Welcome To Urlseek .168 Nginx!

[brucefidalgo]

When i have launched Chrome lately sometimes i have been seeing this instead of going to my home page.

[ritchie58]

A most unwelcome welcome! It seems you have been infected by a browser hijacker. Most likely your Hosts files are corrupted and your DNS service has been changed. First look for any new or suspicious browser toolbars, add-ons or plug-ins and delete them, then run a full malware scan to detect and quarantine any threat(s). After that here is some instructions on how to get your Hosts files and DNS settings back to default:

1, Reboot computer in safe mode with networking.

 

2, Change DNS setting back to default.

 

> Open Control Panel (Start->Control Panel).

 

> Double-click “Network Connections” icon to open it.

 

> Right click on “Local Area Connection” icon and select “Properties”.

 

> Select “Internet Protocol (TCP/IP)” and click “Properties” button.

 

> Choose “Obtain DNS server address automatically” and click OK.

 

3, Change HOSTS file back to normal.

 

> Go to: C:WINDOWSsystem32driversetc.

 

> Double-click “hosts” file to open it. Choose to open with Notepad.

 

4, Remove unknown or suspicious add-ons from your browsers.

 

5, Perform a full malware scan.

 

6, Clear all detected files and restart computer.

[ritchie58]

If you have problems restoring your hosts files click here for a Microsoft support page that has a Fixit tool that just might work. If you want to do it manually here are the instructions: To reset the Hosts file back to the default, follow these steps:

1. Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.
2. Rename the Hosts file to Hosts.old.
3. Create a new default hosts file. To do this, follow these steps:
   1. Right-click an open space in the %WinDir%\System32\Drivers\Etc folder, point to New, click Text Document, type hosts, and then press Enter.
   2. Click Yes to confirm that the file name extension will not be .txt.
   3. Open the new Hosts file in a text editor. For example, open the file in Notepad.
   4. Copy the following text to the file:
       
      For Windows XP or for Windows Server 2003# Copyright 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost For Windows Vista or for Windows Server 2008# Copyright 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost For Windows 7# Copyright 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # ::1 localhost
   5. Save and then close the file.

[ritchie58]

For Win 7 here is more detailed instructions on how to restore your DNS service back to default: Click on: Start > Control Panel > Network and Sharing Center > Local Area Connection > Properties > Internet Protocol Version 4 (TCP/IPv4) > Obtain DNS server address automatically > OK and then a restart is necessary to effect the change. After you have restored your DNS service and Hosts files open your browser's general settings and manually type in the URL for your homepage again if it has been changed and that should do it.

[brucefidalgo]

For Win 7 here is more detailed instructions on how to restore your DNS service back to default: Click on: Start > Control Panel > Network and Sharing Center > Local Area Connection > Properties > Internet Protocol Version 4 (TCP/IPv4) > Obtain DNS server address automatically > OK and then a restart is necessary to effect the change.

i have W7 and this does not happen all the time. It started to happen about the time i went wireless for the first time and did not use the norton dns that i use on my hard wired LAN.

[ritchie58]

Did you install any new browser toolbars or add-ons recently? That's a prime source for a browser hijacker attack, a malicious app. Also once you restore your DNS service you should be able to go back to using Norton's service.

[ritchie58]

With firefox I have a free add-on called BrowserProtect that prevents this type of browser manipulation from occurring. The Premium version of this add-on works with Chrome and IE too.

[brucefidalgo]

Did you install any new browser add-ons recently? That's a prime source for a browser hijacker attack, a malicious add-on.

i have a lot of chrome extensions and get auto updates almost daily. i think the K9 app hard coded something to 127.0.0.1?? after i installed it and from what i read on web. Hitman pro shows a dozen or more host files changes i think it said the last time i ran it. i ignored it because i thought K9 did it as some sort of Proxy..

[ritchie58]

It seems very, very suspicious to me that this app wanted to change your Hosts files. I would venture to guess that is your culprit. What does this add-on do? If it isn't a "must have" add-on I would just delete the thing and be done with it. A browser homepage redirect is nothing to ignore. You could be redirected to servers run by criminals just waiting for you to visit a web site where you have to type in personal data (such as your bank or Pay Pal account for instance) that they then could exploit!

[brucefidalgo]

It seems very, very suspicious to me that this app wanted to change your Hosts files. I would venture to guess that is your culprit. What does this add-on do? If it isn't a "must have" add-on I would just delete the thing and be done with it. A browser homepage redirect is nothing to ignore. You could be redirected to servers run by criminals just waiting for you to visit a web site where you have to type in personal data (such as your bank or Pay Pal account for instance) that they then could exploit!

http://productforums.google.com/forum/#!topic/chrome/OauhYcvvrdE

[brucefidalgo]

http://productforums.google.com/forum/#!topic/chrome/OauhYcvvrdE

http://www.fixspywarenow.com/2011/08/02/urlseek-vmn-net-removal-how-to-remove-urlseek-vmn-net-removal-instructions/

[ritchie58]

That's kinda weird Bruce. There was no support response to the user's inquiry. He posted that way back on the 7th of this month! At least now you know you're not the only one that has encountered this hijacker. PC Tools's offers some interesting advice and tools for dealing with this malware. If you're going that route but have no luck I would recommend using Emsisoft's Free Emergency Kit 2.0.

[brucefidalgo]

http://www.fixspywarenow.com/2011/08/02/urlseek-vmn-net-removal-how-to-remove-urlseek-vmn-net-removal-instructions/

http://computerboom.blogspot.com/2009/09/solved-remove-httpurlseek40vmnnet-from.html

[brucefidalgo]

http://computerboom.blogspot.com/2009/09/solved-remove-httpurlseek40vmnnet-from.html

Welcome to urlseek .254 nginx! I just got this message in chrome but not in Dragon which i am on now..

[ritchie58]

I've never heard of this oovooo toolbar before. Looking at other forum users responses after using the toolbar themselves this program definitely has a very close variant or the same malicious code!

[ritchie58]

That's interesting. Firefox and Chrome seem to be vulnerable but not your Dragon browser.

[brucefidalgo]

That's interesting. Firefox and Chrome seem to be vulnerable but not your Dragon browser.

i am back on chrome and can get on net after using ccleaner to flush out chrome cache. This worked before also for a while until it happened again..

[ritchie58]

Have you tried running full malware scans yet? I would do that before any restoration takes place. Don't forget about the free version of "Malwarebytes!" It makes a great additional on-demand scanner too. You could try running MB in Safe Mode without Networking after installing and updating the program.

[brucefidalgo]

Have you tried running full malware scans yet? I would do that before any restoration takes place. Don't forget about the free version of "Malwarebytes!" It makes a great additional on-demand scanner too. You could try running MB in Safe Mode without Networking after installing and updating the program.

i did a quick scan with MBAM a few times this week for this. i have to hit the sack. When i wake up i might do a full scan with MBAM..lol

[ritchie58]

Ok, but I still think it would be better if you run a full scan with MB in Safe Mode without Networking.

[ritchie58]

I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility.

[brucefidalgo]

I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

 

Database version: v2012.07.30.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bruce :: BRUCE-PC [administrator]

 

7/30/2012 4:40:57 PM

mbam-log-2012-07-30 (16-40-57).txt

 

Scan type: Full scan (C:\|X:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 289422

Time elapsed: 20 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[brucefidalgo]

I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility.

From what i have read K9 is a great app whether you have kids or not and i suggest everyone use it..lol. i do have a bit of redundancy with cloud url filters and suggest everyone do it..lol..The K9 and Panda cloud url filters don't seem to conflict and don't slow me down so why not layer them and have some fun. All Browsers have cloud url filters like chrome, dragon and IE9. i turn all these off and use my own like K9 and the panda cloud url filter, and the G Data Cloud Url Filter..