IE locked proxy server settings after infection

[DonS]

Hey all

I have had a Vista system infected. I have cleaned it with everything in the arsenal so far (listed below). Not picking up any malicious items left on the computer. But I can not change IEs proxy settings to automatic to save my life. They revert instantly back. Tried in safe mode, tried editing the registry (the entries return). Any suggestions on this?


MBAM
Spybot
Avast
ESET Online
ComboFix
HitmanPro
AdwCleaner
Junkware Removal Tool

 

[mraikes]

IIRC I've fixed this problem with Tweaking.com.

 

[DonS]

Thank you, I failed to mention that as well. I have used that three times so far at various stages. It has failed to reset the proxy server in place.

 

[glennd]

in safe mode, begin a process of ending a task, reset the proxy, end a task, reset the proxy until you either kill windows or the process that's resetting the proxy. obviously start with the processes you don't recognise. i've had success with this approach in the past.

maybe try a few rootkit detectors as well...

 

[mr m]

maybe try a few rootkit detectors as well...

X2 on this. Try MBAR. They also include a tool (I think in the plugin folder...look around) called fixdamage.exe which fixes broken Windows services after malware removal.

 

[DonS]

I am still getting website redirects as well. So there has to be something here. But I have also used TDSSKiller and MBAR. They do not pick up any rootkits

 

[jbartlett323]

Win7, but the same fix most likely applies:
http://www.technibble.com/forums/showthread.php?t=59086

hope it helps!

 

[DonS]

I used Rogue Killer, which detected whatever it was. It at least pointed me in the right direction. It deleted quite a few registry entries that other scanners missed. However, I had to go and delete the malicious folder and contents in safe mode manually.

System is now no longer being redirected and I can set the proxy to auto.

Thanks for the help.

 

[Ktex]

in safe mode, begin a process of ending a task, reset the proxy, end a task, reset the proxy until you either kill windows or the process that's resetting the proxy. obviously start with the processes you don't recognise. i've had success with this approach in the past.

Excellent suggestion that I will be using later. It seems to apply to other irksome PUPs. I had one today that tweaking.com took out (proxy setting came back), after running the usual cleaners and Mbytes. If only I had read it sooner to try it out.

 

[DenverCM]

I just ran into the same problem yesterday after cleaning up an infected PC. I fixed the proxy problem by running IE as an Administrator (right-clicked IE --> Run as Administrator). I was able to change the proxy settings after that.

 

[Moltuae]

Just had a Win 7 Pro machine with this same issue.

It had what appeared to be fairly benign spyware called PPriCELessu, which itself was easily removed. A number of scans (inc MBAM) showed it to be clean, but I was unable to change the proxy setting that it (or something else) had configured.

Turns out this was caused by a running service called CompilerExportFirmware, which couldn't be stopped, disabled, etc (greyed-out). I was up against the clock so I didn't investigate further. Hitman Pro was able to detect and remove the service.

So, if you have this issue look for a service called CompilerExportFirmware.