Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy server box is ticked after every restart.


  • Please log in to reply
4 replies to this topic

#1 3rdpig

3rdpig

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 13 December 2014 - 03:57 PM

I've got a computer here that belongs to a family member that was very infected with adware/spyware.  Her husband, at my direction, cleaned it with Malwarebytes, Emsisoft and ADWCleaner.  The computer now seems clean and runs well, but the Proxy Server box in Internet Options is ticked and has to be unticked, after every restart or it has no internet connection and the Proxy Server of 127.0.0.1:8000 is back.

 

Here's what I've done since I've had it.

Malwarebytes

Malwarebytes anti root kit

ADW Cleaner

Emsisoft

TDSS Killer

Rogue Killer

GMER

ESET scanner

Junkware Removal Tool

ASWmbr

Tweaking.com Windows Repair tool - (reset registry, service and file permissions, reset proxy, repair hosts file,remove policies set by infections),

Manually cleared the proxy registry settings.

Cleared all items from Startup

Removed all suspicious items with Hijack This

 

I've also installed Win Patrol, and it's finding a "run once" startup item on every boot and all it's got is a number, but nothing else can locate it.

 

I'm out of things to try, the computer runs fine except for the proxy being reset with every boot.

 

I'll only have the computer for another day, but I can continue the work via my FIL and remotely after that.

 

Thanks!

 



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:13 AM

Posted 13 December 2014 - 05:00 PM

If Win Patrol found the culprit....then I would think you could find and kill using AutoRuns for Windows


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 13 December 2014 - 05:15 PM

Just out of interest, do you have any VPN programs, such as HotSpot Shield?



#4 3rdpig

3rdpig
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 13 December 2014 - 05:28 PM

I found several suspicious entries in Autoruns, including True Sight and SPD, as well as others that were either unsigned or had no associated file.  I unchecked all of them and that cured the problem.

 

I feel like an idiot for not thinking of Autoruns, but I assumed the other tools that listed startup items would show me all of them.  Stupid me for assuming.

 

Thanks again, you guys made me a hero! 



#5 buddy215

buddy215

  • BC Advisor
  • 12,619 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:13 AM

Posted 13 December 2014 - 08:25 PM

Put on your cape and deliver.... :cool:

You're welcome.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users