Windows 8 Please help with suspected malware issue "http://127.0.0.1:8080/proxy.pac"

How long have you had Viber installed john?

I'd like to check that your host file has no extra entry... any thing with a # in front can be ignored.
Screenshot (505).png
 
hi ya, both of these are in host file and everything else has a hash sign before it: 188.241.112.92 sopcast.com
184.22.254.48 sopcast.com

I remember inputting those addresses as sopcast was having difficulty running properly. As for viber..... i have it installed since a few months.
 
  • So you have sopcast, Teamviewer & Viber all running on the same system... Perhaps skype as well.
fyi 188 and 184 are ok for sopcast
  • Does this system run firefox browser...
  • Has anyone asked you to input any Proxy settings lately... for a game/ torrent perhaps?
 
Thats correct i have all those software on my computer except for skype.

Yep, i had to use firefox as my default. Id prefer to use google chrome however after a couple of days of using it the search options change, as in, just the links would be given which would be underlined in blue, with no previews etc. Im guessing now that this virus/malware i have is the cause of it changing.

Nope, i have nt changed or added any new proxy settings. As far as i know, ive had this bug on my laptop for sometime now, maybe months, however i did nt realise it was anything of such until recently when a few odd things started to occur (no internet access via explorer, not been able to change or delete that address, changed settings in goggle chrome; but very subtle).
 
Just a quick update. I have managed to set the settings to "automatically detect settings" in windows explorer by running the program as administrator and it has seemed to solve the issues. The address however "http://127.0.0.1:8080/proxy.pac" still remains under the heading "use automatic configuration script".
@Neemobeer i tried that and could not find any featurecontrol via regedit.
 
Download and run HiJackThis and run a scan as administrator and save the log and upload it.
 
Ok after a lot of poking and prodding and filter adjustments I was able to find the key that contains that string. In regedit do you have a key. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings the property is called AutoConfigURL see if you can delete that key
 
That's normal. Also check for the same key under HKLM, or you can search the whole registry for AutoConfigURL
 
Back
Top