Author Topic: Please help "dinoraptzor.org"  (Read 3384 times)

0 Members and 1 Guest are viewing this topic.

Offline ahmunra79

  • Newbie
  • *
  • Posts: 4
Please help "dinoraptzor.org"
« on: November 21, 2019, 12:28:08 PM »
Hi,

i have a problem on my computer. Every time i turn it on a pop up website with tons of adds appears (dinoraptzor.org) and i can't get rid of him. When i unistall the browser i'm on it appears on the other and so on so on, it's quit annoying. I use avast and search for it but it says that my pc is clean. Does anyone had this problem? How can i erase it from my pc? Please help.
Thx

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Please help "dinoraptzor.org"
« Reply #1 on: November 21, 2019, 12:39:51 PM »
Install and run:

Malwarebytes AdwCleaner  >>  https://www.malwarebytes.com/adwcleaner/

also recomended Malwarebytes Antimalware, install and run free version  >>  https://www.malwarebytes.com/



Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Please help "dinoraptzor.org"
« Reply #2 on: November 21, 2019, 12:42:30 PM »
If you still have problems after doing the above then follow instructions in step #2 here and attach the two diagnostig logs from FRST  >>  https://forum.avast.com/index.php?topic=194892.0





Offline ahmunra79

  • Newbie
  • *
  • Posts: 4
Re: Please help "dinoraptzor.org"
« Reply #3 on: November 21, 2019, 01:00:31 PM »
Hello,

i tried the first option and din't work, sitll appears when i start my computer.
I follow the steps and here are the results.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Please help "dinoraptzor.org"
« Reply #4 on: November 21, 2019, 01:11:47 PM »
Malware expert @Sass Drake is notified and will check logs when he is online, it may take hours before he is online


« Last Edit: November 21, 2019, 01:13:30 PM by Pondus »

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Please help "dinoraptzor.org"
« Reply #5 on: November 21, 2019, 02:09:07 PM »
  • Open Notepad (click Start button -> type notepad.exe -> press Enter)
  • Copy text from code block below and paste it into Notepad
Code: [Select]
HKU\S-1-5-21-1381026806-2505369906-469577330-1001\...\Run: [Adriano] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
Task: {9A6139E3-7399-4DFD-A5AD-CC4513EB7A43} - System32\Tasks\Adriano => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adriano /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
Task: {B2B1C095-4E96-49A2-A122-447AFD959F31} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe <==== ATTENTION
VirusTotal: C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe;
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe
  • Go to File -> Save As
  • Make sure that  UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Please help "dinoraptzor.org"
« Reply #6 on: November 21, 2019, 06:50:49 PM »
Hi ahmunra79,

This site has been blacklisted -dinoraptzor.org

The infection and cleansing by Sass Drake has proven it is best to block and shun this site.
Threat that this Dutch/French website holds, is Threat Name:Web Attack:
Fake TechSupport Website
Location:htxps://dinoraptzor.org  &  hoster is French ISP online SAS. (Dutch ISP = online dot nl).

See all vulnerabilities for the hosted IP: https://www.shodan.io/host/163.172.85.109
10 red out of 10 Netcraft Risk Grade: https://toolbar.netcraft.com/site_report?url=163-172-85-109.rev.poneytelecom.eu
Consider also: https://securitytrails.com/list/ns/nsa.online.net

This for the website and webserver part of this threat,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline ahmunra79

  • Newbie
  • *
  • Posts: 4
Re: Please help "dinoraptzor.org"
« Reply #7 on: November 21, 2019, 10:40:54 PM »
  • Open Notepad (click Start button -> type notepad.exe -> press Enter)
  • Copy text from code block below and paste it into Notepad
Code: [Select]
HKU\S-1-5-21-1381026806-2505369906-469577330-1001\...\Run: [Adriano] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
Task: {9A6139E3-7399-4DFD-A5AD-CC4513EB7A43} - System32\Tasks\Adriano => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adriano /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
Task: {B2B1C095-4E96-49A2-A122-447AFD959F31} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineUP => C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe <==== ATTENTION
VirusTotal: C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe;
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
C:\Windows\SysWOW64\Microsoft\Protect\S-1-38-51\RB_1.3.91.71.exe
  • Go to File -> Save As
  • Make sure that  UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Done what you said, here's the file

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Please help "dinoraptzor.org"
« Reply #8 on: November 22, 2019, 01:56:22 AM »
What is system status now?

Offline ahmunra79

  • Newbie
  • *
  • Posts: 4
Re: Please help "dinoraptzor.org"
« Reply #9 on: November 23, 2019, 01:18:50 PM »
hi,
Everything looks normal now.
Thank you for all the help u give. ;) ;)