Hijack.AutoConfigURL

Short bio

Hijack.AutoConfigURL is Malwarebytes' generic detection name for hijackers that change the target's proxy settings on a Windows system.

Symptoms

Users may find a change in on of these registry values:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings AutoConfigURLorHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings AutoConfigURLThey do this by pointing them to a remote WPAD.datfile that the affected machine downloads and then use the instructions in the file to configure various browser settings such as proxy settings.

Remediation

Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.Also, we advise users to do a full system scan as Hijack.AutoConfigURL could have been added to the system by malwareor PUP.

Add an exclusion

When Hijack.AutoConfigURL is detected on your computer, Malwarebytes for Windows does not know if it was authorized. Optimization software, malware, and potentially unwanted programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted.To have Malwarebytes for Windowsignore Hijack.AutoConfigURL, you must add Hijack.AutoConfigURL to the Allow list. Here’s how to do it.

1. When Hijack.AutoConfigURL appears in the list of Scan results.
2. Uncheck the entry or entries related to Hijack.AutoConfigURL.
3. Then click on Next.
4. You will see a prompt giving you several options.
5. Choosing Always ignorewill add Hijack.AutoConfigURL to the Allow List.
6. You can remove them there when you decide they should no longer be ignored.
7. When Hijack.AutoConfigURL is on the Allow listit will no longer show up in your Scan results.