Author Topic: Welcome to NGINX  (Read 63041 times)

0 Members and 1 Guest are viewing this topic.

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #15 on: May 08, 2012, 06:54:43 AM »
Hi,
I am finally done!  Attached esat scan results.
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #16 on: May 08, 2012, 01:41:03 PM »
Hi,

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code: [Select]
:Services

:Files
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip
C:\Users\Janice\AppData\Roaming\iolo\Installers\SystemMechanic7.exe
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[clearallrestorepoints]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next reply please attach the new OTL logs (don't worry if LOP and Purity is checked) and let me know how your system is running.  :)

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #17 on: May 08, 2012, 04:08:54 PM »
Hi,

I did as requested and holy smokes Firefox opens immediately!!!  Thunderbird is opening faster too, don't know if this was part of all of this but hey I'm glad its all working faster!!  Thanks sooo much, truly appreciate all your help.

Attached is the final log and by the way I was able to open OTL without having to do it in safe mode each time.  I did have to shut Avast down as it still wanted to terminate it as suspicious.

Cheers,
Janice
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #18 on: May 08, 2012, 04:25:01 PM »
Hi,

What about being  sent to NGINX any longer? 

When you ran OTL the first time there should have been a log created named Extras.txt.  If you have that could you attach that please.  :)

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #19 on: May 08, 2012, 05:49:53 PM »
HI,

It doesn't go to NGINX but I had flushed the DNS resolver cache and after that it stopped going to that page.  Then we started down our journey right after that and during all of that it never went to that page.

I have attached the extras page.  Is there anything else I should be doing.  I think one thing I learned is more is not necessarily better so I am just going to let Avast do its thing and maybe run an online scan from time to time.

Cheers,
Janice
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #20 on: May 08, 2012, 05:56:43 PM »
Quote
It doesn't go to NGINX but I had flushed the DNS resolver cache and after that it stopped going to that page.  Then we started down our journey right after that and during all of that it never went to that page.
Perfect.  :)
--------------

Quote
Is there anything else I should be doing.
Now please do the following so we can get some updates installed on your system:

You have an older version of Adobe Reader.  You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.5.1 first. Be sure to move any PDF documents to another folder first though.
----------

Please download JavaRa to your desktop and unzip it to its own
folder
  • Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then

    click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
        Java Runtime Environment (JRE) version for your computer.
----------

In your next reply let me know if you had any problems with the instructions and once again how your system is running.  :)


Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #21 on: May 08, 2012, 07:35:16 PM »
Hi,

Well hopefully I have done this right, I think I uninstalled Adobe Reader 9.5.1, anyway I couldn't find it anywhere when I searched for it and installed the latest version.  I will have a look at Foxit, checked it briefly.  I am the webmaster for an association I belong to and they have supplied me with Adobe Acrobat 9 which I don't find all that user friendly, does Foxit do the same thing?  I also hopefully updated Java, I followed your instuctions and then verified that I was downloading the correct JRE update, it is JRE 7ur4 I'm guessing though. 

Everything seems fine, Firefox opening to  my homepage and no Welcome to NGINX page.  Please advise if I need to do anything else.

Cheers,
Janice
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #22 on: May 08, 2012, 07:55:47 PM »
Hi,

Quote
does Foxit do the same thing?
Yes it just is lighter on resources. 
----------

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D  SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees.  As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer.  This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code.  To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.  A tutorial on firewalls can be found here[/color].  **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

5. Make sure you keep your Windows OS currentWindows XP users can visit Windows update   regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?
 
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #23 on: May 09, 2012, 01:18:29 AM »
Hi,

I ran OTL and clicked on clean up.  Then I went to Internet Explorer, to the tools menu and Internet Options.  I had everything as you advised already in place but I couldn't find Installation of desktop items here?  I already had Protected Mode on, I run Site-Advisor as well as Spoofstick.  I have everything set to automatically send me updates and use cnet downloads and cnet updates for installed downloads.  I will install WOT I think I may have it  already or at least I did at one time.  I also installed outpost firewall & will turn off Windows firewall.

I just ran a quick scan by malewarebytes it said ok but then Avast came up with this message:  ROOTKIT FOUND  A suspicious hidden object (rootkit) has been detected on your computer.  This may be a sign of a malicious infection.  It is recommended to remove the object immediately.  File Name:  SVC:mbam Rootkit name: Rootkit.  I clicked on delete, only other option was to ignore.  I am now going to run a boot-time scan as suggested by Avast!!  Please advise what's next!!!!
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #24 on: May 09, 2012, 02:37:57 AM »
Hi,

What else did the warning say?  Did it give a file path or can you take a screen shot of the warning?

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #25 on: May 09, 2012, 03:25:46 AM »
Hi,

No file path, just what I told you, the Avast redbox came up and said to remove it immediately and that was by deleting it.  Its gone so I can't take a screen shot.  I just finished the boot-time scan which Avast told me to do.

I also get a message about window live essentials everytime I reboot.  I don't think this means anything, I went on line to check it out and seems lots of people get this so I just ignore it.  Anyway here's what happens:  A warning box comes up titled WLStartup.exe - Entry point not found. Red circle with X in it - The procedure entry point ?GetHeight @CRMImage@@QBEHXZ could not be located in the dynamic link library UXCore.dll.  So I close that and get - Window Live Essentials has stopped working.  Check on line for a solution etc, or Close the program which is what I do.

Cheers, :-[
I love this forum, with all its extremely knowledgeable personnel!

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #26 on: May 09, 2012, 04:21:18 AM »
Hi,

I do believe I have resolved the Windows Live Essential problem!  It was all about an outdated uxcore.dll.  I deleted the old one and replaced it with an updated uxcore.dll.  I hope that is the last of that because it is extremely annoying.
I love this forum, with all its extremely knowledgeable personnel!

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #27 on: May 09, 2012, 04:29:26 AM »
Hi,

Ok...try the following:

Go into your "c:\program files\windows live\installer" and delete the uxcore.dll. Then go into "c:\program files\windows live\shared" and copy uxcore.dll from this directory. Go back to your installer directory and paste the file.
Should start without an issue...
Error is occuring from an outdated uxcore.dll file that is not being updated in the installer folder.

jeffce

  • Guest
Re: Welcome to NGINX
« Reply #28 on: May 09, 2012, 04:35:53 AM »
 ;D  You beat me to the punch!! 

Offline nanajana

  • Sr. Member
  • ****
  • Posts: 375
  • Health is Wealth
Re: Welcome to NGINX
« Reply #29 on: May 09, 2012, 04:36:54 AM »
Hi,

Yes that is exactly what I did about Windows Live Essentials!  I haven't changed any passwords yet because of Rootkit found? earlier by Avast.  So where am I with that?  I don't want to change anything until I am sure I'm clean

Cheers,
I love this forum, with all its extremely knowledgeable personnel!