infection? outbound localhost.world to ip 69.197.188.122  

Page 1 of 2 12 LastLast

  1. Posts : 40
    win10
       #1

    infection? outbound localhost.world to ip 69.197.188.122


    Got an email from someone that reported a antimalware program was reporting outbound localhost.world to ip 69.197.188.122.

    The warning came when using browsers or some other programs that connected to the net, any idea what this is?
      My Computer


  2. Posts : 16,281
    W10Prox64
       #2

    Hi Cixoos.
    I think localhost.world is possibly a redirect from a botnet (possibly Zeroaccess rootkit). 69.197.188.122 is Wholesale Internet out of Kansas.

    If you think you have an infection or rootkit: Please download TDSSKiller and run it.

    What antivirus do you have on your system?
      My Computer


  3. Posts : 40
    win10
    Thread Starter
       #3

    It was malwarebytes that reported it i found out.

    I have now tested the machine with eset antivirus, nothing.
    Then tdsskiller and notjing
    Then housecall online and nothing
    roguekiller- Deleted some registry entries, but nothing serious
    zhpcleaner, found some stuff and cleaned.

    Then I blocked the ip in eset firewall with popup notification. It says asus printer utilities are trying constant outbound to 69.197.188.122
      My Computer


  4. Posts : 16,281
    W10Prox64
       #4

    That is the first time I've ever heard of this!

    Want to try one more thing?

    aswMBR
    aswMBR Download
      My Computer


  5. Posts : 40
    win10
    Thread Starter
       #5

    strange thing indeed, if 69.197.188.122 is blocked with firewall, it is impossible to log in to router on local ip 192.168.1.1.
      My Computer


  6. Posts : 16,281
    W10Prox64
       #6

    Cixoos said:
    strange thing indeed, if 69.197.188.122 is blocked with firewall, it is impossible to log in to router on local ip 192.168.1.1.
    Now I'm really confused....that makes no sense to me.
    If you unblock, and access router, can you check for firmware updates on it?
      My Computer


  7. Posts : 1
    Windows 10
       #7

    I'm having this issue as well. I'm on my laptop with a clean install of Windows 10 and an unfortunate "accident" in which I had to go back to a restore point because I became infected with multiple rootkits and viruses.

    Malwarebytes keeps indicating it is blocking localhost.world at that same ip address listed above. I've run

    *Hijackthis
    *Hitman Pro
    *Emsisoft Emergency Kit

    I removed a few entries with Hijackthis related to BHO search stuff in ie, I've also reset both browsers, and other scanners didn't find anything of note, but I'm still getting the blocking notification.

    Eager to see what else you've found out!

    T.
      My Computer


  8. Posts : 16,281
    W10Prox64
       #8

    Tsidhu said:
    I'm having this issue as well. I'm on my laptop with a clean install of Windows 10 and an unfortunate "accident" in which I had to go back to a restore point because I became infected with multiple rootkits and viruses.

    Malwarebytes keeps indicating it is blocking localhost.world at that same ip address listed above. I've run

    *Hijackthis
    *Hitman Pro
    *Emsisoft Emergency Kit

    I removed a few entries with Hijackthis related to BHO search stuff in ie, I've also reset both browsers, and other scanners didn't find anything of note, but I'm still getting the blocking notification.

    Eager to see what else you've found out!

    T.
    Hi Tsidhu and welcome to Tenforums.

    Please try TDSSKiller and aswMBR in my posts above and report back the results.
      My Computer


  9. Posts : 40
    win10
    Thread Starter
       #9

    Tsidhu said:
    I'm having this issue as well.

    T.
    Are you using an asus router?
      My Computer


  10. You
    Posts : 613
    Windows 10 Enterprise x64 (build 10586)
       #10

    I found a post on Malwarebytes mb constant stopping 69.197.188.122, localhost.world - Website Blocking - Malwarebytes Forum The person has a similar problem with the ip being blocked by Malwarebytes while it was attempting to go outbound, originating from different programs (including legitimate ones). He had an ASUS router (I'm not sure if that's what Cixoos is going with this). Then a Malwarebytes employee commented "The block is being removed." This may imply that it is a false positive, but the meaning is unclear. If your router is infected with fake firmware (ASUS specifically had a vulnerability in routers), you can usually fix it by resetting the router using a reset pin on the back of it, or unplugging it from the mains for a few minutes. Then, install the latest firmware from the manufacturer.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 18:52.
Find Us




Windows 10 Forums