Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HKCU\....\Internet Settings [ProxyOverride]


  • This topic is locked This topic is locked
15 replies to this topic

#1 TopBob

TopBob

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 21 July 2015 - 06:53 AM

Hello all, 

 

My computer had been experiencing issues with logging into windows (UUID) and Chrome would not launch. 

 

After researching the issue I downloaded AdwCleaner and ran both the scan & cleaning tools. The tool helped to remove approximately five issues (sorry, I cannot remember what). I can now successfully login into windows (without issue) and launch Chrome, however the below issue remains.  

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

Is the above malware or a false positive?

 

After further research I found Bleeping Computer.

 

Please find attached FRST and Addition. 

 

Please find attached the log from AdwCleaner, 'AdwCleaner[R7]'.

 

Please find attached the log from Malwarebytes, 'Malwarebytes scan results'.

 

The settings in Chrome have been restored to their original defaults and the CCleaner tool has been used.

 

Any help would be appreciated. 

 

Thank you. 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 23 July 2015 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
RemoveProxy:
CloseProcesses:

HKLM\...\Run: [] => [X]
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 Tosrfcom; No ImagePath

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 TopBob

TopBob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 23 July 2015 - 12:32 PM

Hello nasdaq,

 

Thank you for your reply.

 

Please find attached Fixlog.

 

The computer appears to be working fine since using AdwCleaner etc. I have had no issues with logging into windows and chrome. 

Attached Files



#4 TopBob

TopBob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 23 July 2015 - 12:38 PM

nasdaq, I have run AdwCleaner again. Unfortunately, 'HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>' is still present.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 23 July 2015 - 01:03 PM

It must be a malformed entry in the registry.

It's not causing any problems. Leave it alone.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 TopBob

TopBob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 23 July 2015 - 01:35 PM

Thank you, nasdaq.

 

I am overly cautious and do worry, so I will do regular scans. 

 

Thank you for your time.



#7 TopBob

TopBob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 25 July 2015 - 05:25 AM

Hi nasdaq,

 

I have experienced the same issue when trying to sign into windows (UUID).

 

'HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>' was the only item present from another AdwCleaner scan.

 

Is 'HKCU\...\Internet Settings [ProxyOverride] - <local>' responsible for the issue?

 

Any help will be appreciated. 

 

Thank you.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 25 July 2015 - 07:18 AM

Lets look also in the Registry.
I'll see if I can remove it.

Please run the Farbar Recovery Scan Tool. Enter ProxyOverride in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 TopBob

TopBob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 25 July 2015 - 10:46 AM

Please find attached 'Search.txt', nasdaq.

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 25 July 2015 - 01:34 PM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00


[HKEY_USERS\S-1-5-21-1001775335-3192414615-386547756-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-


Restart the when completed.

You can delete the fixme.reg file when done.

How is it now?

#11 TopBob

TopBob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 25 July 2015 - 03:01 PM

I was able to sign into windows without issue. The issue could be intermittent, so I will see how it goes in the next few days.

 

'HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>' is still present after another AdwCleaner scan.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 26 July 2015 - 07:06 AM

Open the Internet Browser.
Under the Tools menu select Internet Options.
Click on the Connection Tab.
Click on LAN settings
Under the Proxy Server, if "use a proxy server for you lan..." is CHECKED, remove it.
Click the apply button.

Close the Browser.

Restart the computer normally.

How is it now?

#13 TopBob

TopBob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 26 July 2015 - 09:54 AM

'use a proxy server for you lan...' was not checked. 

 

'Bypass proxy server for local addresses' is checked. Should I uncheck?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 26 July 2015 - 01:27 PM

Yes, mine is not checked.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:33 PM

Posted 01 August 2015 - 10:54 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users