| JREF Homepage | Swift Blog | Events Calendar | $1 Million Paranormal Challenge | The Amaz!ng Meeting | Useful Links | Support Us |
 |
|
| JREF Homepage | Swift Blog | Events Calendar | $1 Million Paranormal Challenge | The Amaz!ng Meeting | Useful Links | Support Us |
|
|
|
|
|||||||
| Notices |
|
Advertisement
|
| Welcome to the JREF Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today. |
2nd June 2012, 10:59 AM
|
#1 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
What's happened to my homepage?
Whenever I try to go to my Yahoo homepage (http://uk.yahoo.com), I get a "Welcome to Nginx" message.
Anybody got any ideas? |
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
2nd June 2012, 11:20 AM
|
#2 |
|
Master Poster
Join Date: Oct 2003
Location: In the dark, dark forest....
Posts: 2,289
|
Your browser's been hijacked by a trojan virus. Download the free version of Malwarebytes and run a full scan.
You need to do this NOW. The virus is sending your browser history and login info to a remote server, so change all your passwords and other security info. |
|
__________________
"Nature is floods and famines and earthquakes and viruses and little blue-footed booby babies getting their brains pecked out by their stronger siblings! ....Nature doesn't care about me, or about anybody in particular - nature can be terrifying! Why do they even put words like 'natural' on products like shampoo, like it's automatically a good thing? I mean, sulfuric acid is natural!" -Julia Sweeney |
|
|
|
|
|
2nd June 2012, 11:42 AM
|
#3 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
I've already run Malwarebytes, it found & removed a few pups & I've rebooted, but that nginx is still there.
|
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
2nd June 2012, 12:08 PM
|
#4 |
|
Illuminator
Join Date: Apr 2009
Location: Hunting Moose and Squirrel
Posts: 4,164
|
Try deleting your hosts file after you've removed any nasty stuff. It might still be redirecting you even after you've removed any malware. Go here for the one that I like to use instead of the generic (as in blank) one Windows comes with.
|
|
__________________
"Swift, silent and deadly" was a part of my job description Upon hearing me say that my friend asked me "So you're a fart?"... About my avatar. |
|
|
|
|
|
2nd June 2012, 12:21 PM
|
#5 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
Thanks for that, I'll take a look at that.
|
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
2nd June 2012, 01:50 PM
|
#6 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
I've copied that host file - same result.
I've done a full scan with Malwarebytes & Microsoft Security Essentials - same result. I've done 2 system restores, going back to 30th May & then the 22nd May - same result. WHERE THE HELL HAS THIS NGINX (ENGINE X) COME FROM????? |
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
2nd June 2012, 02:50 PM
|
#7 |
|
Dramatocrat
Join Date: Sep 2009
Location: Heiligsblechle country
Posts: 3,229
|
Nginx is a lightweight highscaling webserver. Are you sure it isn't just yahoo having a problem? Because they might use that webserver to serve your homepage.
|
|
|
|
|
2nd June 2012, 03:26 PM
|
#8 |
|
Illuminator
Join Date: Sep 2006
Location: SW Florida
Posts: 4,062
|
Try TDSSKiller and SUPERAntiSpyware (full scan).
If all else fails and if the problem is in only one browser, disable all add-ons in that browser, and if that fixes the problem, re-enable them until you find the culprit. |
|
|
|
|
2nd June 2012, 03:28 PM
|
#9 |
|
Illuminator
Join Date: Sep 2006
Location: SW Florida
Posts: 4,062
|
Originally Posted by Moss
|
|
|
|
|
2nd June 2012, 03:40 PM
|
#10 |
|
BOFH
Join Date: Jun 2003
Location: Sheffield
Posts: 8,328
|
Or a DNS hijack? Check you DNS server setting (ipconfig /all from command line) and maybe reset to the google DNS servers 8.8.8.8 and 8.8.4.4 or the OpenDNS ones 208.67.222.222 (resolver1.opendns.com)
208.67.220.220 (resolver2.opendns.com) |
|
__________________
Aphorism: Subjects most likely to be declared inappropriate for humor are the ones most in need of it. -epepke |
|
|
|
|
2nd June 2012, 04:11 PM
|
#11 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
The navigation bar shows the correct web address (as you can see in the picture I attached).
By Homepage, I mean the web page that displays when I open Internet Explorer. I've accessed the Yahoo front page using my Kindle web browser & that was OK. I don't have many browser add-ons, so I'll try disabling them next - thanks for the help. |
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
2nd June 2012, 04:24 PM
|
#12 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
I've disabled all browser add-ons, accelerators, etc. - same result.
|
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
2nd June 2012, 04:39 PM
|
#13 |
|
Critical Thinker
Join Date: Apr 2005
Posts: 453
|
Make sure your browser hasn't been set to use a proxy server.
|
|
__________________
Long time lurker |
|
|
|
|
|
2nd June 2012, 04:46 PM
|
#14 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
No proxy server.
|
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
2nd June 2012, 05:14 PM
|
#15 |
|
Illuminator
Join Date: Apr 2009
Location: Hunting Moose and Squirrel
Posts: 4,164
|
Well you can try using Hijack This and post the results here and maybe we will see where the problem might be.
|
|
__________________
"Swift, silent and deadly" was a part of my job description Upon hearing me say that my friend asked me "So you're a fart?"... About my avatar. |
|
|
|
|
|
2nd June 2012, 05:19 PM
|
#16 |
|
Illuminator
Join Date: Nov 2006
Location: Tucson, AZ
Posts: 3,877
|
Maybe too obvious but: Have you tried resetting your home page to yahoo?
|
|
__________________
REJ (Robert E Jones) posting anonymously under my real name for 30 years. Make a fire for a man and you keep him warm for a day. Set him on fire and you keep him warm for the rest of his life. |
|
|
|
|
|
3rd June 2012, 01:03 AM
|
#17 |
Join Date: Sep 2007
Posts: 5,926
|
Where's David with his list of what exactly to do.
 Perhaps run rkill.exe (from BleepingComputer) then FixTDSS.exe (from Symantic I think?) as well as tdsskiller.exe (from Kaspersky) .... http://download.bleepingcomputer.com...kill/rkill.exe http://www.symantec.com/content/en/u...ps/FixTDSS.exe http://support.kaspersky.com/downloa...tdsskiller.exe Then run kasperskys free virus removal tool: http://devbuilds.kaspersky-labs.com/...6_03_10_17.exe Then maybe do all that again in Admin mode... ETA: When I run Kaspersky Virus Removal tool I first go to settings tab (the little gear). On Security Scope side-tab check the box next to Local Disk (which is probably C: ) (leave the first 3 checked), and then on Security Level side-tab put the slider all the way up to High, and then on Actions side-tab check Select action: (and make sure both Disinfect and Delete if disinfection fails are checked). After all that go back to Automatic Scan tab and hit Start Scanning. Then find something else to do for about an hour. ETA #2: If that last link doesn't work you can always find the current version of kasperskys free virus removal tool at this link: http://www.kaspersky.com/antivirus-removal-tool?form=1 Because they have kept the version number the same for almost a year now (11.0.0.1245.x01) you have to actually start the download and read the file name (Hit Download next to Version 11) to see if it's definitions have been updated. For instance, as of typing this the file name ends with: 2012_06_03_10_17 |
|
__________________
________________________ |
|
|
|
|
|
3rd June 2012, 01:21 AM
|
#18 |
|
Join Date: Sep 2007
Posts: 5,926
|
Originally Posted by RecoveringYuppy
|
|
__________________
________________________ |
|
|
|
|
|
3rd June 2012, 04:26 AM
|
#19 |
|
BOFH
Join Date: Jun 2003
Location: Sheffield
Posts: 8,328
|
Originally Posted by Lensman
C:\Users\rob>nslookup yahoo.co.uk Server: resolver1.opendns.com Address: 208.67.222.222 Non-authoritative answer: Name: yahoo.co.uk.Home Address: 67.215.77.132 |
|
__________________
Aphorism: Subjects most likely to be declared inappropriate for humor are the ones most in need of it. -epepke |
|
|
|
|
|
3rd June 2012, 04:41 AM
|
#20 |
|
Penultimate Amazing
Join Date: Mar 2003
Location: Central Illinois
Posts: 34,934
|
Originally Posted by Moss
|
|
__________________
Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager |
|
|
|
|
|
3rd June 2012, 04:43 AM
|
#21 |
|
Penultimate Amazing
Join Date: Mar 2003
Location: Central Illinois
Posts: 34,934
|
Originally Posted by OnlyTellsTruths
Where's David with his list of what exactly to do.
Perhaps run rkill.exe (from BleepingComputer) then FixTDSS.exe (from Symantic I think?) as well as tdsskiller.exe (from Kaspersky) ....
Quote:
http://download.bleepingcomputer.com...kill/rkill.exe http://www.symantec.com/content/en/u...ps/FixTDSS.exe http://support.kaspersky.com/downloa...tdsskiller.exe Then run kasperskys free virus removal tool: http://devbuilds.kaspersky-labs.com/...6_03_10_17.exe Then maybe do all that again in Admin mode... ETA: When I run Kaspersky Virus Removal tool I first go to settings tab (the little gear). On Security Scope side-tab check the box next to Local Disk (which is probably C: ) (leave the first 3 checked), and then on Security Level side-tab put the slider all the way up to High, and then on Actions side-tab check Select action: (and make sure both Disinfect and Delete if disinfection fails are checked). After all that go back to Automatic Scan tab and hit Start Scanning. Then find something else to do for about an hour. ETA #2: If that last link doesn't work you can always find the current version of kasperskys free virus removal tool at this link: http://www.kaspersky.com/antivirus-removal-tool?form=1 Because they have kept the version number the same for almost a year now (11.0.0.1245.x01) you have to actually start the download and read the file name (Hit Download next to Version 11) to see if it's definitions have been updated. For instance, as of typing this the file name ends with: 2012_06_03_10_17 |
|
__________________
Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager |
|
|
|
|
|
3rd June 2012, 05:01 AM
|
#22 |
|
Join Date: Sep 2007
Posts: 5,926
|
Yay, I sufficiently replicated Davids usual post as to not need any further comment!
|
|
__________________
________________________ |
|
|
|
|
|
3rd June 2012, 05:31 AM
|
#23 |
|
BOFH
Join Date: Jun 2003
Location: Sheffield
Posts: 8,328
|
Googling turns up a lot of people saying yahoo uses nginx but I can't find any credible evidence this is so; just hear say. On the other hand I turned up a lot of discussions like this which suggests it's a nasty virus
http://www.techsupportforum.com/foru...us-634739.html |
|
__________________
Aphorism: Subjects most likely to be declared inappropriate for humor are the ones most in need of it. -epepke |
|
|
|
|
|
3rd June 2012, 06:41 AM
|
#24 |
|
Graduate Poster
Join Date: Apr 2007
Location: Denmark
Posts: 1,017
|
Originally Posted by Wudang
Quote:
|
|
__________________
"If it can grow, it can evolve" - Eugenie Scott, Ph.D Creationism disproved? Evolution IS a blind watchmaker |
|
|
|
|
|
3rd June 2012, 08:21 AM
|
#25 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
Originally Posted by OnlyTellsTruths
Where's David with his list of what exactly to do.
Perhaps run rkill.exe (from BleepingComputer) then FixTDSS.exe (from Symantic I think?) as well as tdsskiller.exe (from Kaspersky) .... http://download.bleepingcomputer.com...kill/rkill.exe http://www.symantec.com/content/en/u...ps/FixTDSS.exe http://support.kaspersky.com/downloa...tdsskiller.exe Then run kasperskys free virus removal tool: http://devbuilds.kaspersky-labs.com/...6_03_10_17.exe Then maybe do all that again in Admin mode... ETA: When I run Kaspersky Virus Removal tool I first go to settings tab (the little gear). On Security Scope side-tab check the box next to Local Disk (which is probably C: ) (leave the first 3 checked), and then on Security Level side-tab put the slider all the way up to High, and then on Actions side-tab check Select action: (and make sure both Disinfect and Delete if disinfection fails are checked). After all that go back to Automatic Scan tab and hit Start Scanning. Then find something else to do for about an hour. ETA #2: If that last link doesn't work you can always find the current version of kasperskys free virus removal tool at this link: http://www.kaspersky.com/antivirus-removal-tool?form=1 Because they have kept the version number the same for almost a year now (11.0.0.1245.x01) you have to actually start the download and read the file name (Hit Download next to Version 11) to see if it's definitions have been updated. For instance, as of typing this the file name ends with: 2012_06_03_10_17 Done all the above & guess what? It's still the bloody same
|
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
3rd June 2012, 08:30 AM
|
#26 |
|
Master Poster
Join Date: Oct 2003
Location: In the dark, dark forest....
Posts: 2,289
|
Tried Trend Housecall yet?
It's my personal Last Resort for rooting out nasties - if that doesn't get rid of the bugger then it's time for a new hard drive. |
|
__________________
"Nature is floods and famines and earthquakes and viruses and little blue-footed booby babies getting their brains pecked out by their stronger siblings! ....Nature doesn't care about me, or about anybody in particular - nature can be terrifying! Why do they even put words like 'natural' on products like shampoo, like it's automatically a good thing? I mean, sulfuric acid is natural!" -Julia Sweeney |
|
|
|
|
|
3rd June 2012, 09:06 AM
|
#27 |
|
Dramatocrat
Join Date: Sep 2009
Location: Heiligsblechle country
Posts: 3,229
|
My comment before in this thread is a clear instance of deformation professionelle.
|
|
|
|
|
3rd June 2012, 09:12 AM
|
#28 |
|
Graduate Poster
Join Date: May 2007
Location: Caerphilly
Posts: 1,413
|
I ran Combofix - and nginx is gone!!!
YAAAAAAAAAAAAAAYYYYYYYYYYYYYY!!!!!!!!!!!!!!! |
|
__________________
When the chips are down, the buffalo is empty. I have learned that if you upset your wife, she nags you. If you upset her even more you get the silent treatment. Don't you think it's worth the extra effort? |
|
|
|
|
|
3rd June 2012, 05:44 PM
|
#29 |
|
Penultimate Amazing
Join Date: Mar 2003
Location: Central Illinois
Posts: 34,934
|
Originally Posted by Lensman
Done all the above & guess what?
It's still the bloody same
Rkill from Bleeping (run it after each reboot) TDSS from Kaspersky Malwarebytes Superantispyware in Safe Mode Eset online scanner (run browser as admin) I have also used Fsecure and Kaspersky Boot Disk When in doubt run Combofix from Bleeping Computer ( it can blow up your machine). you have to turn off real time scanners. ETA: Oook, I just checked at Bleeping and it looks like a Google redirect that started again in May. |
|
__________________
Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager |
|
|
|
|
|
4th June 2012, 12:42 AM
|
#30 |
|
Join Date: Sep 2007
Posts: 5,926
|
Originally Posted by Lensman
Congratulations. |
|
__________________
________________________ |
|
|
|
|
|
4th June 2012, 04:07 AM
|
#31 |
|
Penultimate Amazing
Join Date: Mar 2003
Location: Central Illinois
Posts: 34,934
|
Originally Posted by Lensman
 I have seen the redirects come back after a cleaning. (It could be user induced.) |
|
__________________
Hell, dynamiting fish in a barrel is more challenging. - Ladewig I suspect you are a sandwich, metaphorically speaking. -Donn And a shot rang out. Now Space is doing time... -Ben Burch You built the toilet - don't complain when people crap in it. _Kid Eager |
|
|
|
|
 |
| Bookmarks |
| Thread Tools | |
|
|
