Page 1 of 2 12 LastLast
  1.    24 Oct 2015 #1
    Join Date : Jul 2015
    Posts : 26
    win10

    infection? outbound localhost.world to ip 69.197.188.122


    Got an email from someone that reported a antimalware program was reporting outbound localhost.world to ip 69.197.188.122.

    The warning came when using browsers or some other programs that connected to the net, any idea what this is?
      My ComputerSystem Spec
  2.    24 Oct 2015 #2
    Join Date : Apr 2015
    Posts : 13,001
    W10Prox64

    Hi Cixoos.
    I think localhost.world is possibly a redirect from a botnet (possibly Zeroaccess rootkit). 69.197.188.122 is Wholesale Internet out of Kansas.

    If you think you have an infection or rootkit: Please download TDSSKiller and run it.

    What antivirus do you have on your system?
      My ComputerSystem Spec
  3.    24 Oct 2015 #3
    Join Date : Jul 2015
    Posts : 26
    win10
    Thread Starter

    It was malwarebytes that reported it i found out.

    I have now tested the machine with eset antivirus, nothing.
    Then tdsskiller and notjing
    Then housecall online and nothing
    roguekiller- Deleted some registry entries, but nothing serious
    zhpcleaner, found some stuff and cleaned.

    Then I blocked the ip in eset firewall with popup notification. It says asus printer utilities are trying constant outbound to 69.197.188.122
      My ComputerSystem Spec
  4.    24 Oct 2015 #4
    Join Date : Apr 2015
    Posts : 13,001
    W10Prox64

    That is the first time I've ever heard of this!

    Want to try one more thing?

    aswMBR
    aswMBR Download
      My ComputerSystem Spec
  5.    24 Oct 2015 #5
    Join Date : Jul 2015
    Posts : 26
    win10
    Thread Starter

    strange thing indeed, if 69.197.188.122 is blocked with firewall, it is impossible to log in to router on local ip 192.168.1.1.
      My ComputerSystem Spec
  6.    24 Oct 2015 #6
    Join Date : Apr 2015
    Posts : 13,001
    W10Prox64

    Quote Originally Posted by Cixoos View Post
    strange thing indeed, if 69.197.188.122 is blocked with firewall, it is impossible to log in to router on local ip 192.168.1.1.
    Now I'm really confused....that makes no sense to me.
    If you unblock, and access router, can you check for firmware updates on it?
      My ComputerSystem Spec
  7.    24 Oct 2015 #7
    Join Date : Oct 2015
    Posts : 1
    Windows 10

    I'm having this issue as well. I'm on my laptop with a clean install of Windows 10 and an unfortunate "accident" in which I had to go back to a restore point because I became infected with multiple rootkits and viruses.

    Malwarebytes keeps indicating it is blocking localhost.world at that same ip address listed above. I've run

    *Hijackthis
    *Hitman Pro
    *Emsisoft Emergency Kit

    I removed a few entries with Hijackthis related to BHO search stuff in ie, I've also reset both browsers, and other scanners didn't find anything of note, but I'm still getting the blocking notification.

    Eager to see what else you've found out!

    T.
      My ComputerSystem Spec
  8.    24 Oct 2015 #8
    Join Date : Apr 2015
    Posts : 13,001
    W10Prox64

    Quote Originally Posted by Tsidhu View Post
    I'm having this issue as well. I'm on my laptop with a clean install of Windows 10 and an unfortunate "accident" in which I had to go back to a restore point because I became infected with multiple rootkits and viruses.

    Malwarebytes keeps indicating it is blocking localhost.world at that same ip address listed above. I've run

    *Hijackthis
    *Hitman Pro
    *Emsisoft Emergency Kit

    I removed a few entries with Hijackthis related to BHO search stuff in ie, I've also reset both browsers, and other scanners didn't find anything of note, but I'm still getting the blocking notification.

    Eager to see what else you've found out!

    T.
    Hi Tsidhu and welcome to Tenforums.

    Please try TDSSKiller and aswMBR in my posts above and report back the results.
      My ComputerSystem Spec
  9.    25 Oct 2015 #9
    Join Date : Jul 2015
    Posts : 26
    win10
    Thread Starter

    Quote Originally Posted by Tsidhu View Post
    I'm having this issue as well.

    T.
    Are you using an asus router?
      My ComputerSystem Spec
  10.    10 Nov 2015 #10
    Join Date : Jul 2015
    Posts : 615
    Windows 10 Enterprise x64 (build 10586)

    I found a post on Malwarebytes mb constant stopping 69.197.188.122, localhost.world - Website Blocking - Malwarebytes Forum The person has a similar problem with the ip being blocked by Malwarebytes while it was attempting to go outbound, originating from different programs (including legitimate ones). He had an ASUS router (I'm not sure if that's what Cixoos is going with this). Then a Malwarebytes employee commented "The block is being removed." This may imply that it is a false positive, but the meaning is unclear. If your router is infected with fake firmware (ASUS specifically had a vulnerability in routers), you can usually fix it by resetting the router using a reset pin on the back of it, or unplugging it from the mains for a few minutes. Then, install the latest firmware from the manufacturer.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Google redirection localhost.world
I have Windows 10 . And sometime i have a cmd popup show and close my chrome browser. After if i do a search on google, it's redirect to a fake google. I go to internet option, connection, network configuration, i have this: 43714 I...
AntiVirus, Firewalls and System Security
Solved Dont forget EDGE CAN access Localhost type IP addresses now
Hi there Edge has been modified so you CAN set it to access local host type of sites (at least in build 10240). This was mentioned a while ago but just as a reminder -- many people have servers etc that have a web interface with a localhost or...
Installation and Upgrade
Solved Taobao infection
Color me embarrassed but I seem to have picked up ........... something. As you can see from my screenshot my Browser has gotten a .....visitor and I can't seem to make it leave. It seems to be a shortcut to Taobao. I've tried scans with...
AntiVirus, Firewalls and System Security
Loopback/localhost acces in apps
This is aimed at Win 8, but should be the same for 10 As some of us have found out, modern apps such as Edge are not allowed to send network traffic to the local host, so things like media servers and routers do not work I have just been...
Software and Apps
Microsoft updates Windows Defender to remove Superfish infection
Read more: Microsoft updates Windows Defender to remove Superfish infection | ZDNet
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:01.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums