Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nginx infection, then very slow computer


  • Please log in to reply
7 replies to this topic

#1 Jonat

Jonat

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 24 July 2017 - 03:08 PM

I have a Windows 7 operating system

While browsing using Internet Explorer, and accessing a commonly used website, it instead came up with a page saying "welcome to Nginx".  The computer immediately became very slow.

 

When I tried loading other websites, the same kept occurring.

I tried shutting down the computer and restarting, but this didn't work.

Tried getting rid of the problem using Avast Antivirus and also ADW.exe, but neither worked.

 

How do I fix this problem ?



BC AdBot (Login to Remove)

 


#2 JoshRoss

JoshRoss

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:07:52 PM

Posted 25 July 2017 - 07:33 AM

You will probably need a more thorough solution than just a couple anti-virus/anti-malware software. It could be either a browser extension or some rogue application on your PC. Since I am not sure, this thorough cleanup should help you sort the issue out:

 

1. Restart your PC in “Safe mode with networking.”
 
2. Install and run RKill to kill malicious processes and services
 
3. Check your Programs and features and see if there are any new recently installed programs that you don’t recognize. If there are, remove them.
 
4. Do a full scan with anti-virus software of your choice or use Windows Defender (offline) to clean up initial infections.
 
5. Since you already have AdwCleaner, do a scan with it. Additionally, I recommend scanning with Hitman Pro, Malwarebytes, and Zemana. Multiple anti-malware solutions will confirm that the threat was removed.
 
6. Clean up your Registry and Cached files with CCleaner
 
7. Restart your PC in normal mode and do an additional scan to confirm that the malware is gone.
 
This should help you sort out the issue. Keep in mind that RKill might have issues in safe mode. And in general, this entire process is a little bit of an overkill for your potential issue. If you chose to, you could skip the Safe mode restart. Check your extensions, programs, do a full scan, and it might be enough! Good luck!


#3 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:52 PM

Posted 25 July 2017 - 09:27 AM

Jonat below is an explanation for what you saw.

 

Why Am I Seeing this Page?

When you see the Welcome to nginx! page, the mostly likely reasons are that either there is a configuration problem at the website, or there is a problem on your computer that is causing your web browser to go to the wrong website.

  • It might be a temporary problem, in which case it might help to clear your browser cache and history, then restart your computer and home router if necessary. See What Should I Do?.
  • It is also possible that your computer has a virus or other malware that is intercepting your web requests and directing you to the wrong website.

    For example, some viruses and malware can control how your computer uses a system called DNS. This system translates website names (such as www.google.com) into computer addresses, just like the contacts list on your mobile phone translates people’s names into phone numbers. When you try to access a website, the virus causes your browser to route your request to an impostor website that might try to steal personal information.

The NGINX software has not been installed on your computer – it runs only on computers that are serving web pages. NGINX is not a virus and has nothing to do with determining which websites your browser accesses.

__________________________________________________________________________________________________________________________________________________

 

Since a problem has occured on your computer after visiting that site...it sounds like the site may have been hijacked and infected your computer.

 

Use the programs below to clean, remove malware and remove adware.

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

When you use CCleaner using the Default settings...also put a check in the box next to DNS cache. You will find that

under the System heading. Then run by clicking on the Run Cleaner button in the bottom right corner. That will flush the DNS cache.

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download MiniToolBox and run it.

Checkmark following boxes:

  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs

Edited by buddy215, 25 July 2017 - 09:42 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 26 July 2017 - 07:17 AM

Thanks to both for the advice.

 

I've run the suggestions from BC Advisor.

Don't know how to find "The Scan log is available throughout History ->Application logs"

Please advise.



#5 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:52 PM

Posted 26 July 2017 - 10:14 AM

Restart MBAM

  • Click on the History tab >> Application Logs.
  • Double click on the scan log which shows the Date and time of the scan that showed the infections.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 26 July 2017 - 10:25 AM

There is no History tab in Malwarebytes.

I'm using the free version.  Maybe only the paid version has this.

Any further suggestion.



#7 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:52 PM

Posted 27 July 2017 - 03:40 PM

Use the instructions below. You should be able to copy and post the items deleted or quarantined using the export button.

 

Managing Malwarebytes 3 Quarantine and Reports

All detected malware is moved to a quarantine folder by default. As this folder might waste disk space, it is recommended to clear it about a month after detection. Free CCleaner can also do the job for you.
You can also restore items to their previous locations if you really know what you're doing.

Click Quarantine on the left side of Malwarebytes 3 main window. This opens a list of all items detected and removed. The easiest way to empty the quarantine folder is to tick the topmost check box on the left to select all items and then click or touch the Delete button on the bottom right. The action will be confirmed.
grey.gif

You can also delete individual items by ticking their check boxes and clicking the Delete button. The action will again be confirmed.

Be very careful with the Restore button - do not use it unless you are absolutely sure that you are not restoring malware!

To see Malwarebytes 3 logs, click Reports on the left side of the program window. Here you can double-click a log to open it.
grey.gif

Here's an example of a Scan log that summarizes all important settings and results. Please note the scroll bars in the top and bottom sections - there is often much more information available than fits on screen.
Export button allows copying the log to Clipboard, and saving it to a text file for further analysis.
grey.gif

That's it about installing, configuring and managing Malwarebytes 3. Move on to the Malwarebytes 3 on-demand scan tutorial on how to scan for and remove malicious items on your device.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:52 PM

Posted 27 July 2017 - 03:46 PM

There's been a problem the last few days with me being able to see MY CONTENT. That is why I have just now responded to you as

your last post wasn't in MY CONTENT until now.

 

Also.....have you attempted to revisit the site mentioned in your opening post? If so, is it functioning properly now or not?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users