- Aug 25, 2001
- 56,587
- 10,227
- 126
Ran across this today, working on a client's system that had some malware on it.
Conduit, and some friends.
Ran Malwarebytes, SAS, and FreeFixer and removed most all of it.
Oh yeah, since browsers didn't work because of the proxy crap, I used FTP.EXE to download a copy of Firefox off of their FTP server. It was bugged too, so I went to "about:config", and changed proxy type from 5 to 0. That worked, and I was able to get out on the internet.
Went to Internet Explorer, LAN settings, Proxy, and unchecked it. That didn't work. It stays checked, and there's a blurb under it about some setting may be configured by your administrator.
User account was an admin account. So I knew some sort of group policy setting was at work. I tried to launch gpedit.msc, but as I learned, that is not present in Win7 Home Prem.
I found a download that purported to install it into Home, but I couldn't get it to work.
Has anyone else run into this? Is there any easy fix, or a registry setting to check?
In my searches, I found that you could edit the registry manually to change group policy settings, and that someone had a similar problem, and it was caused by their anti-virus software. In that case, uninstalling it was the solution.
I didn't feel comfortable uninstalling their AV software, until I exhausted most or all of my other options.
Btw, does anyone know if Conduit "protects" the proxy setting like this? I recall removing conduit off of someone else's computer once, and all I had to do it "Reset" IE's settings to get rid of the proxy setting. That didn't work in this case.
Edit: I found a removal guide, and it doesn't mention removing a protected proxy server.
http://malwaretips.com/blogs/remove-conduit-apps-search-and-toolbar/
So either the malware is getting sneakier, or this may in fact have something to do with the AV software installed.
Edit: I left this on the system, because I didn't know what it was:
http://www.herdprotect.com/vntldr.exe-7ac6f7e3b4791f837d5caee5721052bd2ad1c59e.aspx
Edit: Here's a good guide for removing proxy servers:
http://www.plus.net/support/software/browsers/proxies.shtml#ie7
Unfortunately, it doesn't work, the LAN proxy setting in IE stays checked, because it was set by your administrator.
Edit: Found this page, which mentions the IE proxy settings in the registry:
http://www.2-viruses.com/remove-antivirus-net
Not sure where the "protection" GPO lives though.
Conduit, and some friends.
Ran Malwarebytes, SAS, and FreeFixer and removed most all of it.
Oh yeah, since browsers didn't work because of the proxy crap, I used FTP.EXE to download a copy of Firefox off of their FTP server. It was bugged too, so I went to "about:config", and changed proxy type from 5 to 0. That worked, and I was able to get out on the internet.
Went to Internet Explorer, LAN settings, Proxy, and unchecked it. That didn't work. It stays checked, and there's a blurb under it about some setting may be configured by your administrator.
User account was an admin account. So I knew some sort of group policy setting was at work. I tried to launch gpedit.msc, but as I learned, that is not present in Win7 Home Prem.
I found a download that purported to install it into Home, but I couldn't get it to work.
Has anyone else run into this? Is there any easy fix, or a registry setting to check?
In my searches, I found that you could edit the registry manually to change group policy settings, and that someone had a similar problem, and it was caused by their anti-virus software. In that case, uninstalling it was the solution.
I didn't feel comfortable uninstalling their AV software, until I exhausted most or all of my other options.
Btw, does anyone know if Conduit "protects" the proxy setting like this? I recall removing conduit off of someone else's computer once, and all I had to do it "Reset" IE's settings to get rid of the proxy setting. That didn't work in this case.
Edit: I found a removal guide, and it doesn't mention removing a protected proxy server.
http://malwaretips.com/blogs/remove-conduit-apps-search-and-toolbar/
So either the malware is getting sneakier, or this may in fact have something to do with the AV software installed.
Edit: I left this on the system, because I didn't know what it was:
http://www.herdprotect.com/vntldr.exe-7ac6f7e3b4791f837d5caee5721052bd2ad1c59e.aspx
Edit: Here's a good guide for removing proxy servers:
http://www.plus.net/support/software/browsers/proxies.shtml#ie7
Unfortunately, it doesn't work, the LAN proxy setting in IE stays checked, because it was set by your administrator.
Edit: Found this page, which mentions the IE proxy settings in the registry:
http://www.2-viruses.com/remove-antivirus-net
Not sure where the "protection" GPO lives though.
Last edited:
Facebook
Twitter