Windows 10: infection? outbound localhost.world to ip 22.214.171.124
infection? outbound localhost.world to ip 126.96.36.199
Got an email from someone that reported a antimalware program was reporting outbound localhost.world to ip 188.8.131.52.
The warning came when using browsers or some other programs that connected to the net, any idea what this is?
I think localhost.world is possibly a redirect from a botnet (possibly Zeroaccess rootkit). 184.108.40.206 is Wholesale Internet out of Kansas.
If you think you have an infection or rootkit: Please download TDSSKiller and run it.
What antivirus do you have on your system?
It was malwarebytes that reported it i found out.
I have now tested the machine with eset antivirus, nothing.
Then tdsskiller and notjing
Then housecall online and nothing
roguekiller- Deleted some registry entries, but nothing serious
zhpcleaner, found some stuff and cleaned.
Then I blocked the ip in eset firewall with popup notification. It says asus printer utilities are trying constant outbound to 220.127.116.11
That is the first time I've ever heard of this!
Want to try one more thing?
strange thing indeed, if 18.104.22.168 is blocked with firewall, it is impossible to log in to router on local ip 192.168.1.1.
Now I'm really confused....that makes no sense to me.
If you unblock, and access router, can you check for firmware updates on it?
I'm having this issue as well. I'm on my laptop with a clean install of Windows 10 and an unfortunate "accident" in which I had to go back to a restore point because I became infected with multiple rootkits and viruses.
Malwarebytes keeps indicating it is blocking localhost.world at that same ip address listed above. I've run
*Emsisoft Emergency Kit
I removed a few entries with Hijackthis related to BHO search stuff in ie, I've also reset both browsers, and other scanners didn't find anything of note, but I'm still getting the blocking notification.
Eager to see what else you've found out!
Hi Tsidhu and welcome to Tenforums.
Please try TDSSKiller and aswMBR in my posts above and report back the results.
Are you using an asus router?
I found a post on Malwarebytes mb constant stopping 22.214.171.124, localhost.world - Website Blocking - Malwarebytes Forum The person has a similar problem with the ip being blocked by Malwarebytes while it was attempting to go outbound, originating from different programs (including legitimate ones). He had an ASUS router (I'm not sure if that's what Cixoos is going with this). Then a Malwarebytes employee commented "The block is being removed." This may imply that it is a false positive, but the meaning is unclear. If your router is infected with fake firmware (ASUS specifically had a vulnerability in routers), you can usually fix it by resetting the router using a reset pin on the back of it, or unplugging it from the mains for a few minutes. Then, install the latest firmware from the manufacturer.
I have Windows 10 . And sometime i have a cmd popup show and close my chrome browser. After if i do a search on google, it's redirect to a fake google. I go to internet option, connection, network configuration, i have this:
Edge has been modified so you CAN set it to access local host type of sites (at least in build 10240).
This was mentioned a while ago but just as a reminder -- many people have servers etc that have a web interface with a localhost or...
Color me embarrassed but I seem to have picked up ........... something. As you can see from my screenshot my Browser has gotten a .....visitor and I can't seem to make it leave. It seems to be a shortcut to Taobao. I've tried scans with...
This is aimed at Win 8, but should be the same for 10
As some of us have found out, modern apps such as Edge are not allowed to send network traffic to the local host, so things like media servers and routers do not work
I have just been...
Read more: Microsoft updates Windows Defender to remove Superfish infection | ZDNet