Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VIRUS DAMAGE - UNCHANGEABLE PROXY IE SETTINGS


  • Please log in to reply
4 replies to this topic

#1 lighter223

lighter223

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 31 October 2014 - 01:16 PM

I work at a smallPC repair shop.  This week alone I have seen 4 pcs with an issue pertaining to an enabled proxy (and as we all know, enabled proxy is virus damage 99% of the time, at least for the home/smb user).  HOWEVER - this time - it is permanent.  There is a small text saying only sys admin can make changes to some properties

I have seen one post (google) pertaining to this exact (almost) issue and it was here on bleeping..  FRST was run and the OP had resolved the issue.  His symptoms were that when he changed it, It would automatically revert.  My symptoms are that they are unchangeable, at all.
There was an FRST fixlog file that fixed it for him.  I looked at the reg keys listed in that file and checked in the registry to see what, if anything, deiifered.  I then applied the fix via FRST and it made the proxy settings changeable and now reverting.  SO I am in the same boat as the other guy BUT the fixlog did not solve the issue. 
I have now seen this problem on 7 pro and HP and 8

I have used malwarebytes, superanti, avira, tdss (all with HD as slave and then back in customer PC) then combofix and hitmanpro.  I delete all temp files for user and in windows directory

I will upload frst logs in separate, individual posts



 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 AM

Posted 31 October 2014 - 01:20 PM

Upload and run but post them in a new topic here so they can be reviewed.

Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SleeperSec

SleeperSec

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 31 October 2014 - 04:39 PM

Before you get into all that, try this:

 

 

It is possible that a malicious program has changed the proxy settings on this computer. There are a few places that you can check in the registry (listed with the recommended value for each key):

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

"Connection Settings"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

"Security_HKLM_only"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxySettingsPerUser"=dword:00000001



#4 technonymous

technonymous

  • Members
  • 2,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 01 November 2014 - 03:03 AM

Modifiy the dword vaule from 1 to 0

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\

"ProxyEnable"=dword:00000000

 

Looking on the the right pane again look for any "ProxyServer" RG_SZ (StringSize) Entries. Right Click and delete it.

 

Also check these areas for suspicious strings.

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce


Edited by technonymous, 01 November 2014 - 03:07 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 AM

Posted 01 November 2014 - 08:52 PM

And before you do either of those create a new restore point, so that your Registry is backed up in case you make a deletion error.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users