Results 1 to 13 of 13
  1. #1
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,395
    Thanks
    60
    Thanked 7 Times in 7 Posts

    Question NightshadeInteractive.com hijacks ighome home page

    For the past week, a site called "nightshadeinteractive.com", which I've never visited nor Googled, hijacks my home page, ighome.

    Ighome had server issues (now resolved) last week and this may have started at the same time.

    In Firefox, my default browser, it keeps taking over even when I type in "ighome.com" in the URL box and refresh. In Chrome, I can stop the hijack by doing this...although it does hijack ighome initially. I just tried it on IE (rarely use it); it doesn't occur there. The page opens on msn.com which I've never set as a home page.

    UPDATES:
    1. it is now re-hijacking Chrome when I try to update and save gadgets on ighome.
    2. Just noticed a "Buy this domain" in upper right corner of the nightshade page.

    This occurs on my PC running Windows 7, SP1, but does not occur on my laptop running the same system. So that suggests it has something to do with my computer rather than ighome. Correct?

    I ran UltraFile Search, but nothing showed up.

    Any ideas on how to correct this? I am very concerned as this is a first for me.

    Thanks for any suggestions.

    Linda
    Last edited by IreneLinda; 2017-05-02 at 09:18. Reason: Added 2 updates

  2. #2
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,948
    Thanks
    522
    Thanked 471 Times in 440 Posts
    "Buy this domain" -- perhaps the hijackers have gone out of business?

    Go through your browser settings and disable / uninstall all add-ins and extensions. Do this for each browser. Reboot. See if that fixed the problem.

    If that didn't fix it, then as a test, go to another computer and download a fresh copy of Firefox, and also get a copy of Opera. Then burn them to a CD (so that they will be read-only).

    Now go to the "infected" computer, uninstall Firefox, and reboot. Now install Firefox from the CD. If the problem doesn't come back, you solved it by installing a fresh copy of Firefox -- you got rid of the problem when you got rid of the old copy of Firefox.

    However, if the problem comes back, try installing Opera from the CD (i.e. another browser), and then use that for your browsing. If that solves it, then the problem is buried somewhere in the other browsers. If that doesn't solve it, then your computer probably has a virus / malware.
    Last edited by mrjimphelps; 2017-05-03 at 08:03.

  3. #3
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,395
    Thanks
    60
    Thanked 7 Times in 7 Posts
    Thanks for all your help, Mr. Jim.

    I thought i'd solved it when AntiMalware Bytes found an instance of malware yesterday. However, what I found is that generic ighome is fine; the nightshades thing comes back when I sign in to personalize ighome.

    For now, I've changed the page that opens on start up to a blank tab so the hijack doesn't occur.

    Before I try the CD browser route, does the fact that this only occurs with ighome's personalized page and only on my computer suggest anything else to you?

    IE is fine as I've never installed ighome there. Firefox and Chrome are both fine with the blank tab page selected for startup.

    I've also emailed ighome just in case. Doubt arises re. its being their issue because the laptop ighome page is unaffected.

    Of course, all this is why computer tech is so tricky: so many things can be causing an issue!

    Will look to hear your further thoughts before doing anything...and thanks so much for taking the time to help!

    Linda

    P.S. Should I hold off on my image backup until this is resolved?
    Last edited by IreneLinda; 2017-05-03 at 09:01. Reason: Added P.S.

  4. #4
    5 Star Lounger RockE's Avatar
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    684
    Thanks
    71
    Thanked 130 Times in 117 Posts
    Quote Originally Posted by IreneLinda View Post
    P.S. Should I hold off on my image backup until this is resolved?
    Yes, that's probably a good idea. Actually, I'm wondering - now that you mention backup - why you haven't simply restored a previous backup of your problematic computer(?).
    Clone or Image often! Backup, backup, backup, backup...
    - - - - -
    Home Built System: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB DDR3 RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek High Definition Audio

  5. #5
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,948
    Thanks
    522
    Thanked 471 Times in 440 Posts
    Quote Originally Posted by IreneLinda View Post
    I thought i'd solved it when AntiMalware Bytes found an instance of malware yesterday. However, what I found is that generic ighome is fine; the nightshades thing comes back when I sign in to personalize ighome.
    I would not suggest signing in to ighome for any reason. I would stay far from them. They have shown themselves to be at best invasive and at worst malicious, by taking over your search engine. Likewise, I would never email them, because now they know that they successfully snagged a real person.

    Hopefully all they have done is hijack your search engine by installing an add-in. If so, you should be able to get rid of them simply by removing their add-in. (And by the way, you DO want to get rid of them, because they have shown themselves to have bad intentions.) But if that doesn't do the trick, then an uninstall/reboot then clean install of Firefox will hopefully do the trick. That is why I suggested that you install Opera, because it would be a fresh, clean install; and if it stays clean of these people, then a fresh, clean install of Firefox (and all other affected browsers) should clean things up for you. But the steps I have detailed above are the only way you will know if the problem is confined to your browser(s), and also if it's an add-in or if the problem is buried deeper within the browser.

    Quote Originally Posted by IreneLinda View Post
    Should I hold off on my image backup until this is resolved?
    If you have a recent backup, then no, I would not recommend your making a backup at this time. If you have no usable backups available, then you have no choice but to do a backup at this time. But do it on a separate, empty medium, not on one which has data, because in case there is malware, it could infect whatever is on the medium you do the backup to.

  6. #6
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,395
    Thanks
    60
    Thanked 7 Times in 7 Posts
    Got it. Thanks, RockE and Mr. Jim.

    I will hold off on the image backup and stay away from ighome going forward. We've used them for years with no problems, but am concerned something happened when they had their major server failure last weekend. Why it's only on my computer and not the laptop is a mystery of technology, I guess.

    Re. RockE's suggestion to use earlier backup, good idea. Of course, doing so makes me hugely nervous so will use it as a last resort...and come back here for help before doing so!

    One final question, prompted by RockE's suggestion: would a system restore help?

    Again, thank you both so much for giving of your time and knowledge...once more!

    Linda

  7. #7
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,948
    Thanks
    522
    Thanked 471 Times in 440 Posts
    A system restore will definitely help. But keep in mind that everything you currently have will disappear forever when you do a system restore, because a system restore totally wipes the drive of everything that is currently on it; and you will be back to new, out of the box condition.

    Sometimes that's the easiest way to fix things. But if you have any backup that you have done, that might be better than a "wipe-the-drive" system restore.

    If you decide to do a system restore, MAKE SURE that you have ALL install keys and original disks for any software you want to reinstall after the restore. For example, if you don't have your MS Office install key or original disk, you won't be able to reinstall it.

  8. #8
    Star Lounger
    Join Date
    Jul 2013
    Location
    Murphy, NC
    Posts
    82
    Thanks
    0
    Thanked 8 Times in 8 Posts
    Linda, have you tried setting your home page in Firefox to something other than ighome, or having Firefox initially show a blank page rather than your home page. This might help establish the extent to which ighome is part of the issue.

  9. #9
    Administrator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    3,619
    Thanks
    160
    Thanked 1,001 Times in 798 Posts
    Linda, I suspect RockE may have meant 'do you have a System Restore Point' of just over a week ago rather then a full-blown System Recovery to revert to original settings.

    Try this:

    1. Click on Start.
    2. In the Search programs and files search box type rstrui. You should see rstrui.exe appear as a search result. Click on rstrui.exe in the search results (or just press your Return or Enter key).
    3. When the System Restore dialog appears, click on the Next button.
    4. In the next dialog, put a tick in the Show more restore points checkbox.

    Do you now see a restore point dated just before the home page hijacking started? Let us know...

    For example, my own Windows 7 system shows multiple restore points I could choose if I have a problem:

    restore-points.png
    Click to enlarge

    For info, restoring an earlier restore point will not affect your data, only revert changes made by Windows Update or programs. For example, my screenshot shows that Calibre created an automatic restore point before installing. So, if everything went pear-shaped following the installation of Calibre I could revert my system to a pre-Calibre condition.

    Hope this helps...

  10. #10
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,395
    Thanks
    60
    Thanked 7 Times in 7 Posts
    David: good suggestion and, yes, I did that yesterday. Now can open both Firefox and Chrome without their being hijacked.
    This might help establish the extent to which ighome is part of the issue.
    Generic ighome is fine; only when I sign in to access my personalized page does the hijacking occur. Does this suggest anything to you re. where fault could be?

    Rick:
    I suspect RockE may have meant 'do you have a System Restore Point' of just over a week ago
    I was just about to reply to Mr. Jim that I'd meant restore point and not the full blown one when I saw your and David's responses. Thanks for the detailed instructions: I'll check out the nearest point and post back before proceeding. I've used this function in the past, but not recently and so it had slipped my mind.

    Again, huge thanks for all the time you guys are devoting to helping me figure this out. No wonder I love this Lounge (and rave about it to everyone I know who's on Windows!).

    Linda

  11. #11
    Star Lounger
    Join Date
    Jul 2013
    Location
    Murphy, NC
    Posts
    82
    Thanks
    0
    Thanked 8 Times in 8 Posts
    Linda, it sounds to me that perhaps someone has maliciously caused the internet routing tables to be updated so that when a user's browser requests the content for the ighome.com sign-in page, the request gets sent to a Nightshade Interactive server instead of to an ighome.com server. If that's the case, then correcting it might require the involvement of an administrator at ighome.com. It might be worthwhile to contact ighome.com about the issue, provided that their contact information can be found on the apparently safe ighome.com home page.

    Hope this helps,
    Dave

  12. #12
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,395
    Thanks
    60
    Thanked 7 Times in 7 Posts
    Appreciate the extra thoughts, David. I have now emailed ighome using their contact form. Will post back when I hear from them

    I'm sure they won't be happy if what you say is happening is happening!

    Thanks again,

    Linda

  13. #13
    Bronze Lounger
    Join Date
    Sep 2002
    Location
    Naples, Florida, USA
    Posts
    1,395
    Thanks
    60
    Thanked 7 Times in 7 Posts
    By way of update: never heard back from ighome...not positive. For now, have removed them as home page on both PC and laptop, replacing with blank tab for now.

    I plan to keep an eye on computer performance for the next couple of weeks to see if all functions as it should. If it does, will post back results. If there are issues, will apply Mr. Jim's whole new browser suggestion following his directions.

    Will also post if ighome responds.

    Many thanks for all the suggestions and support from all you "more technical by far than I" Loungers!

    Linda

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •