127.0.0.1:8118 proxy virus - headway

This is a new virus and no matter what I threw at it , the proxy setting kept coming back. I saw a lot of attempts here at fixing it, but everything was so much work. I think I made some headway, and in windows 8.1, the program

proxy virus 127.0.0.1:8118

wininet.exe in task - also wininet.dll running in task list


modified registry searched for :8118
erased proxy and proxybypass and static proxy

of course that didnt work, but I then went to the task scheduler .. figuring if it came back at regular intervals it must be running a task. sure enough there was a wininit.exe in there, which i disabled. SO far it is overnight and the proxy setting has not been touched. Actually I am not sure if it is wininit or wininet, but the answer seemed to be to remove it from the task scheduler. :major

 

so far! it has not returned

 

Re: 127.0.0.1:8118 proxy virus - headway - it's Baaaaack!

ohhhh my I thought I had it ... this thing is baad. And it stays away for 2 days so it makes you believe you got it. and since nothing detects it, you think it's gone :-( . I can't see what good it does them if you can't connect to any websites!

 

Re: 127.0.0.1:8118 proxy virus - headway- got it

Here is the link that helped me find it, although the kb70007 stuff does not apply to this one, it was using privoxy.exe.

http://www.overclock.net/t/1490256/...-address-127-0-0-1-virus-that-is-going-around

I also know where i picked this up ... I got it either from utorrent directly or directly from a website ad on piratebay.org

It’s in programs x86 , Megasoft Security, program: privoxy.exe

The config.txt file has the proxy settings: 127.0.0.1:8118

Also there is a program called jptask, that is set to run 10:42 every day

Had to search through the 8.1 task scheduler which is not easy, but I clicked on the top of the tree which displays all tasks, then I looked for jptask.exe

I deleted the task

So after all this i do believe i stopped it, but if it comes back I will let you know!