Hello everyone, I am running Windows 8.1 and have run into a problem. I recently upgraded to Windows 8.1 after having had Windows 7 for quite a few years (about 2-3). Once I did, I made sure Avast would be the first thing I'd install.
For whatever reason after a while I'd get a lot of ads and random objects, and it turned out to be adware. I removed pretty much all of it through the Add/Remove Programs window, the adware items being Pastaleads, Snap.do, KNCTR, Stormwatch, and Idle Crawler, along with something involving remote PC control. This was odd. After I removed those things, I restarted my computer. When it rebooted something else, an iconless item called "Protector" (don't quote me on this, I legitimately can't remember the name but it's something along the lines of "Protector" I know that) was in the Uninstall Applications list. Attempting to uninstall it gave me an error of some sort, but after scanning my PC with both Avast and Malwarebytes, it went away.
I booted up Firefox, went to a page, and it told me something about my proxy settings being incorrect. I had never set a proxy. I turned the proxy settings off and Firefox functioned like normal. I checked out Internet Explorer and realized it had the same problem, only turning proxy mode off would not work. It'd toggle but when I left the menu it'd revert back to a manual proxy. Turns out this was also the reason I couldn't visit the Microsoft Store from Metro, as there were supposedly remaining viruses on the computer that forced a manual proxy on the Windows 8 internal proxy settings as well. The IP in both the IE proxy settings and the Windows 8.1 options is 127.0.0.1:53764. Now I can't change these proxy settings and there's odd applications I've never seen before in my Task Manager's background processes. A quick Google search shows that these applications are part of the Windows system, but I'm led to believe they're Trojans due to their sudden appearance.
Interestingly, clicking "Open File Location" on all of the questionable applications takes me to their files in System32.
Questionable items I see in Task Manager (some of these might just be legitimate objects I didn't notice till now, forgive me):
- persistence Module (no icon)
- Runtime Broker (no icon)
- Sink to receive asynchronous callbacks for WMI client application (no icon)
- Spooler SubSystemApp
- Store Broker (no icon)
- WMI Provider Host
Also, two copies of something called COM Surrogate appear for a few seconds when I open the Task Manager, then go away.
What I've tried to do:
- Full scan with Avast (Found nothing)
- Full scan with Malwarebytes (Found 21 threats, deleted them)
- Use Rkill, then scan with both of them again (Found more stuff, deleted)
- Boot-time scan with Avast (Found a lot of stuff, deleted that)
- Use Adwcleaner (found nothing)
- Scan with Microsoft Safety Scanner (took about 25 hours, found 15 threats, partially deleted 4)
- Ran Kaspersy TDSSKiller (found nothing)
- Ran McAfee's Rootkit Remover (found nothing)
- Restarted my computer each time I did one or more of these things
- Deleted suspicuous files and installations from the registry through Malwarebytes
- Uninstalled "SmartOnes" addon from IE and Firefox through deleting the registry files for it
I've cleared things with my antivirus and uninstalled everything malicious, yet there's still viruses in there somewhere and I'm still unable to turn the proxy off in IE and Win8.1. This is really bugging me, help is most appreciated!
Edited by Windumb, 30 October 2014 - 07:55 PM.