Page 2 of 12 FirstFirst 1234 ... LastLast
  1.    21 Oct 2015 #11
    Join Date : Jul 2015
    Posts : 858
    Windows 10 Home x64

    You should try Roguekiller too.
      My ComputerSystem Spec
  2.    21 Oct 2015 #12
    Join Date : Jun 2015
    Posts : 12,657
    Windows 10 Pro

    My standard template for infections. (edited as you have used a few things)
    Please run a threat scan with Malwarebytes*, a full scan with your AV, scan your system with Kaspersky TTDSKiller and ESET Online Scanner
    *(Uncheck trial version in the installation process)
    What happens if you set the network configuration to 'automatic detect settings'?
      My ComputersSystem Spec
  3.    03 Nov 2015 #13
    Join Date : Nov 2015
    Posts : 3
    win7x64

    Quote Originally Posted by Delibrythe View Post
    Bonjour Flavien!

    Have you tried ZHPCleaner? I highly recommend it. http://nicolascoolman.com/download/zhpcleaner/
    Had same issues, blocked 69.197.188.122 in firewall, and ran ZHPCleaner; seems to have done the trick so far.

    This was the content of the localhost.world file:
    Code:
    function FindProxyForURL(url, host) {
    
         if (shExpMatch(host, "www.bing.com")) return "PROXY 69.197.188.122:8484"; 
        if (shExpMatch(host, "*.search.yahoo.com")) return "PROXY 69.197.188.122:8484";    
    
        ga = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ga.test(url)) { return "PROXY 69.197.188.122:8484" }
        
    
        gb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (gb.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (gc.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gd.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        ge = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (ge.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        gx = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gx.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        return "DIRECT";
    
    }
    BTW; I also updated the firmware for my Asus-router...
      My ComputerSystem Spec
  4.    05 Nov 2015 #14
    Join Date : Nov 2015
    Posts : 3
    win7x64

    Nah...


    Nah... still not gotten rid of it...

    Malwarebytes Anti-Malware found some more unwated stuff; works for now
    Last edited by nakiel; 05 Nov 2015 at 08:31.
      My ComputerSystem Spec
  5.    05 Nov 2015 #15
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,121
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    You might want to check you host file to see if that's been altered or corrupted.

    Also, wouldn't hurt to flush your DNS.

    Flush DNS - What's My DNS?
      My ComputerSystem Spec
  6.    08 Dec 2015 #16
    Join Date : Dec 2015
    Posts : 1
    Windows 10

    The solution that worked for me


    Quote Originally Posted by Delibrythe View Post
    Pas de problème I hope it works for you!
    After using almost all antivirus, spyware and malware removing programs and crashing one computer, I found out a work around.
    And that is to delete the infected account and start a new account.
      My ComputerSystem Spec
  7.    13 Dec 2015 #17
    Join Date : Dec 2015
    Posts : 21
    10 64bit

    Quote Originally Posted by nakiel View Post
    Had same issues, blocked 69.197.188.122 in firewall, and ran ZHPCleaner; seems to have done the trick so far.

    This was the content of the localhost.world file:
    Code:
    function FindProxyForURL(url, host) {
    
         if (shExpMatch(host, "www.bing.com")) return "PROXY 69.197.188.122:8484"; 
        if (shExpMatch(host, "*.search.yahoo.com")) return "PROXY 69.197.188.122:8484";    
    
        ga = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ga.test(url)) { return "PROXY 69.197.188.122:8484" }
        
    
        gb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (gb.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (gc.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gd.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        ge = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (ge.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        gx = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gx.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        return "DIRECT";
    
    }
    BTW; I also updated the firmware for my Asus-router...
    Having same issue. Did it come back for you? It just came back for me, I saw in proxy settings that localworld was setup again. I ran ZHPCleaner and fixed everything a couple of days ago but it didn't stick.

    BTW the virus that caused this for me is Backdoor:MSIL/Bladabindi -- this is a pretty annoying virus. Windows Defender caught it immediately but I guess there are still traces left. I ran everything recommended in this thread (Rogue killer, TDS killer, Eset online scan, ZHP cleaner, MBAR)
      My ComputerSystem Spec
  8.    13 Dec 2015 #18
    Join Date : Nov 2015
    Posts : 3
    win7x64

    It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

    Found this in registry:
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"="http://localhost.world/localhost.host"
      My ComputerSystem Spec
  9.    13 Dec 2015 #19
    Join Date : Apr 2015
    Posts : 12,553
    W10Prox64

    Quote Originally Posted by mixolyd View Post
    BTW the virus that caused this for me is Backdoor:MSIL/Bladabindi -- this is a pretty annoying virus. Windows Defender caught it immediately but I guess there are still traces left. I ran everything recommended in this thread (Rogue killer, TDS killer, Eset online scan, ZHP cleaner, MBAR)
    Might want to consider changing your passwords...

    This malware family can steal your sensitive information and send it to a malicious hacker. The family can also download other malware and give backdoor access to your PC.

    Variants of the family can spread via infected removable drives, such as USB flash drives. They can also be downloaded by other malware, or spread though malicious links and hacked websites.
    MSILBladabindi
      My ComputerSystem Spec
  10.    13 Dec 2015 #20
    Join Date : Dec 2015
    Posts : 21
    10 64bit

    Quote Originally Posted by nakiel View Post
    It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

    Found this in registry:
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"="http://localhost.world/localhost.host"
    Thanks! I scanned w/ HitmanPro and it found nothing. I did find that registry key though. I think that was the last trace of this virus (hopefully)

    Quote Originally Posted by simrick View Post
    Might want to consider changing your passwords...
    Quote Originally Posted by simrick View Post


    Yeah I thought about that.. but Windows Defender found the virus as soon as I opened the file and immediately quarantined it, so I really don't think it had time to do anything except create this annoying proxy which just redirects google to this IP. I do not think (at least hopefully) the backdoor was active at any point. Thanks though
      My ComputerSystem Spec

 
Page 2 of 12 FirstFirst 1234 ... LastLast


Similar Threads
Thread Forum
Solved Edge browser can't access LOCALHOST type of IP addresses (build 10122
Hi there same problem with EDGE (the new browser) - can't access localhost type of addresses. I use several media servers with Web interface for controls etc. Get around - use loopback adapter -- but why should I -- Chrome / FF / IE all work...
Browsers and Email
Solved Dont forget EDGE CAN access Localhost type IP addresses now
Hi there Edge has been modified so you CAN set it to access local host type of sites (at least in build 10240). This was mentioned a while ago but just as a reminder -- many people have servers etc that have a web interface with a localhost or...
Installation and Upgrade
Why is Edge only offering google.fr as an option, not google.co.uk?
Hi, I've just installed windows 10 which all seems to have gone very well. The only problem I can't currently fix is that google seems to think I am in France! When I go to Edge/Settings/Advanced settings/search in the address bar with the only...
Browsers and Email
Windows 10 Hyper-V stop work | fail to connect do localhost
:sick: Hi, since yesterday my Hyper-V stoped work. I have no clue of whats going on. I tried to uninstall and install it again, but didn't work. Does someone knows how to purge hyper-v configuration when remove/uninstall it? Because it seems...
Virtualization
Loopback/localhost acces in apps
This is aimed at Win 8, but should be the same for 10 As some of us have found out, modern apps such as Edge are not allowed to send network traffic to the local host, so things like media servers and routers do not work I have just been...
Software and Apps
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:42.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums