Hijack.AutoConfigURL

Short bio

Hijack.AutoConfigURL is Malwarebytes’ generic detection name for hijackers that change the target’s proxy settings on a Windows system.

Symptoms

Users may find a change in on of these registry values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Internet Settings AutoConfigURL

or

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Internet Settings AutoConfigURL

They do this by pointing them to a remote WPAD.dat file that the affected machine downloads and then use the instructions in the file to configure various browser settings such as proxy settings.

Remediation

Malwarebytes can modify these registry value data back to their Windows default settings without user interaction.
Also, we advise users to do a full system scan as Hijack.AutoConfigURL could have been added to the system by malware or PUP.

Add an exclusion

When Hijack.AutoConfigURL is detected on your computer, Malwarebytes for Windows does not know if it was authorized. Optimization software, malware, and potentially unwanted programs (PUPs) are known to make these types of changes, hence they are regarded as potentially unwanted.

To have Malwarebytes for Windows ignore a Hijack, you must add the Hijack as an exclusion.

  1. Open Malwarebytes for Windows.
  2. Click Settings, then click the Protection tab.
  3. Scroll down to the bottom.
  4. Turn off Automatically quarantine detected malware. Turning this setting off prevents Malwarebytes for Windows from quarantining the Hijack automatically.
  5. Go to the Dashboard, then click Scan Now.
  6. When the Threat Scan Results appear, uncheck the box next to the detected Hijack you want to keep.
  7. Click Next.
  8. On the Remaining Items window, click Ignore Always to add the exclude the detectedHijack(s).
  9. Turn on Automatically quarantine detected malware.To find this setting, click Settings > Protection.

When a Hijack is excluded, Malwarebytes for Windows does not detect the Hijack during scans or real-time protection.

Related blog content

10 easy ways to prevent malware infection

10 easy steps to clean your infected computer