General Category > Malware removal help

Proxy Virus - need help eliminating

(1/8) > >>

themetallikid: I've paid for the minimal version of Rogue killer as I couldnt exterminate it otherwise...still no help.  Downloaded Adaware and Malwarebytes and Ucheck...and no luck.  Adaware and Malwarebytes do not detect anything.  RK detects 3 things, it cleans them then they return. 

I've tried going into the registry to deactivate the Proxy (change 1 to 0) and also deleting the one entry and disabling things that look not 'right' to me based upon online research...but still no luck after a reboot....IT RETURNS!!!   I've tried doing the cmd prompt to see what is listening on 8080, and I get an error when doing that (I'm not really trained so Im assuming its something that I'm doing wrong....maybe?)

Anyway, I reran the scan in RK, here is the log from that.  I'd really like to get this cleaned up as its not causing 'harm' necessarily, but it is a pain in the ass cause its affecting my internet connections and speed.  I started noticing it when I switched internet carriers, though not sure how/why that would be linked....

RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug  9 2019] (Premium) by Adlice Software
mail :
Website :
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : theme [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190812_111803, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/12 23:07:49 (Duration : 01:30:45)

いいいいいいいいいいいい Processes いいいいいいいいいいいい

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい

いいいいいいいいいいいい Services いいいいいいいいいいいい

いいいいいいいいいいいい Tasks いいいいいいいいいいいい

いいいいいいいいいいいい Registry いいいいいいいいいいいい
>>>>>> R5 - Proxy
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable -- 1 -> Found
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- http=localhost:64550;https=localhost:64550 -> Found
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies| -- 1http=localhost:64550;https=localhost:64550 -> Found

いいいいいいいいいいいい WMI いいいいいいいいいいいい

いいいいいいいいいいいい Hosts File いいいいいいいいいいいい

いいいいいいいいいいいい Files いいいいいいいいいいいい

いいいいいいいいいいいい Web browsers いいいいいいいいいいいい

Hi themetallikid,

Welcome to Forum.
This proxy is not necessary malicious. We need to check this manually.

Please follow the following process :
1) Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :

--- Code: ---netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
--- End code ---
Do not close the command prompt !
2) A new file named netstat.txt should has been created on your desktop. Please attach it with your next reply.


ok, stopped home on lunch....

this is what I copied and the result:

C:\Users\theme>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

Hi themetallikid,

Could you please chech you executed the command line prompt as Administator ?
How to Run Command Prompt as an Administrator.


took me a minute to find how to do that...I'm not completely illiterate, but win 10 moves some functions and never had to do that yet.  I did open it as administrator and noticed the beginning of the prompt had changed, lol.....I found the cmd program in the start menu, right clicked>more>run as administrator

however, I get the same result:

C:\WINDOWS\system32>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

C:\WINDOWS\system32>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.

The first was my highlighting/copying/pasting, the 2nd was using that little link that copies directly. 


[0] Message Index

[#] Next page

Go to full version