Jump to content

Welcome To Urlseek .168 Nginx!


brucefidalgo

Recommended Posts

A most unwelcome welcome! It seems you have been infected by a browser hijacker. Most likely your Hosts files are corrupted and your DNS service has been changed. First look for any new or suspicious browser toolbars, add-ons or plug-ins and delete them, then run a full malware scan to detect and quarantine any threat(s). After that here is some instructions on how to get your Hosts files and DNS settings back to default:

1, Reboot computer in safe mode with networking.

 

2, Change DNS setting back to default.

 

> Open Control Panel (Start->Control Panel).

 

> Double-click “Network Connections” icon to open it.

 

> Right click on “Local Area Connection” icon and select “Properties”.

 

> Select “Internet Protocol (TCP/IP)” and click “Properties” button.

 

> Choose “Obtain DNS server address automatically” and click OK.

 

3, Change HOSTS file back to normal.

 

> Go to: C:WINDOWSsystem32driversetc.

 

> Double-click “hosts” file to open it. Choose to open with Notepad.

 

4, Remove unknown or suspicious add-ons from your browsers.

 

5, Perform a full malware scan.

 

6, Clear all detected files and restart computer.

Link to comment
Share on other sites

If you have problems restoring your hosts files click here for a Microsoft support page that has a Fixit tool that just might work. If you want to do it manually here are the instructions: To reset the Hosts file back to the default, follow these steps:

  1. Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.
  2. Rename the Hosts file to Hosts.old.
  3. Create a new default hosts file. To do this, follow these steps:
    1. Right-click an open space in the %WinDir%\System32\Drivers\Etc folder, point to New, click Text Document, type hosts, and then press Enter.
    2. Click Yes to confirm that the file name extension will not be .txt.
    3. Open the new Hosts file in a text editor. For example, open the file in Notepad.
    4. Copy the following text to the file:
       
      For Windows XP or for Windows Server 2003# Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost For Windows Vista or for Windows Server 2008# Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ::1 localhost For Windows 7# Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handle within DNS itself. # 127.0.0.1 localhost # ::1 localhost
    5. Save and then close the file.

Link to comment
Share on other sites

For Win 7 here is more detailed instructions on how to restore your DNS service back to default: Click on: Start > Control Panel > Network and Sharing Center > Local Area Connection > Properties > Internet Protocol Version 4 (TCP/IPv4) > Obtain DNS server address automatically > OK and then a restart is necessary to effect the change. After you have restored your DNS service and Hosts files open your browser's general settings and manually type in the URL for your homepage again if it has been changed and that should do it.

Link to comment
Share on other sites

For Win 7 here is more detailed instructions on how to restore your DNS service back to default: Click on: Start > Control Panel > Network and Sharing Center > Local Area Connection > Properties > Internet Protocol Version 4 (TCP/IPv4) > Obtain DNS server address automatically > OK and then a restart is necessary to effect the change.

i have W7 and this does not happen all the time. It started to happen about the time i went wireless for the first time and did not use the norton dns that i use on my hard wired LAN.

Link to comment
Share on other sites

Did you install any new browser add-ons recently? That's a prime source for a browser hijacker attack, a malicious add-on.

i have a lot of chrome extensions and get auto updates almost daily. i think the K9 app hard coded something to 127.0.0.1?? after i installed it and from what i read on web. Hitman pro shows a dozen or more host files changes i think it said the last time i ran it. i ignored it because i thought K9 did it as some sort of Proxy..

Link to comment
Share on other sites

It seems very, very suspicious to me that this app wanted to change your Hosts files. I would venture to guess that is your culprit. What does this add-on do? If it isn't a "must have" add-on I would just delete the thing and be done with it. A browser homepage redirect is nothing to ignore. You could be redirected to servers run by criminals just waiting for you to visit a web site where you have to type in personal data (such as your bank or Pay Pal account for instance) that they then could exploit!

Link to comment
Share on other sites

It seems very, very suspicious to me that this app wanted to change your Hosts files. I would venture to guess that is your culprit. What does this add-on do? If it isn't a "must have" add-on I would just delete the thing and be done with it. A browser homepage redirect is nothing to ignore. You could be redirected to servers run by criminals just waiting for you to visit a web site where you have to type in personal data (such as your bank or Pay Pal account for instance) that they then could exploit!

http://productforums.google.com/forum/#!topic/chrome/OauhYcvvrdE

Link to comment
Share on other sites

That's kinda weird Bruce. There was no support response to the user's inquiry. He posted that way back on the 7th of this month! At least now you know you're not the only one that has encountered this hijacker. PC Tools's offers some interesting advice and tools for dealing with this malware. If you're going that route but have no luck I would recommend using Emsisoft's Free Emergency Kit 2.0.

Link to comment
Share on other sites

That's interesting. Firefox and Chrome seem to be vulnerable but not your Dragon browser.

i am back on chrome and can get on net after using ccleaner to flush out chrome cache. This worked before also for a while until it happened again..

Link to comment
Share on other sites

Have you tried running full malware scans yet? I would do that before any restoration takes place. Don't forget about the free version of "Malwarebytes!" It makes a great additional on-demand scanner too. You could try running MB in Safe Mode without Networking after installing and updating the program.

Link to comment
Share on other sites

Have you tried running full malware scans yet? I would do that before any restoration takes place. Don't forget about the free version of "Malwarebytes!" It makes a great additional on-demand scanner too. You could try running MB in Safe Mode without Networking after installing and updating the program.

i did a quick scan with MBAM a few times this week for this. i have to hit the sack. When i wake up i might do a full scan with MBAM..lol

Link to comment
Share on other sites

I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility.

Link to comment
Share on other sites

I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

 

Database version: v2012.07.30.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bruce :: BRUCE-PC [administrator]

 

7/30/2012 4:40:57 PM

mbam-log-2012-07-30 (16-40-57).txt

 

Scan type: Full scan (C:\|X:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 289422

Time elapsed: 20 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to comment
Share on other sites

I did some research on that K9 Web Protection and it seems to be a legit web site/content blocking program for parents to use on their children's PC's. Unless you have kids that use your computer and you were concerned about what they were viewing I don't see why you installed that software in the first place. Especially since you use a secure DNS service too. It's just my opinion but that seems like a little bit of redundancy going on to me unless, of course, you do have little web surfers to worry about.. So that means it could be something else other than K9 redirecting your browser or K9's servers have been hacked. Unlikely they've been hacked, but it is a possibility.

From what i have read K9 is a great app whether you have kids or not and i suggest everyone use it..lol. i do have a bit of redundancy with cloud url filters and suggest everyone do it..lol..The K9 and Panda cloud url filters don't seem to conflict and don't slow me down so why not layer them and have some fun. All Browsers have cloud url filters like chrome, dragon and IE9. i turn all these off and use my own like K9 and the panda cloud url filter, and the G Data Cloud Url Filter..

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...