Dinoraptzor Malware

[lazeho]

Hello guys at least 5 month i have the problem that sometimes windows/ virus put the cmd.exe into starup and run mit these exe and command which open the dinoraptzor website.
I used hijacked before to find the registry input, and i removed it from the tasks but sometimes when i use my pc it pop up for less then one second the cmd konsole and if i look up the cmd exe is again in startup.
Know i hope FRST tool and you guys can help me to remove this malware permanent.
I ve put these FRST Scan files in the attachments.

[Michael (alan1998)]

Hello Lazeho,

Sorry that no one got around to you earlier. I have asked Sass Drake to drop by and assist you. You'll likely hear from him tomorrow.

I do have to ask though, why do you have a Java Decompiler and a port scanner installed on your system?

2017-08-16 19:48 - 2018-07-10 15:42 - 000001379 _____ () C:\Users\lazeh\AppData\Roaming\jd-gui.cfg
2017-12-26 02:25 - 2017-12-26 02:25 - 000000000 _____ () C:\Users\lazeh\AppData\Local\zenmap.exe.log

Zenmap is the GUI version of the infamous nmap application, and jd-gui is used for decompling Java applications. To be clear, both applications are legitimate (they can be found in a KALI install, or easily downloaded)

I would not recommend using applications like: MegaPack Cracking Tools.exe if you're looking to get into cracking/hacking. HackTheBox is a good utility to learn (and has free options). I might recommend KALI Linux if you're into it. It's built to break into systems. Full range of port scanners, proxy applications, CMB tools, LDAP, AD, etc

[polonus]

Hi Michael (allan1998),

Hacking using Kali linux can also be a legit exercise, when the person is training to be or is a trained security pen-tester/researcher. In that case one should always have full written permission from those you perform pentests for.

So does not have to mean necessarily he is in black or grey hat hacking,
could as well be a white hat or pentester for that matter.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

P.S. Mine was a general comment on the legit use of KALI. Go a-cracking with KALI is a big no-no, I will add that.
Same as using XSSight for automated XSS Scanning and to combine it with a payload.injector of sorts.
That is similar abuse. Remember that this is the official avast av forums, not hacker's sub-divison info-ground.

Damian

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

HKU\S-1-5-21-247619900-3785855006-1016407150-1001\...\Run: [19Cent] => cmd.exe /c start www.dinoraptzor.org
GroupPolicy: Beschränkung ? <==== ACHTUNG
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG


• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.