Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

127.0.0.1 port 9150 Removal Tried To Fix Myself May Have Messed Up Badly


  • This topic is locked This topic is locked
11 replies to this topic

#1 Thorburger

Thorburger

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 03 October 2014 - 11:12 PM

127.0.0.1 port 9150 proxy is forcing me to connect to it, and I cant remove it with malwarebytes. I tried to fix it myself by looking up online solutions and I found one from this forum and tried it myself and it did not work. 

 

I downloaded OTL and copied this :

 

 :OTL

DRV - (gsensor) -- C:\WINDOWS\System32\gsensor.sys File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

 

 

 

Into it and hit the fix button and it didn't work. Please help me!

 

 

Attached Files

  • Attached File  DDS.txt   21.13KB   3 downloads


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 04 October 2014 - 10:42 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Edited by RPMcMurphy, 04 October 2014 - 10:43 AM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 Thorburger

Thorburger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 04 October 2014 - 12:32 PM

I also forgot to mention that I had run this fix 

 

CloseProcesses:
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-01] () [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-01] () [File not signed]
BHO: PETN -> {606673CA-8B49-43DE-8DFF-6E631BE9D469} -> C:\Program Files (x86)\PETN\petn64.dll ()
BHO-x32: PETN -> {606673CA-8B49-43DE-8DFF-6E631BE9D469} -> C:\Program Files (x86)\PETN\petn.dll ()
C:\Program Files (x86)\PETN
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
2014-09-02 20:10 - 2014-09-02 20:10 - 00000000 ____D () C:\Users\Barbara\AppData\Local\PETN
REG: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
REG: reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
REG: reg delete "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reboot:
 
 
 
I was really desperate to get it off, sorry I forgot to say that. 

Attached Files

  • Attached File  F2.txt   42.91KB   1 downloads
  • Attached File  A2.txt   36.98KB   1 downloads


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 04 October 2014 - 01:48 PM

That looks like it worked, but in the future I would stongly advise against using fixes posted for other users as it can result in some uninteded consequences.

You have multiple anti-virus programs installed. This can cause can cause conflicts and errors that make your antivirus protection less effective or not effective at all, even if they are not all active at teh same time.  You should uninstall all but one of the following:

Avira Desktop
Ad-Aware Antivirus
avast! Antivirus
COMODO Antivirus

Please do this also:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Open Malwarebytes AntiMalware (MBAM)
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 04 October 2014 - 01:48 PM

That looks like it worked, but in the future I would stongly advise against using fixes posted for other users as it can result in some uninteded consequences.

You have multiple anti-virus programs installed. This can cause can cause conflicts and errors that make your antivirus protection less effective or not effective at all, even if they are not all active at teh same time.  You should uninstall all but one of the following:

Avira Desktop
Ad-Aware Antivirus
avast! Antivirus
COMODO Antivirus

Please do this also:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Open Malwarebytes AntiMalware (MBAM)
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 Thorburger

Thorburger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 04 October 2014 - 03:42 PM

Nope. Still there when I run Tor Browser. It doesn't show up on Chrome though. 

 

Can't attach malwarebytes for some reason, but this is the log:

 

 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/4/2014
Scan Time: 4:09:43 PM
Logfile: mbtxt.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.04.11
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Charlie
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312209
Time Elapsed: 13 min, 1 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Attached Files



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 04 October 2014 - 05:55 PM

I'm not familiar with Tor and none of our tools, to my knowledge, target it's settings.  Have you tried removing it from within Tor's settings as shown here:  https://www.torproject.org/docs/proxychain


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 Thorburger

Thorburger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 05 October 2014 - 12:08 PM

Yes, I've tried that but it'll always revert back to 127.0.0.1. 

 

Also, this is preventing League of Legends from starting up.



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 06 October 2014 - 02:08 PM

Let's make sure we don't have any malware on the machine before we do anything else.  Do this next, please:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-Uncheck anything that relates to an application you wish to keep->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • adwCleaner log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 Thorburger

Thorburger
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 07 October 2014 - 06:22 PM

I ran the ESET too but it only picked up something for winzip and I couldn't get a log for it.

Attached Files


Edited by Thorburger, 07 October 2014 - 06:23 PM.


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 08 October 2014 - 12:55 PM

ESET detects freeware like WinZip because its ad driven and/or comes bundled with a toolbar, so that's not concerning.  You don't have any obvious signs of malware on this computer, and your Tor issue is outside of my area of expertise.  At this point, I'd like you to follow these steps to clean up some of the tools I used, then try Tor's own support page HERE and see if you can get help with your issue there.

icon11.gif  Download OTC to your desktop and run it

  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 PM

Posted 19 October 2014 - 10:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users