• Home
  • Consulting
  • Contact Us
    • About this site
    • Contact Wayne
    • Media Room
    • Wayne’s Bio

SBSFAQ.COM

Supporting IT Pro's & MSP's since 2000

  • Blog
  • FAQs
  • Reviews
  • Downloads

Virus sets Proxy Settings

September 21, 2010 by Wayne Small 3 Comments

One of my friends reported that they had a virus on their computer.  Not to worry – their antivirus software detected it and quarantined it.  The problem was that after detecting it and quarantining the virus, they had problems surfing the Internet to a number of sites.  Not all sites mind you, but things like their bank, www.nba.com, and even this site were all broken.  Their email worked just fine, it was just some websites that were messed up.  I paid a visit to check it out.  Their AV package showed the following log file… ok – looks like it detected the virus and then moved it.  Cool – virus gone.

image

To be sure I scanned the computer with MalwareBytes and it showed clean too.  I then rebooted into safe mode and still had problems with accessing the web.  Ok – not so cool.  I spent a bit of time going over the computer.  I reset the TCP IP stack using the netsh commands… nope – that didn’t fix it.  I was scratching my head and explaining how it all works when I had a light bulb moment….

I checked the Proxy Settings on IE and found that yes – something had set a proxy server.  See the screen below.

clip_image001

It was redirecting it to the localhost 127.0.0.1 on port 27811. The virus itself had modified IE and installed itself as a proxy server. Tricky huh.

clip_image001[4]

Now I checked using netstat (netstat –ano | find “:27811”) to see if there was anything listening on that port and there was nothing – that makes sense because the web surfing problem only occurred AFTER the AV package quarantined the virus and with the virus gone there would be no proxy to pass the info through.

Ok – give the virus was now gone… my advice to my friend was for him to change any secure passwords he had used in the past week or so as we don’t know when the virus/trojan got into his system.  Thought I’d share this one though as I’ve not seen a virus/trojan become a proxy before.

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: Blog Tagged With: Malware

About The Author

Wayne has been working with Microsoft Server products in the SMB market for over 20 years. He has a passion for technology and been a Microsoft MVP for over 15 years. Read More…

Comments

  1. rob says

    September 23, 2010 at 2:17 am

    I have seen a virus latley setting the local dns servers IP statically to a DNS Server in the Ukraine!

    Reply
  2. Sam says

    September 11, 2011 at 12:04 am

    Same problem happened today with me, routing data through a random port on localhost.

    Reply
  3. terri says

    September 27, 2011 at 6:56 pm

    Yeah I suffered the same fate just now. I only found out about it when Mozilla threw a message about my proxy server which gave me an idea. I had to go to safe mode and run Security Essentials and MalwayeBytes to remove a number of malware. Nasty!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Connect Online With Us

  • Facebook
  • Twitter

Reviews

Splashtop – Cost Effective Remote Control Software

September 22, 2017 By Wayne Small 2 Comments

Western Digital DL4100 NAS

March 3, 2015 By Wayne Small Leave a Comment

SBS 2011 Configuring Certification Guide (70-169)

August 7, 2012 By Wayne Small 4 Comments

Site News

Exchange Bug Stops Mail Delivery in 2022

January 2, 2022

Huge bug found in Intel CPU that could permit hackers to steal your data

January 4, 2018

Recent Posts

  • MS Exchange Zero Day and RemotePowerShell Disabling on Admin accounts
  • Setup changes for Exchange 2016 and Exchange 2019
  • Bluetooth Mouse and Keyboard Randomly Stop Responding
  • Exchange Bug Stops Mail Delivery in 2022
  • How to open and search extremely large text log files

Tags

Antivirus Backup Business Focus Cloud Computing Community Conferences Disaster Recovery Exchange 2010 Exchange Server Future Products Hyper-V Installation Microsoft Migration Patches Personal Rants SBS 4.5 SBS 2000 SBS 2000 SP1 SBS 2003 SBS 2003 Premium SBS 2003 R2 SBS 2003 R2 Premium SBS 2003 R2 Standard SBS 2003 SP1 Premium SBS 2003 SP1 Standard SBS 2003 Standard SBS 2008 SBS 2008 R2 SBS 2011 SBS 2011 Essentials SBS 2011 Standard Security Service Packs ShadowProtect SMB Community Software Software I use StorageCraft Training TrendMicro Troubleshooting Virtualisation Windows Server 2012 Essentials

Terms of Use

Privacy Policy

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in