website
Location:htxps://dinoraptzor.org & hoster is French ISP online SAS. (Dutch ISP = online dot nl).
See all vulnerabilities for the hosted IP: https://www.shodan.io/host/163.172.85.109
10 red out of 10 Netcraft Risk Grade: https://toolbar.netcraft.com/site_report?url=163-172-85-109.rev.poneytelecom.eu
Consider also: https://securitytrails.com/list/ns/nsa.online.net
This for the website and webserver part of this threat,
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
HKU\S-1-5-21-1381026806-2505369906-469577330-1001\...\Run: [Adriano] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
Task: {9A6139E3-7399-4DFD-A5AD-CC4513EB7A43} - System32\Tasks\Adriano => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adriano /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
Task: {B2B1C095-4E96-49A2-A122-447AFD959F31} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe <==== ATTENTION
VirusTotal: C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe;
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Done what you said, here's the file
-
What is system status now?
-
hi,
Everything looks normal now.
Thank you for all the help u give. ;) ;)