Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Connected to the Tor Network


  • Please log in to reply
1 reply to this topic

#1 bode14

bode14

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 04 May 2014 - 05:49 PM

I have had a couple of security issues on my Windows7 computer, the main one relating to a proxy.
 
When I click on taskbar notifications it states connected to the tor network. I was playing around with anonymous web browsing which installed vidalia.exe and blocknsurf.exe. I found some instructions about removing the browser which stated to simply delete the exe. I don't know if the taskbar notification is just a registry entry or if the proxy is still installed.
 
On another note, an Awesome Tab app for chrome installed some nasty malware which crippled my computer. Done some in-depth removal this morning using rkill.exe and combofix.exe which gave me this information:
 
* No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (PID: 2028) [WD-HEUR]
 
1 proccess terminated!
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
After that I couldn't connect to the internet so changed the LAN settings and got back on with no problems. The computer is running great now, I just don't know if I'm browsing with a proxy.
 
So my newbie questions are:
How do I know if I'm connected to a proxy?
How do I remove the proxy?
What should my LAN settings be for ordinary web browsing on Chrome?

 



BC AdBot (Login to Remove)

 


#2 planetarE

planetarE

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 08 May 2014 - 09:21 AM

I believe I can shed some light on two of your questions.

 

In order to check if you are connected to a proxy, first you need to discover your outward (to the internet) facing IP address.  This will probably be different than the address of your machine as that should be that of an internal IP range which is assigned by  your router (DHCP).  To do this, I connected to my router via the browser by entering the IP address of the default gateway into the browser itself.  The default gateway address can be found by opening your command line (type cmd at the start menu)  and typing the command ipconfig. The Default Gateway is the address your machine uses to reach the internet or outside network.  Most routers will then prompt for a username and password but this is most likely the same for all the routers of the same make and model My router login credentials were listed as the first result in a google search and was very basic, it's usually a very basic username such as "admin" with a very simple password.  It is also a good idea to look into changing these credentials from the factory defaults but that would fall under a security discussion. Once you're in the router, you should be able to find the address that is assigned to your router/modem from the cable company, it might be called something along the lines of WAN IP Address.

 

I took this address and compared it to the result that Google gave me when I asked Google "What is my IP address?"  They were the same meaning that I was not currently going through a proxy.  If this doesn't work out for you, you could try a website such as infosnipe.net, this will show you your Geolocation and may tell you if you are indeed on a proxy, there are many websites out there like this.

 

As far as for removing the proxy you installed completely, I would start with examining the Applications and Processes that are currently running on your machine while you are using the browser in question.  These can be viewed by pressing Ctrl-Alt-Del at the same time and selecting "Start Task Manager".  You should question any applications on the list that you don't recognize.  Examining the processes running is a little more involved but in short order you should be able to get an idea if something is running that shouldn't be, I would just watch them and then Google any "Image name" you are not familiar with.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users