Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy Server Auto-Check (Infected Machine)


  • This topic is locked This topic is locked
4 replies to this topic

#1 coreymcdonald855

coreymcdonald855

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 13 January 2015 - 02:13 PM

Hello, all, and thank you in advance for the assistance. I am currently working on a customer's Toshiba Satellite C55 running Windows 8. Upon initial review, it was obvious that the machine was badly infected with numerous junkware and adware. Per our standard operating procedures, I backed up relevant data and restarted the machine in safe mode. Junk programs were uninstalled via CCleaner, scanned using MBytes, made copies of registry and repaired using CCleaner, cleaned up HDD using CCleaner, and restarted to Windows 8 (regular). Up to this point, all programs are installed from a flash drive. Typically, upon restart from safe, we run ESET Online Scanner. However, I noticed immediately that Chrome was giving me the "Could not connect to proxy server" error. I checked setting in Chrome to find that the "Proxy" tab was grayed out. I opened Internet Options from control panel -> Advanced -> LAN settings to find, as I had assumed it would be, the Proxy button selected. I deselected the Proxy settings, re-selected Automatically Detect Settings, and clicked OK. Same error from Chrome. Checked LAN settings again to find Proxy checked. Following this, I ran ComboFix, to no avail. Basically, every time I deselect Proxy settings (and even when I delete all Advanced Proxy Settings fields), something is automatically selecting it again. I have a few days to complete this, so no big rush. I really appreciate the help.



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:26 AM

Posted 14 January 2015 - 10:35 AM

Hey, :)
Please post the Combofix log. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 coreymcdonald855

coreymcdonald855
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 14 January 2015 - 11:34 AM

I apologize, I actually found a solution. For whatever reason, correcting the setting in safe mode allowed the problem to be solved. Just for s's and giggles, I will follow through with this process. I am curious to see how effective our operating procedures are. If you'll allow me an hour or so, I am currently updating that machine to Windows 8.1. I appreciate your prompt reply, and will be glad to donate following completion.


Edited by coreymcdonald855, 14 January 2015 - 11:35 AM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:26 AM

Posted 14 January 2015 - 03:11 PM

OK

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:26 AM

Posted 18 January 2015 - 09:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users