General Category > Malware removal help
Proxy Virus - need help eliminating
themetallikid:
Ok...so I've paid for the minimal version of Rogue killer as I couldnt exterminate it otherwise...still no help. Downloaded Adaware and Malwarebytes and Ucheck...and no luck. Adaware and Malwarebytes do not detect anything. RK detects 3 things, it cleans them then they return.
I've tried going into the registry to deactivate the Proxy (change 1 to 0) and also deleting the one entry and disabling things that look not 'right' to me based upon online research...but still no luck after a reboot....IT RETURNS!!! I've tried doing the cmd prompt to see what is listening on 8080, and I get an error when doing that (I'm not really trained so Im assuming its something that I'm doing wrong....maybe?)
Anyway, I reran the scan in RK, here is the log from that. I'd really like to get this cleaned up as its not causing 'harm' necessarily, but it is a pain in the ass cause its affecting my internet connections and speed. I started noticing it when I switched internet carriers, though not sure how/why that would be linked....
RogueKiller Anti-Malware V13.4.2.0 (x64) [Aug 9 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : theme [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190812_111803, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/08/12 23:07:49 (Duration : 01:30:45)
いいいいいいいいいいいい Processes いいいいいいいいいいいい
いいいいいいいいいいいい Process Modules いいいいいいいいいいいい
いいいいいいいいいいいい Services いいいいいいいいいいいい
いいいいいいいいいいいい Tasks いいいいいいいいいいいい
いいいいいいいいいいいい Registry いいいいいいいいいいいい
>>>>>> R5 - Proxy
[PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable -- 1 -> Found
[PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-965646632-1427897047-1661301400-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- http=localhost:64550;https=localhost:64550 -> Found
[PUM.Proxy (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies| -- 1http=localhost:64550;https=localhost:64550 -> Found
いいいいいいいいいいいい WMI いいいいいいいいいいいい
いいいいいいいいいいいい Hosts File いいいいいいいいいいいい
いいいいいいいいいいいい Files いいいいいいいいいいいい
いいいいいいいいいいいい Web browsers いいいいいいいいいいいい
Curson:
Hi themetallikid,
Welcome to Adlice.com Forum.
This proxy is not necessary malicious. We need to check this manually.
Please follow the following process :
1) Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
--- Code: ---netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
--- End code ---
Do not close the command prompt !
2) A new file named netstat.txt should has been created on your desktop. Please attach it with your next reply.
Regards.
themetallikid:
ok, stopped home on lunch....
this is what I copied and the result:
C:\Users\theme>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.
Curson:
Hi themetallikid,
Could you please chech you executed the command line prompt as Administator ?
How to Run Command Prompt as an Administrator.
Regards.
themetallikid:
took me a minute to find how to do that...I'm not completely illiterate, but win 10 moves some functions and never had to do that yet. I did open it as administrator and noticed the beginning of the prompt had changed, lol.....I found the cmd program in the start menu, right clicked>more>run as administrator
however, I get the same result:
C:\WINDOWS\system32>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.
C:\WINDOWS\system32>netstat -abn > "%USERPROFILE%\Desktop\netstat.txt"
The system cannot find the file specified.
The first was my highlighting/copying/pasting, the 2nd was using that little link that copies directly.
Navigation
[0] Message Index
[#] Next page
Go to full version