Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - themetallikid

Pages: [1]
1
Malware removal help / Proxy Virus - need help eliminating
« on: August 13, 2019, 01:14:26 PM »
Ok...so I've paid for the minimal version of Rogue killer as I couldnt exterminate it otherwise...still no help.  Downloaded Adaware and Malwarebytes and Ucheck...and no luck.  Adaware and Malwarebytes do not detect anything.  RK detects 3 things, it cleans them then they return. 

I've tried going into the registry to deactivate the Proxy (change 1 to 0) and also deleting the one entry and disabling things that look not 'right' to me based upon online research...but still no luck after a reboot....IT RETURNS!!!   I've tried doing the cmd prompt to see what is listening on 8080, and I get an error when doing that (I'm not really trained so Im assuming its something that I'm doing wrong....maybe?)

Anyway, I reran the scan in RK, here is the log from that.  I'd really like to get this cleaned up as its not causing 'harm' necessarily, but it is a pain in the ass cause its affecting my internet connections and speed.  I started noticing it when I switched internet carriers, though not sure how/why that would be linked....

RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug  9 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : theme [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190812_111803, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/12 23:07:49 (Duration : 01:30:45)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> R5 - Proxy
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable -- 1 -> Found
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- http=localhost:64550;https=localhost:64550 -> Found
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies| -- 1http=localhost:64550;https=localhost:64550 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Pages: [1]