Got an email from someone that reported a antimalware program was reporting outbound localhost.world to ip 69.197.188.122.
The warning came when using browsers or some other programs that connected to the net, any idea what this is?
Hi Cixoos.
I think localhost.world is possibly a redirect from a botnet (possibly Zeroaccess rootkit). 69.197.188.122 is Wholesale Internet out of Kansas.
If you think you have an infection or rootkit: Please download TDSSKiller and run it.
What antivirus do you have on your system?
It was malwarebytes that reported it i found out.
I have now tested the machine with eset antivirus, nothing.
Then tdsskiller and notjing
Then housecall online and nothing
roguekiller- Deleted some registry entries, but nothing serious
zhpcleaner, found some stuff and cleaned.
Then I blocked the ip in eset firewall with popup notification. It says asus printer utilities are trying constant outbound to 69.197.188.122
That is the first time I've ever heard of this!
Want to try one more thing?
aswMBR
aswMBR Download
strange thing indeed, if 69.197.188.122 is blocked with firewall, it is impossible to log in to router on local ip 192.168.1.1.
I'm having this issue as well. I'm on my laptop with a clean install of Windows 10 and an unfortunate "accident" in which I had to go back to a restore point because I became infected with multiple rootkits and viruses.
Malwarebytes keeps indicating it is blocking localhost.world at that same ip address listed above. I've run
*Hijackthis
*Hitman Pro
*Emsisoft Emergency Kit
I removed a few entries with Hijackthis related to BHO search stuff in ie, I've also reset both browsers, and other scanners didn't find anything of note, but I'm still getting the blocking notification.
Eager to see what else you've found out!
T.
I found a post on Malwarebytes mb constant stopping 69.197.188.122, localhost.world - Website Blocking - Malwarebytes Forum The person has a similar problem with the ip being blocked by Malwarebytes while it was attempting to go outbound, originating from different programs (including legitimate ones). He had an ASUS router (I'm not sure if that's what Cixoos is going with this). Then a Malwarebytes employee commented "The block is being removed." This may imply that it is a false positive, but the meaning is unclear. If your router is infected with fake firmware (ASUS specifically had a vulnerability in routers), you can usually fix it by resetting the router using a reset pin on the back of it, or unplugging it from the mains for a few minutes. Then, install the latest firmware from the manufacturer.
Quote