Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Settings Keep Changing - Infected?


  • Please log in to reply
3 replies to this topic

#1 aquans

aquans

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 11 June 2014 - 11:36 PM

I read this same topic here and got this today while downloading .rar! I made sure to go through everything and uncheck etc. but it got me at the end when it was very determind to get my computer, it did it when I hit cancel!

 

Now I see this in my proxy which was set to 'ON' but I have it off, not sure what will happen.

 

I have NOT deleted anything from running AdwCleaner.

 

This keeps showing up in the "Manual Proxy Setup"

 

http=127.0.0.1:14139;https=127.0.0.1:14139

 

Thanks

 

Bill

 

# AdwCleaner v3.212 - Report created 12/06/2014 at 00:21:48
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Aquans - WINDOWS-3DTV6UD
# Running from : C:\Users\Bill\Desktop\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf
Folder Found : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\InstallCore
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\m4edu5pk.default-1402519077654\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : behceiemikmgnpbcnbmjidgpkhdoammf
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [13689 octets] - [12/06/2014 00:21:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13750 octets] ##########



BC AdBot (Login to Remove)

 


#2 aquans

aquans
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 11 June 2014 - 11:39 PM

PS, not sure if I should delet these keys?

 

Not going to do anything until I figure out what is going on, this sucks its a brand new computer!

 

Thanks in advance.

 

Bill

Attached Files



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 AM

Posted 13 June 2014 - 12:12 PM

Hello, I moved this to the Am I Infected forum as that area requires a DDS log for help.

Lets do this....

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
..
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


    ..

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 leofon

leofon

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 25 December 2014 - 08:45 AM

Maybe this is helpful
 
I was also confronted with the fact that internet settings were changed to use a proxy server over and over again.
The related Registry key for this setting is:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable"
Monitoring this setting for a while after I set the value to "0" using the LAN settings of internet explorer, I saw
that is was mysteriously changed to "1" after a while.
I also saw that the "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer"
was set to "http=127.0.0.1:1253;https=127.0.0.1:1253"
The next thing I did, was starting the "WhatsRunning" utility. With this tool I found out that the program 
"C:\Program Files (x86)\Search Extensions\Client.exe" was listening at port 1253. So basically intercepting all
internet trafic. Other files in the same directory gave me an unpleasant feeling about tampering with certificates.
The dates of the files were very recent and I could not remember installing anything recently.
So what I did was Stopping the mentioned "Client.exe" process and deleted the complete "C:\Program Files (x86)\Search Extensions" folder.
After this action the value of "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer"
was not changed anymore. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users