Windows 10: Google redirection localhost.world

Page 6 of 12 FirstFirst ... 45678 ... LastLast

  1. Posts : 10,584
    W10Prox64
       21 Dec 2015 #51

    So, I am going through the thread, and noting everything that has been run by people infected with this:

    ESET
    Defender
    Malwarebytes Anti-rootkit
    Malwarebytes Antimalware
    TDSSKiller
    HitmanPro
    ZHPCleaner
    RogueKiller
    Comodo Rescue Disk
    Spybot
    ADWCleaner
    RKILL
    JRT
    Resetting all browsers/Flushing DNS

    Yes, I have info on how to report this to the AVs.
      My ComputerSystem Spec

  2.    21 Dec 2015 #52

    Looks like it did show up on Rkill but looked meaningless

    2015-12-09 11:30 - 2015-12-16 18:00 - 00000548 _____ C:\WINDOWS\Tasks\Adobe Acrobat Pro DC Update.job
    2015-12-09 11:30 - 2015-12-09 11:30 - 00003448 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Pro DC Update
    2015-12-09 11:30 - 2015-12-09 11:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe Acrobat Pro DC
      My ComputerSystem Spec


  3. Posts : 10,584
    W10Prox64
       21 Dec 2015 #53

    mixolyd said: View Post
    Looks like it did show up on Rkill but looked meaningless

    2015-12-09 11:30 - 2015-12-16 18:00 - 00000548 _____ C:\WINDOWS\Tasks\Adobe Acrobat Pro DC Update.job
    2015-12-09 11:30 - 2015-12-09 11:30 - 00003448 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Pro DC Update
    2015-12-09 11:30 - 2015-12-09 11:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Adobe Acrobat Pro DC
    So RKILL temporarily stopped it, but everything goes back to status quo upon reboot. And because it's disguised as Acrobat update, it wasn't flagged by any of the AVs or other scanners.
      My ComputerSystem Spec


  4. Posts : 10,584
    W10Prox64
       21 Dec 2015 #54

    @mixolyd Now that you are clean, I would recommend running CryptoPrevent on your system. This program was originally written to prevent encryption infections, but also includes protection for a whole host of other infections as well. It works by setting Group Policies, preventing malware from running executables from typical places such as the App Data folder. There's a free version, which you run once, set the protection, and then occasionally manually update.
      My ComputerSystem Spec


  5. Posts : 10,584
    W10Prox64
       21 Dec 2015 #55

    moraleja39 said: View Post
    Here are all the things I had to wipe:

    • The scheduled task. Its name was "Adobe Acrobat Pro DC Update". You can open the task scheduler writing taskschd.msc on the start menu search bar and hitting enter.
    • A file named "settings.ini" located on %APPDATA%\Adobe Acrobat Pro DC". Full path could be "C:\Users\[username]\AppData\Roaming\Adobe Acrobat Pro DC\settings.ini".
    • In my case, two fake certificates. Open the certificate manager writing certmgr.msc on the start menu and hitting enter. The certificates are named "DO_NOT_TRUST_FiddlerRoot" and are under the folder "trusted root CAs" (or however it is in English)
    • Registry changes used to force proxy usage. In my case, I totally deleted the following values:
      • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
      • HKCU\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
      • HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache

    • Just in case it is still enabled, disable the proxy. Go to control panel, internet settings, connections, LAN settings, and disable all checkboxes.


    I also will attach the removed INI and certificate files, just in case they could be of use to anybody reading this, as they are not dangerous per se.

    Thank you very much for your efforts!
      My ComputerSystem Spec

  6.    21 Dec 2015 #56

    simrick said: View Post
    @mixolyd Now that you are clean, I would recommend running CryptoPrevent on your system. This program was originally written to prevent encryption infections, but also includes protection for a whole host of other infections as well. It works by setting Group Policies, preventing malware from running executables from typical places such as the App Data folder. There's a free version, which you run once, set the protection, and then occasionally manually update.
    Will do. Thanks!
      My ComputerSystem Spec


  7. Posts : 10,584
    W10Prox64
       21 Dec 2015 #57

    flavien317 said: View Post
    I have Windows 10 . And sometime i have a cmd popup show and close my chrome browser. After if i do a search on google, it's redirect to a fake google. I go to internet option, connection, network configuration, i have this:


    Attachment 43714




    I have cleanup with kasperky, ccleaner, adwcleaner and doesn't work. How to solve it ?

    Here is the solution, found in post #49.
    Please perform the steps indicated and advise if that resolves things for you as well. If so, please mark the thread as solved, and modify your first post to show post #49 as the solution. Thanks.
      My ComputerSystem Spec


  8. Posts : 10,584
    W10Prox64
       21 Dec 2015 #58

    nakiel said: View Post
    Nah... still not gotten rid of it...

    Malwarebytes Anti-Malware found some more unwated stuff; works for now
    pnrao1948 said: View Post
    After using almost all antivirus, spyware and malware removing programs and crashing one computer, I found out a work around.
    And that is to delete the infected account and start a new account.
    Maintown said: View Post
    I am also having this EXACT problem. I have the same registry key listed above and cleared it just now (thanks, this is the only thing I have missed so far), otherwise I have run all the suggested fixes and tools to no avail. Glad I found this thread and that I am not the only one with the issue. I will update on the status of what happens with mine.
    Guys, here is the solution, found in post #49.
    Please perform the steps indicated and advise if that resolves things for you as well.

    Many thanks to @moraleja39 for the investigative work!
      My ComputerSystem Spec

  9.    22 Dec 2015 #59

    I wonder if this is related or not...
      My ComputerSystem Spec


  10. Posts : 10,584
    W10Prox64
       22 Dec 2015 #60

    eLPuSHeR said: View Post
    I wonder if this is related or not...
    I don't think so, as TDSSKiller was run and did nothing on one infected system.
    Last edited by simrick; 28 Dec 2015 at 20:24.
      My ComputerSystem Spec


 
Page 6 of 12 FirstFirst ... 45678 ... LastLast

Related Threads
Hi there same problem with EDGE (the new browser) - can't access localhost type of addresses. I use several media servers with Web interface for controls etc. Get around - use loopback adapter -- but why should I -- Chrome / FF / IE all work...
Hi there Edge has been modified so you CAN set it to access local host type of sites (at least in build 10240). This was mentioned a while ago but just as a reminder -- many people have servers etc that have a web interface with a localhost or...
Hi, I've just installed windows 10 which all seems to have gone very well. The only problem I can't currently fix is that google seems to think I am in France! When I go to Edge/Settings/Advanced settings/search in the address bar with the only...
:sick: Hi, since yesterday my Hyper-V stoped work. I have no clue of whats going on. I tried to uninstall and install it again, but didn't work. Does someone knows how to purge hyper-v configuration when remove/uninstall it? Because it seems...
Loopback/localhost acces in apps in Software and Apps
This is aimed at Win 8, but should be the same for 10 As some of us have found out, modern apps such as Edge are not allowed to send network traffic to the local host, so things like media servers and routers do not work I have just been...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:53.
Find Us