Short Bio

This is the generic detection for hijackers that change the target’s internet settings by changing one of the registry values:

CurrentVersion\Internet Settings AutoConfigURL


CurrentVersion\Internet Settings AutoConfigURL

They do this by pointing them to a remote WPAD.dat file that the affected machine downloads and then use the instructions in the file to configure various browser settings such as proxy settings.


Malwarebytes can remove Hijack.AutoConfigURL without further user intervention. Sometimes, users are required to restart the browser or the affected system. If so, you will be prompted to do so.

Associated threats

  • Hijack.AutoConfigURL.PrxySvrRST

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language