MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-06-12, 13:52
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default LAN settings proxy server keeps getting checked, malware??

Hi everyone,

This is my first post, so bear with me! I have been having issues with my internet connection, mainly my Dropbox was not syncing and occasionally I was getting redirected to incorrect sites. I finally found that the proxy server box was checked, unchecking it solved the issue but it would get checked again on its own randomly, but always on a reboot. I tried locking the option out using GPedit but it still changed. Ran various scans to no avail, so now I have followed the specific instructions on here and the appropriate logs are attached. I was using MSE as my security but had to uninstall it before scanning as I was getting the system error 5 Access is denied when trying to do a "net stop msmpsvc" and I could not stop in services.msc as all options were greyed out for MSE. Everything I did was done in elevated mode also. I have not noticed anything more than annoyance issues from this bug but this is a work computer with a lot of installs on it so I am hoping to eradicate this before it gets worse. Thanks to EVERYONE for your help!!!!!
Attached Files
File Type: txt mbam-log-2012-12-06 (13-51-14).txt (1.9 KB, 2 views)
File Type: txt TDSSKiller.2.8.15.0_06.12.2012_13.59.13_log.txt (142.0 KB, 2 views)
File Type: log HitmanPro_20121206_1413.log (1.6 KB, 4 views)
File Type: txt RKreport[1]_S_12062012_02d1345.txt (2.9 KB, 3 views)
File Type: zip MGlogs.zip (318.7 KB, 18 views)
Reply With Quote
Sponsored links
  #2  
Old 12-07-12, 16:36
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

Are you deliberately set up to use this proxy?
  • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.haycocktwp.com
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #3  
Old 12-07-12, 22:11
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

No, I did not set that at all, and I believe some scanner I tried early on removed that entry but it came back along with the checked box. This is quite a persistent one, that's for sure.
Reply With Quote
  #4  
Old 12-08-12, 16:03
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
  • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.haycocktwp.com

After clicking Fix exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #5  
Old 12-10-12, 08:12
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

Thank you so much! I did as instructed and the log is attached. I look forward to your response!!

Chris
Attached Files
File Type: zip MGlogs.zip (296.8 KB, 13 views)
Reply With Quote
Sponsored links
  #6  
Old 12-10-12, 11:57
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
  • R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:16110;https=127.0.0.1:16110

After clicking Fix exit HJT.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #7  
Old 12-10-12, 12:20
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

Thanks again!! I should admit that it is possible that my virus scanner was enabled on the last scan, I completely forgot to turn it off. If you need it to be run again, I will reboot and do just that!

Chris
Attached Files
File Type: zip MGlogs.zip (300.0 KB, 22 views)
Reply With Quote
  #8  
Old 12-11-12, 02:32
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

Proxy has gone. Correct?
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #9  
Old 12-12-12, 14:48
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

No, after a reboot it has returned. Both entries are still there
Reply With Quote
  #10  
Old 12-13-12, 03:49
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

When you re run HitmanPro, are does it offer you a choice with the proxy? Are you able to fix it from there? Let me know!
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Sponsored links
  #11  
Old 12-13-12, 07:20
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

It offers to fix and says is t repaired the 127.0.0.1:16110 entry and an entry for:
iBackupBot.exe in C:\Program Files (x86)\VOWSoft iPod Software\iBackupBot for iTunes

I dont recognize it myself.
Reply With Quote
  #12  
Old 12-13-12, 16:56
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

It says it repaired it? Ok then rerun Hitman and then attach the new log please. Also... Run C:\MGTools\analyse.exe and choose to do a system scan only and save a log file. Attach that too please.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #13  
Old 12-14-12, 09:00
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

Here are the logs. It always comes back on reboot.

Thanks!
Attached Files
File Type: log HitmanPro_20121214_0938.log (4.6 KB, 4 views)
File Type: log hijackthis.log (17.1 KB, 4 views)
Reply With Quote
  #14  
Old 12-14-12, 16:43
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

You need to use MSconfig to put this machine back into normal start up please!

Follow these instructions please Proxy Server - Changing Settings and let me know if it helped.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
  #15  
Old 12-15-12, 14:26
chrisby18951 chrisby18951 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

I returned it to normal startup, I did not have much turned off really. As for the proxy instructions, I already have been doing that, every reboot. That is the problem, it checks the box every reboot. Funny thing is it does not stop me from accessing the internet. it stops my Dropbox from syncing and slows browsing down. Very odd.............

Thanks!!
Reply With Quote
Sponsored links
  #16  
Old 12-15-12, 16:30
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 28,679
Thanks: 952
Thanked 3,688 Times in 3,592 Posts
Default Re: LAN settings proxy server keeps getting checked, malware??

You feel comfortable in the registry?

Click Start > type regedit in the search field and press Enter.
  • Expand the HKEY_CURRENT_USER hive by clicking on the "+" sign next to it. Continue expanding "Software," "Microsoft," "Windows" and "CurrentVersion," then click on the "Internet Settings" subkey or folder.
  • View the contents of the Internet Settings folder on the right pane. Double-click on the "ProxyEnable" DWORD value to open the "Edit DWORD Value" window. Change "Value data" to "1" and press "OK" to confirm.
  • Double-click on the "ProxyServer" string value.
  • Reboot the machine.
  • Has it gone now?
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Obtain DNS server address automatically won't stay checked DoctorBob Hardware 1 01-19-11 09:12
Proxy Settings Oooops! Software 3 02-29-08 19:32
dial-up settings won't stay checked snglnluvnit Software 5 04-20-07 06:29


All times are GMT -5. The time now is 03:30.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger