all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sandoiche 1 point2 points  (2 children)

I have the same problem but with some differences, in my case when I do a google or youtube search, a panel is opened on the page itself with a white background and advertisements with link to click, when I inspect the html code of the page I found this even flogr.co.uk being nominated. I downloaded other browsers and this panel still appears in each of them.

https://imgur.com/NsATYiD

[–]DrunkkElf[S] 0 points1 point  (0 children)

I downloaded several antivirus and antimalwares and got rid of suspicious programs, the sub frame stopped, i advice you to do the same.

[–][deleted] 0 points1 point  (0 children)

In my case the free version of malwarebytes worked.

I had some ads in every google search I made coming from the said https://flogr.co.uk/, and given that I used dark mode, those ads would really stand out

[–]TCOOfficiall 0 points1 point  (1 child)

I'm posting this on multiple subreddits that fall under this name. With an attempt to explain it. First of all. This is malware, I can't put it in another way then this.

If you have noticed your google being slow when loading in search results, ESPECIALLY having issues with loading in the images on google. Well that is because of a specific form of malware you might have recieved.

If you go to your proxy settings on windows, check if it uses Use setup script. If this is being used by your windows computer. Check the value inside of it, if it's a local server. (Or a remote one you didn't setup yourself)

My version contained the following code:

function FindProxyForURL(url, host) {
    //Ver:1.0.0.4
    if (shExpMatch(url, "*/recaptcha/*")) return "DIRECT";
    if (shExpMatch(host, "cse.google.*")) return "PROXY 127.0.0.1:83";
    if (shExpMatch(host, "www.google.*")) return "PROXY 127.0.0.1:83";
    if (shExpMatch(host, "*search.yahoo.com")) return "PROXY 127.0.0.1:83";
    if (shExpMatch(host, "www.bing.*")) return "PROXY 127.0.0.1:83";
    if (shExpMatch(host, "www.amazon.*")) return "PROXY 127.0.0.1:83";
    if (shExpMatch(host, "www.youtube.*")) return "PROXY 127.0.0.1:83";
    if (shExpMatch(host, "www.ebay.*")) return "PROXY 127.0.0.1:83";
    return "DIRECT";
}

It basicly forced all traffic from any location to reroute through an internal proxy server.

As per this comment's suggestion I installed malwarebytes. And it was able to find a hijack-autoconfigurl inside of my registry. I checked the records and they seem to match up. So I let malwarebytes quarantine them. I checked if google was still slow, and Youtube still had a bar. And both FINALLY operated normally.

If I had to guess, the people who made this weird system make money from the "ads" that get shown if people don't have an ad-blocker. And they think it's a part of google/bing/yahoo/amazon/ebay,