Author Topic: Malware trying to connect to proxy  (Read 1084 times)

0 Members and 1 Guest are viewing this topic.

Offline DerpyTurtle

  • Peasant
  • *
  • Posts: 80
  • Cookies: -12
    • View Profile
Malware trying to connect to proxy
« on: July 22, 2014, 09:55:59 pm »
Hey everyone I am working on a computer for a family member and the issue they are having is that any time they try to connect to the internet via a browser they get a proxy error saying that it cant connect to the server. I checked all of the settings there is no proxy set locally or in any browser, I tried to connect to the internet via the command line and was able to ping, tracert, etc.. so the connection is just fine. What I am wondering is have any of you seen this before, I know there is some kind of malware out there that does this but I do not know what it is called so any help you guys could give me to further my research in the removal of said malware would be very helpful. Thanks!

Offline DerpyTurtle

  • Peasant
  • *
  • Posts: 80
  • Cookies: -12
    • View Profile
Re: Malware trying to connect to proxy
« Reply #1 on: July 23, 2014, 03:29:14 am »
I checked the IPv4 settings for the machine and the DNS was being routed somewhere else so I just set it to use the default, I dont know if it was the ISPs DNS server or what but its no longer being used and I still cant connect. I tried looking at the traffic with netsat but everything seemed normal so now Im just trying to figure what the name of the possible malicious software could be and then go from there. Also I went into the control panel to look for suspicious looking software and it only listed 6 items, I didnt see any of the updates for the .NET framework or anything. It was on Win 7 Home Premium so I dont know if those are just hidden to users without admin rights on that version of Windows or what but I am trying to figure this out. Believe it or not the person I am working on it for told me her daughter looked at it and said it was the hard drive causing the proxy error, so I'm thinking if I cant find a name and way to remove this malware I may just back everything up and reinstall but if the malware is linked to a file on the system then I would just be backing it up too.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Malware trying to connect to proxy
« Reply #2 on: July 23, 2014, 06:08:31 am »
Try setting 8.8.8.8 as your primary dns. This is googles DNS. And you could try Wireshark to see the connections.
Also did you try to scan the system first :) i recommebd Malwarebytes.

Offline DerpyTurtle

  • Peasant
  • *
  • Posts: 80
  • Cookies: -12
    • View Profile
Re: Malware trying to connect to proxy
« Reply #3 on: July 23, 2014, 11:24:14 pm »
I used my flash drive with all my portable apps and malwarebytes is one of them but the system doesnt stay powered on long enough for me to finish a scan, itll stay on for maybe 5 minutes and this is with the charger connected. I didnt think to use wireshark but that is a great idea I will give it a shot and see where these packets are going when I request a webpage.
   As for the DNS I tried using the default local setting and then my preferred server which is 4.2.2.2 and it seemed to still work but the browsers were still not functional.

Offline deppi321

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: Malware trying to connect to proxy
« Reply #4 on: July 25, 2014, 07:42:27 pm »
maybe proxy setting in browser config?

Offline TheHelper

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Malware trying to connect to proxy
« Reply #5 on: July 28, 2014, 02:28:22 am »
Duno if this will help you or not  but   - ive seem malware  modify  the whole entire  complete os with a backdoored forced proxy -

no matter if you edited the network settings  and removed them it still wouldnt go any where

Maybe try checking the IE  registry?  believe it or not a lot of settings done by IE does a lot of changes to the PC


Take alook here maybe?

http://stackoverflow.com/questions/13981621/registry-key-for-global-proxy-settings-for-internet-explorer-10-on-windows-8




Offline DerpyTurtle

  • Peasant
  • *
  • Posts: 80
  • Cookies: -12
    • View Profile
Re: Malware trying to connect to proxy
« Reply #6 on: July 28, 2014, 08:16:21 pm »
maybe proxy setting in browser config?

I tried looking at all the browsers and their proxy settings and there was nothing to be found. The only questionable thing I found was the DNS server on the LAN was set to a specific IP but I changed it so it uses the default. I dont know if this IP was from the ISP or from the malware itself. Regardless its changed, and pinging and tracerts still work, just not the browsers.

Duno if this will help you or not  but   - ive seem malware  modify  the whole entire  complete os with a backdoored forced proxy -

no matter if you edited the network settings  and removed them it still wouldnt go any where

Maybe try checking the IE  registry?  believe it or not a lot of settings done by IE does a lot of changes to the PC


Take alook here maybe?

http://stackoverflow.com/questions/13981621/registry-key-for-global-proxy-settings-for-internet-explorer-10-on-windows-8





Thanks! I'll definitely give this a read and see where it gets me. The situation you mentioned could more than likely be whats happening because no browser at all seems to be working.