Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer 7 http:/// Error - Need Proxy Edit


  • Please log in to reply
4 replies to this topic

#1 f00f

f00f

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 05 November 2008 - 09:18 AM

Hey f00f here,

I get the following error when i try an use IE7 for a client http:/// when i type in http://www.letssaygoogle.com and it redirects as unable to connect. He had an infestation. The MalwareBytes file is as follows:

Registry Values Infected:

HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.




Folders Infected:

C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\Start Menu\Programs\VirusResponse Lab 2009 2.1 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.



Files Infected:

C:\Program Files\TinyProxy\tinyproxy.exe.vir (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\Start Menu\Programs\VirusResponse Lab 2009 2.1\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.

C:\WINDOWS\tmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\Local Settings\Temp\xrg2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\Start Menu\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.

C:\Documents and Settings\nbilzeri\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.

Anyways the malware/trojans/viruses are all gone. Now the only problem is that IE7 had it's proxy changed to a loopback of 127.0.0.1, 0.0.0.0 setting. I found out after i installed Firefox(Yes i installed firefox, yes it works, client does not want firefox... i failed in life?) and did a merge setting on it. Now the box on IE which is:
Posted Image

Is completely greyed out. But user has access to Registry. I was wondering if anyone knew the registry values or could create a .reg patch to change the settings from Use a proxy server... to Automatically Detect Settings.

Thank you well in advance.

-the f00f
the f00f... the f00f... the f00f is on fire! :thumbsup:

P.S If you need an idea of this error do check out the following page for messages and the such. IE 7 - HTTP:/// instead of HTTP// Error

Edited by Pandy, 05 November 2008 - 07:17 PM.
moved from Win XP Home and Pro


BC AdBot (Login to Remove)

 


#2 f00f

f00f
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 05 November 2008 - 06:11 PM

does noone know ? :thumbsup:

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:58 AM

Posted 05 November 2008 - 06:13 PM

does noone know ?


Yes, but you're in the wrong forum. I will alert a mod. :thumbsup:
Posted Image
m0le is a proud member of UNITE

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:58 AM

Posted 05 November 2008 - 06:56 PM

Proxy settings are contained (for IE) in the IE section of the registry.

This is the code for enabling a Proxy Server:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"="<your proxy IP address>:8080"
"ProxyEnable"=dword:00000001
"ProxyOverride"="<local>"

I've got a Proxy Server removal .reg file on my flash drive:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:0000000
"ProxyServer"=""

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 f00f

f00f
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 07 November 2008 - 09:17 AM

yooo

guys... your a life saver
thanks.. :thumbsup: a bunches

thats all i needed ?

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:0000000
"ProxyServer"=""

haha current version internet settings ? i was trying to in microsoft ie instead of windows... stupid MS... integrating IE completely into windows... didnt they have an infringement case on that ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users