Hijack.AutoConfigURL

Short bio

Hijack.AutoConfigURL is Malwarebytes’ generic detection name for hijackers that change the target’s proxy settings on a Windows system.

Symptoms

Users may find a change in on of these registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Internet Settings AutoConfigURL

or

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Internet Settings AutoConfigURL

They do this by pointing them to a remote WPAD.dat file that the affected machine downloads and then use the instructions in the file to configure various browser settings such as proxy settings.

Remediation

Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.
Also, we advise users to do a full system scan as Hijack.AutoConfigURL could have been added to the system by malware or PUP.

Add an exclusion

When Hijack.AutoConfigURL is detected on your computer, Malwarebytes for Windows does not know if it was authorized. Optimization software, malware, and potentially unwanted programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted.

To have Malwarebytes for Windows ignore Hijack.AutoConfigURL, you must add Hijack.AutoConfigURL to the Allow list. Here’s how to do it.

  1. When Hijack.AutoConfigURL appears in the list of Scan results. PUM detected
  2. Uncheck the entry or entries related to Hijack.AutoConfigURL.
  3. Then click on Next.
  4. You will see a prompt giving you several options.
  5. Choosing Always ignore will add Hijack.AutoConfigURL to the Allow List.
  6. You can remove them there when you decide they should no longer be ignored.
  7. When Hijack.AutoConfigURL is on the Allow list it will no longer show up in your Scan results.

Select your language