Infected with something

Gemok

Gemok

Messages
319
Edit My Images
Yes
Something has got into my computer which keeps changing the internet settings to connect through a proxy server its affecting Firefox and IE I've run a complete virus scan and spyware sweep but both came up empty I guess something has altered a registry setting somewhere anyone have a clue where to look?

Its starting to P**S me off may end up reinstalling everything just to get rid of it!
 
TBH its probably using an anonymous registry key that keeps replacing anything you trace - the simplest, and most definate way to be rid is to do a clean install. Total pain but you wont be sure if anything you find is the only thing on your system.

Not much help, but its what I've found is the simplest in the longrun.

Goodluck
 
Clean install is overkill.

Download hijack this http://www.tomcoyote.org/hjt/ but RTFM first and if you are not sure about anything do not pass go, do not collect £200 but copy and paste the log from the scan on here and we will advise what to remove.
 
Sympathies. Hope you get it sorted. A full install is a lot of work. :(
 
Thanks for the link evilowl thats a very usefull app
I'm pretty computer savvy so know what I shouldn't be deleting just didn't know where to look in the reg there just way to may branches to look through one by one.
top of the pile was
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.110.74.244:8080
promtly deleted now to see if it comes back and to work out how it got there :ponders:
 
I've just tried browsing to that site and been blocked by our corporate firewall (reason being: proxy avoidance)

It looks like it could be an anoymous proxy to me. But it could also be spyware related (logging sites visited, usernames & passwords etc)

http://www.dnsstuff.com/tools/whois.ch?ip=64.110.74.244&server=whois.arin.net&email=on

ivan.rodriguez@ses-americom.com
abuse@ses-americom.net
andre.christian@verestar.com
admin@ses-americom.net

^^I'm sure would all love to get a nice email detailing your findings.
 
If I ever get any problems like this, I use:

HijackThis
AdAware *
SpyBot Search&Destroy*
CWShredder

* = both do much the same job, but each manages to find stuff that the other misses, so worth having both.
 
Sympathies also Gemok - hope you are sorted now.

Not wishing to butt in on Gemok's probs ...

But hey guys - there is also some really useful reference material here ... thanx for that and it is also good to know there are peeps more than willing to help and advise on stuff other than photography !

Have used SpyBot S&D before and thought this was all we needed !

Stored for future ref ... thanks again !
 
System Restore is teh devil! switch it off
 
if you get a virus of some sort, turn off system restore before you remove it, otherwise the virus doesnt really go at all, found that out the hard way!
 
evilowl said:
Indeed

Ghost 4 TEH WIN !!!!111one!!!1
Click to expand...

Ghost has saved me hours of work
 
I used to use Acronis True Image Pro, then found the recovery CD just didn't want to play nicely with my new Sata drives, so I use Ghost now instead.
 
You must log in or register to reply here.
Back
Top