Please help with suspected malware issue "http://127.0.0.1:8080/proxy.pac"

ussnorway

Windows Forum Team
Staff member
Premium Supporter
#21
How long have you had Viber installed john?

I'd like to check that your host file has no extra entry... any thing with a # in front can be ignored.
Screenshot (505).png
 


#22
hi ya, both of these are in host file and everything else has a hash sign before it: 188.241.112.92 sopcast.com
184.22.254.48 sopcast.com

I remember inputting those addresses as sopcast was having difficulty running properly. As for viber..... i have it installed since a few months.
 


ussnorway

Windows Forum Team
Staff member
Premium Supporter
#23
  • So you have sopcast, Teamviewer & Viber all running on the same system... Perhaps skype as well.
fyi 188 and 184 are ok for sopcast
  • Does this system run firefox browser...
  • Has anyone asked you to input any Proxy settings lately... for a game/ torrent perhaps?
 


#24
Thats correct i have all those software on my computer except for skype.

Yep, i had to use firefox as my default. Id prefer to use google chrome however after a couple of days of using it the search options change, as in, just the links would be given which would be underlined in blue, with no previews etc. Im guessing now that this virus/malware i have is the cause of it changing.

Nope, i have nt changed or added any new proxy settings. As far as i know, ive had this bug on my laptop for sometime now, maybe months, however i did nt realise it was anything of such until recently when a few odd things started to occur (no internet access via explorer, not been able to change or delete that address, changed settings in goggle chrome; but very subtle).
 


Neemobeer

Windows Forum Team
Staff member
#25
You can just do a Find in regedit and search FeatureControl
 


#26
Just a quick update. I have managed to set the settings to "automatically detect settings" in windows explorer by running the program as administrator and it has seemed to solve the issues. The address however "http://127.0.0.1:8080/proxy.pac" still remains under the heading "use automatic configuration script".
@Neemobeer i tried that and could not find any featurecontrol via regedit.
 


Neemobeer

Windows Forum Team
Staff member
#27
Download and run HiJackThis and run a scan as administrator and save the log and upload it.
 


Neemobeer

Windows Forum Team
Staff member
#28
Ok after a lot of poking and prodding and filter adjustments I was able to find the key that contains that string. In regedit do you have a key. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings the property is called AutoConfigURL see if you can delete that key
 


#29
i dont have that in that section of the registry, but i do have "autoConfigProxy: wininet.dlll".
 


Neemobeer

Windows Forum Team
Staff member
#30
That's normal. Also check for the same key under HKLM, or you can search the whole registry for AutoConfigURL
 


#31
Yep, i checked there yesterday in that section and that address was there, so i deleted it.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top