Windows 10: Google redirection localhost.world

Page 2 of 12 FirstFirst 1234 ... LastLast
  1.    21 Oct 2015 #11

    You should try Roguekiller too.
      My ComputerSystem Spec


  2. Posts : 13,344
    Windows 10 Pro
       21 Oct 2015 #12

    My standard template for infections. (edited as you have used a few things)
    Please run a threat scan with Malwarebytes*, a full scan with your AV, scan your system with Kaspersky TTDSKiller and ESET Online Scanner
    *(Uncheck trial version in the installation process)
    What happens if you set the network configuration to 'automatic detect settings'?
      My ComputersSystem Spec

  3.    03 Nov 2015 #13

    Delibrythe said: View Post
    Bonjour Flavien!

    Have you tried ZHPCleaner? I highly recommend it. http://nicolascoolman.com/download/zhpcleaner/
    Had same issues, blocked 69.197.188.122 in firewall, and ran ZHPCleaner; seems to have done the trick so far.

    This was the content of the localhost.world file:
    Code:
    function FindProxyForURL(url, host) {
    
         if (shExpMatch(host, "www.bing.com")) return "PROXY 69.197.188.122:8484"; 
        if (shExpMatch(host, "*.search.yahoo.com")) return "PROXY 69.197.188.122:8484";    
    
        ga = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ga.test(url)) { return "PROXY 69.197.188.122:8484" }
        
    
        gb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (gb.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (gc.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gd.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        ge = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (ge.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        gx = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gx.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        return "DIRECT";
    
    }
    BTW; I also updated the firmware for my Asus-router...
      My ComputerSystem Spec

  4.    05 Nov 2015 #14

    Nah...


    Nah... still not gotten rid of it...

    Malwarebytes Anti-Malware found some more unwated stuff; works for now
    Last edited by nakiel; 05 Nov 2015 at 08:31.
      My ComputerSystem Spec


  5. Posts : 19,843
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       05 Nov 2015 #15

    You might want to check you host file to see if that's been altered or corrupted.

    Also, wouldn't hurt to flush your DNS.

    Flush DNS - What's My DNS?
      My ComputerSystem Spec

  6.    08 Dec 2015 #16

    The solution that worked for me


    Delibrythe said: View Post
    Pas de problème I hope it works for you!
    After using almost all antivirus, spyware and malware removing programs and crashing one computer, I found out a work around.
    And that is to delete the infected account and start a new account.
      My ComputerSystem Spec

  7.    13 Dec 2015 #17

    nakiel said: View Post
    Had same issues, blocked 69.197.188.122 in firewall, and ran ZHPCleaner; seems to have done the trick so far.

    This was the content of the localhost.world file:
    Code:
    function FindProxyForURL(url, host) {
    
         if (shExpMatch(host, "www.bing.com")) return "PROXY 69.197.188.122:8484"; 
        if (shExpMatch(host, "*.search.yahoo.com")) return "PROXY 69.197.188.122:8484";    
    
        ga = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ga.test(url)) { return "PROXY 69.197.188.122:8484" }
        
    
        gb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (gb.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (gc.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gd.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        ge = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (ge.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        gx = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gx.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        return "DIRECT";
    
    }
    BTW; I also updated the firmware for my Asus-router...
    Having same issue. Did it come back for you? It just came back for me, I saw in proxy settings that localworld was setup again. I ran ZHPCleaner and fixed everything a couple of days ago but it didn't stick.

    BTW the virus that caused this for me is Backdoor:MSIL/Bladabindi -- this is a pretty annoying virus. Windows Defender caught it immediately but I guess there are still traces left. I ran everything recommended in this thread (Rogue killer, TDS killer, Eset online scan, ZHP cleaner, MBAR)
      My ComputerSystem Spec

  •    13 Dec 2015 #18

    It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

    Found this in registry:
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"="http://localhost.world/localhost.host"
      My ComputerSystem Spec

  •    13 Dec 2015 #19

    mixolyd said: View Post
    BTW the virus that caused this for me is Backdoor:MSIL/Bladabindi -- this is a pretty annoying virus. Windows Defender caught it immediately but I guess there are still traces left. I ran everything recommended in this thread (Rogue killer, TDS killer, Eset online scan, ZHP cleaner, MBAR)
    Might want to consider changing your passwords...

    This malware family can steal your sensitive information and send it to a malicious hacker. The family can also download other malware and give backdoor access to your PC.

    Variants of the family can spread via infected removable drives, such as USB flash drives. They can also be downloaded by other malware, or spread though malicious links and hacked websites.
    MSILBladabindi
      My ComputerSystem Spec

  •    13 Dec 2015 #20

    nakiel said: View Post
    It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

    Found this in registry:
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"="http://localhost.world/localhost.host"
    Thanks! I scanned w/ HitmanPro and it found nothing. I did find that registry key though. I think that was the last trace of this virus (hopefully)

    simrick said: View Post
    Might want to consider changing your passwords...
    simrick said: View Post


    Yeah I thought about that.. but Windows Defender found the virus as soon as I opened the file and immediately quarantined it, so I really don't think it had time to do anything except create this annoying proxy which just redirects google to this IP. I do not think (at least hopefully) the backdoor was active at any point. Thanks though
      My ComputerSystem Spec


  •  
    Page 2 of 12 FirstFirst 1234 ... LastLast

    Related Threads
    Hi there same problem with EDGE (the new browser) - can't access localhost type of addresses. I use several media servers with Web interface for controls etc. Get around - use loopback adapter -- but why should I -- Chrome / FF / IE all work...
    Hi there Edge has been modified so you CAN set it to access local host type of sites (at least in build 10240). This was mentioned a while ago but just as a reminder -- many people have servers etc that have a web interface with a localhost or...
    Hi, I've just installed windows 10 which all seems to have gone very well. The only problem I can't currently fix is that google seems to think I am in France! When I go to Edge/Settings/Advanced settings/search in the address bar with the only...
    :sick: Hi, since yesterday my Hyper-V stoped work. I have no clue of whats going on. I tried to uninstall and install it again, but didn't work. Does someone knows how to purge hyper-v configuration when remove/uninstall it? Because it seems...
    Loopback/localhost acces in apps in Software and Apps
    This is aimed at Win 8, but should be the same for 10 As some of us have found out, modern apps such as Edge are not allowed to send network traffic to the local host, so things like media servers and routers do not work I have just been...
    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    © Designer Media Ltd
    All times are GMT -5. The time now is 10:18.
    Find Us