Keep connecting to proxy server after virus. High ping

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by StealthGorilla, Apr 9, 2013.

  1. StealthGorilla

    StealthGorilla Private E-2

    Hello. About 2 weeks back I was doing something i wasn't supposed to be doing and downloaded a really bad virus that locked my computer. I had the computer reformatted at a local tech shop but after I got it back I have unusually high ping when I try to play games online. I have gone from my normal 70-85 ping up to 225-250 ping.

    My computer is set to connect to a proxy server (127.0.0.1 port: 8555) which I dont want to be connected to. I go into the options menu to set it to "No Proxy" but every time I restart the computer it resets back to the proxy settings. Even when I set it to no proxy I still get high ping in game.

    Also my computer is uploading a lot of information (up to 2 gigs each start up) and my IP address is blacklisted for email spam. Im pretty sure I know how to remove it from the blacklist but I must make sure the virus that is sending the spam is completely removed.

    Please help. Thank you for taking the time to read. Let me know if you need more info.
     

    Attached Files:

    StealthGorilla, Apr 9, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?l=dis&o=...2-16B89A1ED952&itbv=11.8.1.345&doi=2013-04-04
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555

    After clicking Fix, exit HJT.

    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Files
C:\Windows\TEMP\*.*
C:\Users\Home PC\AppData\Local\Temp\*.*
ipconfig /flushdns /c

:Reg
[HKEY_USERS\S-1-5-21-1652387084-1456825671-1889137732-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000
"ProxyServer"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 10, 2013
    #2
  3. StealthGorilla

    StealthGorilla Private E-2

    Hello. Thank you for the reply. Here are the logs you requested.

    So far everything looks good. The ping issue has gone away and I am able to connect to websites I couldn't since the recent incident. My browsers are still connecting to a proxy server on start up though. I still need to manually change them. Does it make a difference if Firefox is my default browser? Sorry for not mentioning this before (never thought of it).

    Anyhow I will be monitoring my connection over the next few days. I will report in if I notice anything obscure.

    If there is anything more you need to know please let me know. Thanks again for the help I really appreciate it.
     

    Attached Files:

    StealthGorilla, Apr 11, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes of course it does. Try the below:

    Reset Firefox to Defaults


    Did that help?
     
    chaslang, Apr 15, 2013
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds