Home Malware Programs Viruses Nginx Virus

Nginx Virus

Posted: July 11, 2012

Nginx Virus Screenshot 1The Nginx Virus is a casual name for a browser hijacker that blocks popular websites to display a Nginx server-based site instead of your normal content. Since Nginx is a popular open source program that can be used by both malicious and benevolent websites, SpywareRemove.com malware researchers recommend that you assume that your PC may have been exposed to potential browser-based attacks after contact with sites that resemble the end results of a Nginx Virus's hijack. In some cases, what looks like a Nginx Virus may be a simple server glitch that doesn't indicate that anything is wrong with your PC; you should verify this possibility with suitable anti-malware software on a case-by-case basis.

How the Nginx Virus's Most Famous Symptom is an Inadvertent Side Effect

The Nginx Virus (which, contrary to its nickname, is not a file-infecting virus insofar as SpywareRemove.com malware researchers have been able to determine) is a form of browser hijacker that promotes Nginx-based websites. As the second most popular form of server software globally that's used by even reputable sites like Google, Nginx and its errors can be associated with completely safe sites as well as harmful websites. However, sites that are promoted by browser hijackers like the Nginx Virus have a tendency to be malicious or include questionable content, and SpywareRemove.com malware researchers recommend that you interact with such sites with a high degree of caution.

The unifying symptom for a Nginx Virus style of browser hijacker is the appearance of Nginx error pages whenever you try to load various popular sites. Sites that have been blocked by the Nginx Virus include Facebook, Yahoo, Google and Yandex. A successful Nginx Virus redirect attack may redirect you to an unrelated and fully-functioning site, or one of the following error messages may be exhibit on a blank page:

'Welcome to Nginx!'

'404 Not Found / Nginx'

Browser hijackers should always be considered dangers to your PC that should be removed in anti-malware scans, and SpywareRemove.com malware researchers also recommend that you avoid transmitting personal information via your browser until your PC has been disinfected of the Nginx Virus.

When the Nginx Virus is Less of a PC Threat Than It is a Minor Server Malfunction

Not all appearances of the aforementioned Nginx Virus-style error messages are heralds of an infection on your computer. In some scenarios, a Nginx-based site may be having server issues that result in you seeing one of these Nginx errors. Then, is just a matter of time until the website being corrected by its webmasters.

However, SpywareRemove.com malware researchers generally recommend that you assume that your PC is infected by the Nginx Virus until your anti-malware software can determine otherwise. Browser hijackers like the Nginx Virus may be installed with other PC threats that show few or no symptoms, and, in some cases, can be high-level threats (such as DNS Changer and Alueron rootkits).

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%\[RANDOM CHARACTERS].exe File name: %AppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
%Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS]\ File name: %Documents and Settings%\[UserName]\Application Data\[RANDOM CHARACTERS]\
%Windows%\system32\[RANDOM CHARACTERS].exe File name: %Windows%\system32\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\"Shell" = "[RANDOM CHARACTERS].exe"HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"

Related Posts


  • Rocio says:

    I have 3 trojans in my cmpuoter labtop. my malware is funtional but it is unable to remove the trojans. I even tried useing malware on safe mode and it could not find the viruses. i tried it again and it found 2 but could not remove them. do you know any additional free anti virus programs that really removes trojans or any steps on how to remove them manually?

  • India says:

    You saved me a lot of haslse just now.