I just had a virus, screwed with proxy settings.

T

theTIK

Gawd
Joined
Jul 3, 2003
Messages
757
So I was just using my computer normally as always and fake anti-virus windows starting popping up out of no where and all applications were being blocked from opening. I didn't have any anti-virus or malware software installed because I hadn't contracted a virus on any of my computers in many years.

This might have happened because Firefox asked me to do an update today and I declined, I figured I would just do it later. There might be some security problems with it that were recently uncovered or something. I also downloaded a couple of videos from a public torrent site, but I never opened them and all scans now of the files come up clean.

Rebooting into safe mode with networking still didn't get my browsers to connect to the internet so I got on my laptop and downloaded rkill and malwarebytes and ccleaner. I put them on a thumb drive and installed them on my desktop. Once everything was removed, my browsers were not able to connect to the internet, I tracked this down to the proxy settings.

The virus must have messed with windows proxy settings. So in Windows 7 proxy settings I just unchecked all boxes in Start>Control Panel>Network and Internet>Internet Options>Connections>LAN settings. Now the browsers are working fine.

I have a few questions.

1.) What are the default proxy settings in Windows 7, should all of those boxes be unchecked like I have them now?

2.) Is there anything else the virus could have screwed with that I should check?

3.) Should I reformat now just to be safe? My computer seems fine now. What do you guys think?

Here is my Malwarebytes log:
Code: 
Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c87afc96-4335-4937-97a1-850569f91817} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c87afc96-4335-4937-97a1-850569f91817} (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\edqxyrtm (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ibinuqiruhaku (Trojan.Agent.U) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\JTik\AppData\Local\rrjiqybre\prnlndstssd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\mmggp.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\jqylg.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\rasxmeowcn.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\texn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\Temp\wnxscarome.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\JTik\AppData\Local\ufofoxoqo.dll (Trojan.Agent.U) -> Delete on reboot.
C:\Windows\SysWOW64\vmggp.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
 
"Not getting a virus for years" is a horrible reason to not run an AV.
If you're not using a proxy server, no information should be in there...there should be no checks in the boxes or any info in there...all blank.
Most of the rogue/fake alert malware is quite easy to clean up, if you feel like formatting and re installing..hey, it's your time. But a lot of us spent a lot of time and effort into creating the excellent "malware removal sticky thread" up atop this forum..might want to peek into it and follow some of its suggestions.
 
Also, how would you know if you had a Virus...if you didn't have AV?

1. The default proxy settings are empty. You only tune them if you're going to be using a proxy to access the intarwebs.

2. Reformat. Then install Microsoft Security Essential

3. ^
 
yeah i see spyware mess up the proxy settings all the time. you have to have some spyware protection today its just to bad out there not to have something. i even use two programs. mse and superantispyware.
 
Wow, surfing the internet tubes without malware protection is like heading to the massage parlor with a rain coat. You're just asking for problems...

Go install MSE for some free and decent protection. I always scan an infected computer with at least two different removal tools and run ccleaner after turning off system restore. Go through the sticky.
 
You must log in or register to reply here.
Back
Top