Windows 10: Google redirection localhost.world

Page 7 of 12 FirstFirst ... 56789 ... LastLast
  1.    22 Dec 2015 #61

    Hey all,

    Just saw this post on BC and skimmed through the topic here.

    Anyone know if this is a common denominator in terms of programs installed? Will see if I can track down a sample and then figure out how this works.
      My ComputerSystem Spec

  2.    22 Dec 2015 #62

    More I read through the topic, this feel more like an adware.

    Anyone have any of folders/files associated with this? Preferably, the folder located at C:\Users\[me]\AppData\Roaming\Adobe Acrobat Pro DC. If you can grab that folder, zip it up and submit it here please:

    Submit a Malware Sample

      My ComputerSystem Spec


  3. Posts : 11,221
    W10Prox64
       22 Dec 2015 #63

    @mixolyd and @moraleja39
    Can either of you answer @Grinler 's posts above?


    EDIT: I grabbed the zip file from moraleja39 's post earlier and submitted it.
      My ComputerSystem Spec

  4.    22 Dec 2015 #64

    Thanks..not much there unfortunately. The interesting part is this:

    <Account> <RefUrl>http://www.digital4k.net/search.php?action=results&amp;sid=</RefUrl>
    <CX>009793234822822480237:wabrdd_t6e8</CX>
    </Account>
    Those are google custom search data.

    Will keep looking.
      My ComputerSystem Spec


  5. Posts : 11,221
    W10Prox64
       22 Dec 2015 #65

    Grinler said: View Post
    Thanks..not much there unfortunately. The interesting part is this:



    Those are google custom search data.

    Will keep looking.
    Hi @Grinler, @moraleja39 has a pretty detailed analysis of it in this post #36:
    Google redirection localhost.world - Page 4 - Windows 10 Forums
      My ComputerSystem Spec

  6.    22 Dec 2015 #66

    I missed the javascript. Very clever way of obfuscating it.

    Will keep looking for a sample.
      My ComputerSystem Spec

  7.    22 Dec 2015 #67

    Grinler said: View Post
    I missed the javascript. Very clever way of obfuscating it.

    Will keep looking for a sample.
    The folder contained only the .ini file.

    I also thought that it could be adware. However, proxying the entire Google domain also affects things like the Google Store or Google Play, so they could get access to very sensitive data like credit cards, not to mention all the personal things an Android user like me has stored on his Google account...

    As to the sample, I am afraid I can't help you. I literally reinstalled Windows from scratch because of this and kept happening on the clean install. I have not installed Adobe Acrobat DC, just the regular Acrobat Reader. Windows and Office and so are legit, any cracks used. So I really have no idea where did this come from. But it has not returned, so at least it looks like there is not any binary infected file running in the background.
      My ComputerSystem Spec


  8. Posts : 8,167
    Windows 10 Enterprise and Pro/Windows 7 Enterprise/Linux Mint
       22 Dec 2015 #68

    @mixolyd and @moraleja39 I know this is not your problem, but there may be some info that could help us figure it out. Please upload the BSOD Posting instructions BSOD - Posting Instructions - Windows 10 Forums. Upload them here. This will tell you how Screenshots and Files - Upload and Post in Ten Forums - Windows 10 Forums.
      My ComputersSystem Spec


  9. Posts : 1
    Windows 7 and Windows 10
       24 Dec 2015 #69

    Hi guys, just signed up to respond. I got hit with this a few weeks back, I quickly spotted the certs and the proxy change and removed them but it has since happened again so I started googling and found this post. Very helpful.

    However my version was a little different, the scheduled task is named "Microsoft Toolkit Update" and the ini file looks to have changed again but the actions are the same. It was schedules for Mondays, Wednesday and Saturdays of every week. And created these reg keys:

    HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL
    HKEY_CURRENT_USER\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigUR
    HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnableAutoProxyResultCache


    Thanks to the OP for the detailed info.
      My ComputerSystem Spec


  10. Posts : 11,221
    W10Prox64
       24 Dec 2015 #70

    ericbanner said: View Post
    Hi guys, just signed up to respond. I got hit with this a few weeks back, I quickly spotted the certs and the proxy change and removed them but it has since happened again so I started googling and found this post. Very helpful.

    However my version was a little different, the scheduled task is named "Microsoft Toolkit Update" and the ini file looks to have changed again but the actions are the same. It was schedules for Mondays, Wednesday and Saturdays of every week. And created these reg keys:

    HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL
    HKEY_CURRENT_USER\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigUR
    HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnableAutoProxyResultCache


    Thanks to the OP for the detailed info.
    Hi Eric and welcome to Tenforums!
    Thanks for posting - everything we can get on this will help. @Grinler (Lawrence Abrams) over at Bleeping Computer is looking for the payload executable, which we have not yet been able to identify. I wonder if you wouldn't mind posting here in this thread, the BSOD requirements we have laid out for people with BSOD issues? One of our BSOD experts ( @essenbe ) has a post above with the links. He would like to have a look at the information, to see if he can identify anything related to this redirect. We'd like to get this permanently resolved and notify the AVs, etc., but we need to identify the payload first.

    If you can help, that would be great. Thanks.
      My ComputerSystem Spec


 
Page 7 of 12 FirstFirst ... 56789 ... LastLast

Related Threads
Hi there same problem with EDGE (the new browser) - can't access localhost type of addresses. I use several media servers with Web interface for controls etc. Get around - use loopback adapter -- but why should I -- Chrome / FF / IE all work...
Hi there Edge has been modified so you CAN set it to access local host type of sites (at least in build 10240). This was mentioned a while ago but just as a reminder -- many people have servers etc that have a web interface with a localhost or...
Hi, I've just installed windows 10 which all seems to have gone very well. The only problem I can't currently fix is that google seems to think I am in France! When I go to Edge/Settings/Advanced settings/search in the address bar with the only...
:sick: Hi, since yesterday my Hyper-V stoped work. I have no clue of whats going on. I tried to uninstall and install it again, but didn't work. Does someone knows how to purge hyper-v configuration when remove/uninstall it? Because it seems...
Loopback/localhost acces in apps in Software and Apps
This is aimed at Win 8, but should be the same for 10 As some of us have found out, modern apps such as Edge are not allowed to send network traffic to the local host, so things like media servers and routers do not work I have just been...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:06.
Find Us