Google redirection localhost.world

Page 12 of 12 FirstFirst ... 2101112
  1. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #111

    korbinperry said:
    Good idea.. I'll report back anything I find in case it can help someone else! Thank you again!
    Yes, thanks. Good luck.
      My Computer


  2. Posts : 6
    Windows 10
       #112

    So here is an update. I wasn't really seeing anything looking through processes, so I checked out GlassWire (sweet application by the way, thanks! I'll be keeping it!) and I decided to narrow down the time to the minimum allowed (1 hour) between 3pm and 4pm today knowing that Malwarebytes reported an attempted outbound connection at 3:39pm. I didn't see our pesky proxy IP or address though, only a few which I illustrate with arrows that do seem kind of odd to me but perhaps just outside my understanding of windows services. I decided to look under Host Processes for Windows Services because it seems to be going through svchost.exe.

    Any of these look suspicious to you?


    Google redirection localhost.world-glasswire.jpg
      My Computer

  3. eLPuSHeR's Avatar
    Posts : 2,447
    Windows 10 Home x64
       #113

    A little offtopic. korbinperry I advise you to use PNG for screen captures. Way better than JPEG for that purpose.
      My Computer

  4. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #114

    korbinperry said:
    So here is an update. I wasn't really seeing anything looking through processes, so I checked out GlassWire (sweet application by the way, thanks! I'll be keeping it!) and I decided to narrow down the time to the minimum allowed (1 hour) between 3pm and 4pm today knowing that Malwarebytes reported an attempted outbound connection at 3:39pm. I didn't see our pesky proxy IP or address though, only a few which I illustrate with arrows that do seem kind of odd to me but perhaps just outside my understanding of windows services. I decided to look under Host Processes for Windows Services because it seems to be going through svchost.exe.

    Any of these look suspicious to you?


    Google redirection localhost.world-glasswire.jpg
    Well,
    The ff02::1:3 points to multicast addressing
    ‪what is ff02::c?‬‏ - ب*ث Google‏

    The e4280.g.akamaiedge.net - akamai is a CDN (Content Delivery Service). Nothing to worry about if you know what it's from. It's related to MAC (Apple), I think (with the edge in there).
    ‪what is ff02::c?‬‏ - ب*ث Google‏

    fe80:88c8:6423:5c74:ce52 looks to be an IPv6 address. Some info:
    IPv6 address - Wikipedia
    The KAME project
    How to Scan IPv6 Addresses with Qualys FreeScan Network Security Blog | Qualys, Inc.


    A VirusTotal scan of 69.197.188.122 gives 2 hits for malware:
    https://www.virustotal.com/en/url/f7...is/1478817995/

    Sorry, I don't seem to be much help at this for you.
      My Computer


  5. Posts : 6
    Windows 10
       #115

    eLPuSHeR said:
    A little offtopic. korbinperry I advise you to use PNG for screen captures. Way better than JPEG for that purpose.
    You're right, I should have known better lol! Bad habit!
    simrick said:
    Well,
    The ff02::1:3 points to multicast addressing
    €what is ff02::c?€€ - ب*ث Google€

    The e4280.g.akamaiedge.net - akamai is a CDN (Content Delivery Service). Nothing to worry about if you know what it's from. It's related to MAC (Apple), I think (with the edge in there).
    €what is ff02::c?€€ - ب*ث Google€

    fe80:88c8:6423:5c74:ce52 looks to be an IPv6 address. Some info:
    IPv6 address - Wikipedia
    The KAME project
    How to Scan IPv6 Addresses with Qualys FreeScan Network Security Blog | Qualys, Inc.


    A VirusTotal scan of 69.197.188.122 gives 2 hits for malware:
    https://www.virustotal.com/en/url/f7...is/1478817995/

    Sorry, I don't seem to be much help at this for you.
    That's okay! I appreciate your direction none the less! I am going to continue to try and investigate as I notice it, but for now I feel much more comfortable..I have the 69.197.188.122 address blocked in and out, and my browser hasn't force closed and reset my proxy or anything since I deleted the scheduled task, bad certs, and cleaned up the registry entry.
      My Computer

  6. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #116

    korbinperry said:
    You're right, I should have known better lol! Bad habit!

    That's okay! I appreciate your direction none the less! I am going to continue to try and investigate as I notice it, but for now I feel much more comfortable..I have the 69.197.188.122 address blocked in and out, and my browser hasn't force closed and reset my proxy or anything since I deleted the scheduled task, bad certs, and cleaned up the registry entry.
    Excellent. Keep us posted if you come across anything further. Cheers!
      My Computer


  7. Posts : 6
    Windows 10
       #117

    simrick said:
    Excellent. Keep us posted if you come across anything further. Cheers!
    Hello again! So two days have passed, and I have been looking through my Malwarebytes Log and haven't seen a single incoming or outgoing connection that looks malicious. For now I feel confident it is gone! Thanks again for all the help, I'm glad this thread is showing up in google search results now with some of the key terms like the "69.197.188.22" IP address and "proxy" because no major software seems to pick this up and no one seems to have any info about it anywhere!
      My Computer

  8. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #118

    korbinperry said:
    Hello again! So two days have passed, and I have been looking through my Malwarebytes Log and haven't seen a single incoming or outgoing connection that looks malicious. For now I feel confident it is gone! Thanks again for all the help, I'm glad this thread is showing up in google search results now with some of the key terms like the "69.197.188.22" IP address and "proxy" because no major software seems to pick this up and no one seems to have any info about it anywhere!
    Good news! Thanks. :)
      My Computer


  9. Posts : 6
    Win 10-64 bit HOME
       #119

    I started having the same problemThursday, without the pop up, it was asking for my password, entered it, & come back wrong password, not sure how to get help with Google, but always have Bing& Edge, if needed.

    Attachment 43714




    I have cleanup with kasperky, ccleaner, adwcleaner and doesn't work. How to solve it ?[/QUOTE]
      My Computer

  10. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #120

    Graham Clark said:
    I started having the same problemThursday, without the pop up, it was asking for my password, entered it, & come back wrong password, not sure how to get help with Google, but always have Bing& Edge, if needed.

    Attachment 43714




    I have cleanup with kasperky, ccleaner, adwcleaner and doesn't work. How to solve it ?

    Please see post #36 here.
      My Computer


 
Page 12 of 12 FirstFirst ... 2101112

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 21:32.
Find Us




Windows 10 Forums