Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

proxycheck.exe in toolbar


  • This topic is locked This topic is locked
14 replies to this topic

#1 curebdc

curebdc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 22 December 2011 - 04:16 PM

Hello! So I've had a lingering problem with my computer for about a month now, I noticed my computer going really slowly and often needing to be manually shut down. I noticed a few weird files in my notifications area: proxycheck.exe and objlist.exe. Also my firewall and security center wasn't working. I looked up a bunch of forums having to do with proxycheck.exe and I ran everything, ESET, MBAM, SAS, RKILL, TFC (rkill, and TFC was very helpful), TDSS, ComboFix, Avast. What seemed to do the best was once I ran RKILL then I ran everything and then did network safemode and updated/reinstalled flash,acrobat and windows, and completely removed bittorrent, daemontools. Once the firewall was able to get back up, its been going pretty well BUT I still see multiple proxycheck.exe in my notifications area and every so often I find a file in my temp file called RFX0 or RFX1 containing proxycheck.exe (which I delete but keeps coming back). Also my computer will still freeze every so often or come close to freezing. Given that I still see proxycheck.exe in my notifications area I must still be infected. It has to be a registry thing that I can't find. So after exhausting every option I could think of I'm wondering what advice you have for me. Thank you so much in advance.

Attached are logs from GMER and DDS (named dds and attach).

errr, Nevermind the GMER log I have a 64 bit system so I guess it doesn't work with it.

Attached Files


Edited by curebdc, 23 December 2011 - 12:49 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 29 December 2011 - 12:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434007 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 curebdc

curebdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 January 2012 - 08:30 PM

Hi, so I still need some help. The computer is running ok now, but still has some moments of running very uncharacteristically slow. Also proxycheck.exe is still in my toolbar and I can't manually remove it, so that tells me there is still a trace of this on my computer. Also since the last message another computer in my house has been infected with the same thing. But for now lets focus on this computer and getting it completely removed.

Again my computer is running Windows 7 Home Premium (64 bit), I do not have a copy of the DVD for Windows 7 however.

Attached is another DDS scan

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:03 AM

Posted 03 January 2012 - 12:15 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 03 January 2012 - 01:03 AM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:03 PM

Posted 03 January 2012 - 04:05 AM

Hi,

can you please provide the logs from ComboFix and TDSSKiller when you originally ran it. What do you mean that proxycheck is still in your toolbar? Does it have it's own icon or do you keep getting notifications about it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 curebdc

curebdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 04 January 2012 - 08:44 PM

Hey thank you for getting back to me! I don't have the logs anymore for either of those... should I run new scans and post those? As for the notification area thing, if I go to show hidden icons and then to customize I see 3 instances of Proxycheck.exe, oh and also two instances of win 7 security 2012 called bvb.exe, fll.exe.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:03 PM

Posted 05 January 2012 - 05:30 AM

Hi,

ok, yes, please rerun ComboFix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 curebdc

curebdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 07 January 2012 - 09:37 PM

OK here are the logs for TDSS and ComboFix.

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:03 PM

Posted 08 January 2012 - 06:45 AM

Hi,

can you show me a screen shot of what you see with the proxy check and the rogue?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 curebdc

curebdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 09 January 2012 - 02:38 AM

hopefully the pic will help out!

Attached Files



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:03 PM

Posted 09 January 2012 - 06:11 PM

His,

this is a setting which allows you to specify the behaviour for items that were previously there. It does not mean that the program is currently running! And indeed i can find no sign that the files are still running.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 curebdc

curebdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 10 January 2012 - 08:47 PM

Are there any other scans I should run just in case?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:03 PM

Posted 11 January 2012 - 04:40 PM

Hi,

yes, actually I would like you to run a scan with Eset:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Have a look here if you want to remove past notifications from your system tray (including proxycheck and company): http://www.addictivetips.com/windows-tips/clear-past-notification-icons-in-windows-7/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:03 PM

Posted 17 January 2012 - 10:37 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users