Windows 10: Google redirection localhost.world

Nah... still not gotten rid of it... *Mad

Malwarebytes Anti-Malware found some more unwated stuff; works for now*Redface

 

You might want to check you host file to see if that's been altered or corrupted.

Also, wouldn't hurt to flush your DNS.

Flush DNS - What's My DNS?

 

After using almost all antivirus, spyware and malware removing programs and crashing one computer, I found out a work around.
And that is to delete the infected account and start a new account.

 

BTW; I also updated the firmware for my Asus-router...[/quote] Having same issue. Did it come back for you? It just came back for me, I saw in proxy settings that localworld was setup again. I ran ZHPCleaner and fixed everything a couple of days ago but it didn't stick.

BTW the virus that caused this for me is Backdoor:MSIL/Bladabindi -- this is a pretty annoying virus. Windows Defender caught it immediately but I guess there are still traces left. I ran everything recommended in this thread (Rogue killer, TDS killer, Eset online scan, ZHP cleaner, MBAR)

 

It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

Found this in registry:
Code: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings] "AutoConfigURL"="http://localhost.world/localhost.host"[/quote]

 

Might want to consider changing your passwords...

MSILBladabindi

 

[/quote] Thanks! I scanned w/ HitmanPro and it found nothing. I did find that registry key though. I think that was the last trace of this virus (hopefully)

Yeah I thought about that.. but Windows Defender found the virus as soon as I opened the file and immediately quarantined it, so I really don't think it had time to do anything except create this annoying proxy which just redirects google to this IP. I do not think (at least hopefully) the backdoor was active at any point. Thanks though

 

Play around with windows firewall. You should easily be able to setup a new rule to block connections to the site/ip if it's still trying to redirect you.

 

[/quote] After deleting that registry key, my proxy settings have stayed default. Today I saw a blank command prompt window open for a second and then Chrome was closed. I opened Chrome settings and saw this message: Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults.

Your system still running fine? I did run HitmanPro but it only found cookies on my system. What did it find on yours?

 

Out of curiosity, have any of you tried a "rescue disc" yet? Several AV's offer them for those tough to clean viruses.

I usually recommend comodo rescue disk but I'm sure almost any AV offers them.
Comodo Rescue Disk for Windows, Download Rescue Disk Software

 

I am also having this EXACT problem. I have the same registry key listed above and cleared it just now (thanks, this is the only thing I have missed so far), otherwise I have run all the suggested fixes and tools to no avail. Glad I found this thread and that I am not the only one with the issue. I will update on the status of what happens with mine.

 

I spent the better part of my afternoon the other day trying to get these rescue disks to work. They are a real pain in the butt. Could not get Kaspersky to run at all. I got Comodo to work finally using Yumi and did a full scan of my system, found nothing. I also ran a full scan with Spybot on monday and it found some minor stuff, probably unrelated. My only issue now is that sometimes Chrome will be closed when I come back to my computer. One time I witnessed it happening where a blank command line window opened and Chrome closed. I would love to delete the program that's causing that to happen

 

Please download and run ADWCleaner. There is a way to save the scan so you can post it here for me (can't remember the steps exactly, but you'll be able to figure it out easily) - do this BEFORE cleaning. ADWCleaner is a powerful program and sometimes it will flag things for deletion that you don't want deleted. So, I'd like to have a look at the scan results before you do any cleaning.

EDIT: Click on the REPORT button after running the scan and post that logfile here in the thread (not as an attachment).

 

I ran ADWcleaner several days ago. It only found cookies, I think. Pretty sure I fixed everything it found. I found the logfile from that. Not sure what Report button you are talking about? Here is the log:

# AdwCleaner v5.025 - Logfile created 13/12/2015 at 12:24:11
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Michael - MOTHERSHIP
# Running from : D:\Michael\Downloads\adwcleaner_5.025.exe
# Option : Cleaning
# Support : Forum - ToolsLib


***** [ Services ] *****




***** [ Folders ] *****


[-] Folder Deleted : C:\Program Files\Common Files\Speedbit
[-] Folder Deleted : C:\ProgramData\Speedbit
[-] Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder Deleted : C:\Users\Michael\AppData\Roaming\Speedbit


***** [ Files ] *****


[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
[-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam


***** [ DLLs ] *****




***** [ Shortcuts ] *****




***** [ Scheduled tasks ] *****




***** [ Registry ] *****


[-] Key Deleted : HKCU\Software\Classes\CLSID\{AD4409E5-23C2-412B-849D-8FC0635B4073}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{AEE9D70C-6C9E-4B27-9F2C-8F14E95BEEF6}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{DD20920E-515A-4342-85E3-FC9A9FDA55C2}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{92FDEF05-B35E-4806-B87F-8B66AB649997}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9F0BF664-B611-4C53-AEEA-FDBFCE6E3CA3}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A8BD93E8-F6AE-4F02-828D-DE47FEC4D375}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKCU\Software\SpeedBit
[-] Key Deleted : HKCU\Software\Online video player


***** [ Web browsers ] *****


[-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
[-] [C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com


*************************


:: "Tracing" keys removed
:: Winsock settings cleared


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4226 bytes] ##########

 

Okay, let's try this:


Uninstall all Toolbars on the system. (all users)
Uninstall all torrenting/P2P file sharing programs.
Uninstall all downloader programs.
Run RKILL - post the log. (RKILL will stop all malicious and suspect running items, reset hosts, etc. It is temporary. Anything that RKILL does is undone by a reboot.)
Run ADWCleaner again and post the new log here.
Run JRT
Reset all browsers on the system...Reset Edge browser
Flush DNS
Set your network adapter(s) to Open DNS servers:
IPv4 = 208.67.222.222 and 208.67.220.220
IPv6 = 2620:0:ccc::2 and 2620:0:ccd::2
Reboot the computer.
Run RKILL again. Advise if anything is found on this run (check the log).
Open Ccleaner to the TOOLS menu on the left and go to STARTUP ITEMS. Post a screenshot of the Google Chrome tab and the Scheduled Tasks tab.