Jump to content

hijack.autoconfigurl.prxysvrrst Malware

Recommended Posts

Hello and :welcome:


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.


  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

To give you context I will tell you what I done untill now and attach the FRST log files.


5 days ago I noticed that my google homepage was replaced with an "ancient and od looking" google page.


I ran malwarebyte's free and it found "Hijack.AutoConfigURL.PrxySvrRST" and to registry entries establishing a proxy redirect to this site hxxp://xn--koa.net/server.pac.


Malwarebyte's deleted the entries and google in all the browsers appeared to be normal again. When I searched the registry I couldn't find the hxxp://xn--koa.net/server.pac related entries. All was fine.


Next day I noticed my google was funny again. I ran Malwarebyte's and again it found the same entries. So I started to think it was not be so simple to get rid of that nasty thing. 


I reseted all the browser's, cleaned temps and ran ccleaner.


I then ran Kaspersky, AdwCleanerJunkware Removal ToolRKill, Full scan in avast with complete rootkit scan, configure malwarebyte's to include rootkit's, eset online scanner, mcfee stinger, hitman pro... and they found nothing. I also installed winpatrol.


In bleepingcomputer I found one help request to a similar (same?) problem but it lead to nothing because it ended in formating the computer, solution I am really trying to avoid.


Tonight I found the "when" it appears. I now have to find "WHAT" is causing it. I noticed that the problem appears at night. This morning I changed my PC time to 20:59 and watched what happened. A dos box appeared informing nslookup.exe is running. I noticed that the 2 malicious entries were added to the registry. They were not there early. And google changed to an old funny version. So it happens at 20:59:45 everyday, not matter what I do.





Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.