Google redirection localhost.world

Page 5 of 12 FirstFirst ... 34567 ... LastLast
  1. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #41

    mixolyd said:
    Nevermind my issue was not resolved. Thanks so much for posting this. Looks like I have the same task in my Task Scheduler.
    Seriously? and the certs as well?
      My Computer


  2. Posts : 21
    10 64bit
       #42

    simrick said:
    Seriously? and the certs as well?
    Yep, and the same ini file. I deleted everything. Crazy how this went undetected
      My Computer

  3. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #43

    moraleja39 said:
    ...Oh I almost forgot. To get rid of it, just delete the task, the .ini file, all the "DO_NOT_TRUST" certificates and revert the registry changes made. Ensure that there is not any proxy set.
    Can you give us the details please? the path to the ini file, the path to the registry changes, etc?
      My Computer

  4. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #44

    mixolyd said:
    Yep, and the same ini file. I deleted everything. Crazy how this went undetected
    Wow. What AV do you use? @moraleja39 is using ESET.
      My Computer


  5. Posts : 5
    Windows 8.1
       #45

    mixolyd said:
    Nevermind my issue was not resolved. Thanks so much for posting this. Looks like I have the same task in my Task Scheduler.
    No problem, I am glad I could help. If you need it I can write with greater detail what I did to remove it.
      My Computer

  6. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #46

    moraleja39 said:
    No problem, I am glad I could help. If you need it I can write with greater detail what I did to remove it.
    Yes please we need the detail. Thanks!
      My Computer


  7. Posts : 21
    10 64bit
       #47

    simrick said:
    Wow. What AV do you use? @moraleja39 is using ESET.
    Windows Defender. I did a full scan with ESET and Comodo also. That's crazy nothing picked this up.

    moraleja39 said:
    No problem, I am glad I could help. If you need it I can write with greater detail what I did to remove it.
    That would be great. I deleted the task and ini file but not sure what registry changes to fix
      My Computer

  8. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #48

    mixolyd said:
    Windows Defender. I did a full scan with ESET and Comodo also. That's crazy nothing picked this up.

    I am thinking this needs to be reported to the AVs.
      My Computer


  9. Posts : 5
    Windows 8.1
       #49

    Here are all the things I had to wipe:

    • The scheduled task. Its name was "Adobe Acrobat Pro DC Update". You can open the task scheduler writing taskschd.msc on the start menu search bar and hitting enter.
    • A file named "settings.ini" located on %APPDATA%\Adobe Acrobat Pro DC". Full path could be "C:\Users\[username]\AppData\Roaming\Adobe Acrobat Pro DC\settings.ini".
    • In my case, two fake certificates. Open the certificate manager writing certmgr.msc on the start menu and hitting enter. The certificates are named "DO_NOT_TRUST_FiddlerRoot" and are under the folder "trusted root CAs" (or however it is in English)
    • Registry changes used to force proxy usage. In my case, I totally deleted the following values:
      • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
      • HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
      • HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache

    • Just in case it is still enabled, disable the proxy. Go to control panel, internet settings, connections, LAN settings, and disable all checkboxes.


    I also will attach the removed INI and certificate files, just in case they could be of use to anybody reading this, as they are not dangerous per se.
    Google redirection localhost.world Attached Files
      My Computer


  10. Posts : 5
    Windows 8.1
       #50

    simrick said:
    I am thinking this needs to be reported to the AVs.
    Yeah, I think that too. Any idea on how to do that?
      My Computer


 
Page 5 of 12 FirstFirst ... 34567 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:16.
Find Us




Windows 10 Forums