brucefidalgo Posted July 30, 2012 Report Share Posted July 30, 2012 When i have launched Chrome lately sometimes i have been seeing this instead of going to my home page. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 A most unwelcome welcome! It seems you have been infected by a browser hijacker. Most likely your Hosts files are corrupted and your DNS service has been changed. First look for any new or suspicious browser toolbars, add-ons or plug-ins and delete them, then run a full malware scan to detect and quarantine any threat(s). After that here is some instructions on how to get your Hosts files and DNS settings back to default: 1, Reboot computer in safe mode with networking. 2, Change DNS setting back to default. > Open Control Panel (Start->Control Panel). > Double-click “Network Connections” icon to open it. > Right click on “Local Area Connection” icon and select “Properties”. > Select “Internet Protocol (TCP/IP)” and click “Properties” button. > Choose “Obtain DNS server address automatically” and click OK. 3, Change HOSTS file back to normal. > Go to: C:WINDOWSsystem32driversetc. > Double-click “hosts” file to open it. Choose to open with Notepad. 4, Remove unknown or suspicious add-ons from your browsers. 5, Perform a full malware scan. 6, Clear all detected files and restart computer. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 If you have problems restoring your hosts files click here for a Microsoft support page that has a Fixit tool that just might work. If you want to do it manually here are the instructions: To reset the Hosts file back to the default, follow these steps: Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK. Rename the Hosts file to Hosts.old. Create a new default hosts file. To do this, follow these steps:Right-click an open space in the %WinDir%\System32\Drivers\Etc folder, point to New, click Text Document, type hosts, and then press Enter. Click Yes to confirm that the file name extension will not be .txt. Open the new Hosts file in a text editor. For example, open the file in Notepad. Copy the following text to the file: For Windows XP or for Windows Server 2003# Copyright 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost For Windows Vista or for Windows Server 2008# Copyright 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost For Windows 7# Copyright 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # ::1 localhost Save and then close the file. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 For Win 7 here is more detailed instructions on how to restore your DNS service back to default: Click on: Start > Control Panel > Network and Sharing Center > Local Area Connection > Properties > Internet Protocol Version 4 (TCP/IPv4) > Obtain DNS server address automatically > OK and then a restart is necessary to effect the change. After you have restored your DNS service and Hosts files open your browser's general settings and manually type in the URL for your homepage again if it has been changed and that should do it. Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 For Win 7 here is more detailed instructions on how to restore your DNS service back to default: Click on: Start > Control Panel > Network and Sharing Center > Local Area Connection > Properties > Internet Protocol Version 4 (TCP/IPv4) > Obtain DNS server address automatically > OK and then a restart is necessary to effect the change. i have W7 and this does not happen all the time. It started to happen about the time i went wireless for the first time and did not use the norton dns that i use on my hard wired LAN. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 Did you install any new browser toolbars or add-ons recently? That's a prime source for a browser hijacker attack, a malicious app. Also once you restore your DNS service you should be able to go back to using Norton's service. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 With firefox I have a free add-on called BrowserProtect that prevents this type of browser manipulation from occurring. The Premium version of this add-on works with Chrome and IE too. Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 Did you install any new browser add-ons recently? That's a prime source for a browser hijacker attack, a malicious add-on. i have a lot of chrome extensions and get auto updates almost daily. i think the K9 app hard coded something to 127.0.0.1?? after i installed it and from what i read on web. Hitman pro shows a dozen or more host files changes i think it said the last time i ran it. i ignored it because i thought K9 did it as some sort of Proxy.. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 It seems very, very suspicious to me that this app wanted to change your Hosts files. I would venture to guess that is your culprit. What does this add-on do? If it isn't a "must have" add-on I would just delete the thing and be done with it. A browser homepage redirect is nothing to ignore. You could be redirected to servers run by criminals just waiting for you to visit a web site where you have to type in personal data (such as your bank or Pay Pal account for instance) that they then could exploit! Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 It seems very, very suspicious to me that this app wanted to change your Hosts files. I would venture to guess that is your culprit. What does this add-on do? If it isn't a "must have" add-on I would just delete the thing and be done with it. A browser homepage redirect is nothing to ignore. You could be redirected to servers run by criminals just waiting for you to visit a web site where you have to type in personal data (such as your bank or Pay Pal account for instance) that they then could exploit! http://productforums.google.com/forum/#!topic/chrome/OauhYcvvrdE Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 http://productforums.google.com/forum/#!topic/chrome/OauhYcvvrdE http://www.fixspywarenow.com/2011/08/02/urlseek-vmn-net-removal-how-to-remove-urlseek-vmn-net-removal-instructions/ Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 That's kinda weird Bruce. There was no support response to the user's inquiry. He posted that way back on the 7th of this month! At least now you know you're not the only one that has encountered this hijacker. PC Tools's offers some interesting advice and tools for dealing with this malware. If you're going that route but have no luck I would recommend using Emsisoft's Free Emergency Kit 2.0. Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 http://www.fixspywarenow.com/2011/08/02/urlseek-vmn-net-removal-how-to-remove-urlseek-vmn-net-removal-instructions/ http://computerboom.blogspot.com/2009/09/solved-remove-httpurlseek40vmnnet-from.html Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 http://computerboom.blogspot.com/2009/09/solved-remove-httpurlseek40vmnnet-from.html Welcome to urlseek .254 nginx! I just got this message in chrome but not in Dragon which i am on now.. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 I've never heard of this oovooo toolbar before. Looking at other forum users responses after using the toolbar themselves this program definitely has a very close variant or the same malicious code! Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 That's interesting. Firefox and Chrome seem to be vulnerable but not your Dragon browser. Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 That's interesting. Firefox and Chrome seem to be vulnerable but not your Dragon browser. i am back on chrome and can get on net after using ccleaner to flush out chrome cache. This worked before also for a while until it happened again.. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 Have you tried running full malware scans yet? I would do that before any restoration takes place. Don't forget about the free version of "Malwarebytes!" It makes a great additional on-demand scanner too. You could try running MB in Safe Mode without Networking after installing and updating the program. Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 Have you tried running full malware scans yet? I would do that before any restoration takes place. Don't forget about the free version of "Malwarebytes!" It makes a great additional on-demand scanner too. You could try running MB in Safe Mode without Networking after installing and updating the program. i did a quick scan with MBAM a few times this week for this. i have to hit the sack. When i wake up i might do a full scan with MBAM..lol Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 Ok, but I still think it would be better if you run a full scan with MB in Safe Mode without Networking. Link to comment Share on other sites More sharing options...
ritchie58 Posted July 30, 2012 Report Share Posted July 30, 2012 I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility. Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.30.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Bruce :: BRUCE-PC [administrator] 7/30/2012 4:40:57 PM mbam-log-2012-07-30 (16-40-57).txt Scan type: Full scan (C:\|X:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 289422 Time elapsed: 20 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Link to comment Share on other sites More sharing options...
brucefidalgo Posted July 30, 2012 Author Report Share Posted July 30, 2012 I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility. From what i have read K9 is a great app whether you have kids or not and i suggest everyone use it..lol. i do have a bit of redundancy with cloud url filters and suggest everyone do it..lol..The K9 and Panda cloud url filters don't seem to conflict and don't slow me down so why not layer them and have some fun. All Browsers have cloud url filters like chrome, dragon and IE9. i turn all these off and use my own like K9 and the panda cloud url filter, and the G Data Cloud Url Filter.. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.