Hijack.AutoConfigURL

Short Bio

This is the generic detection for hijackers that change the target’s internet settings by changing one of the registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Internet Settings AutoConfigURL

or

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Internet Settings AutoConfigURL

They do this by pointing them to a remote WPAD.dat file that the affected machine downloads and then use the instructions in the file to configure various browser settings such as proxy settings.

Remediation

Malwarebytes can remove Hijack.AutoConfigURL without further user intervention. Sometimes, users are required to restart the browser or the affected system. If so, you will be prompted to do so.

Associated threats