can't get rid of a proxy server

lan101

lan101

Well-Known Member
Reaction score
599
the "use a proxy server for your lan settings" keeps coming back constantly under windows 8. Not 8.1 just 8 right now.

I've done over 2 hours of google searches with no results. I've ran rkill which recognizes there's an active proxy server, but it remains checked. It's also effecting firefox too.

I've ran several cleanup tools as well. I've done the registry hacks, but then they just revert back to what was there before.

here is forum advice that i tried.

http://www.eightforums.com/network-...ions-proxy-server-setting-won-t-stay-off.html

I was just wondering if anyone has any suggestions relating to this issue. I don't really wanna reload for something so petty like this lol.

Thank you.

EDIT: under internet explorer by the way lol...i forgot to say that in the beginning
 
I cannot open or download the group policy admin tools on this computer. Isn't that only available on 8 professional??

Thank you
 
I definitely think that there's some sort of policy enabling it because I can uncheck all proxies and as soon as i go back to look it's rechecked again.
 
Again, the Tweaking.com AIO has been the fastest way to kill those GP's that I have found, although someone reported the other day that it didn't kill theirs.

I think we're seeing a new gen of malware that's making aggressive use of GP's to stay persistent.
 
So basically with home edition's of windows if you cannot do group policy changes your simply SOL?? I tried the tweaking tool with no luck. Trying a windows refresh to see what happens.
 
Thanks for that thread input, I must've missed that one. Looks like for now I'm just doing refresh and see what happens. If nothing changes I'm just gonna do full reinstall. Hate to do this for such a silly thing but can't spend 15 hours trying to make $150 lol.
 
Check HKLM/Software/Policies/Microsoft/Windows/CurrentVersion/InternetSettings

There might be a setting there about proxy for all users or something. It's safe to delete anything in there, because normal configs don't have anything in that location
 
Refresh in win8 seemed to fix it for now. Ran hitman and rogue killer and it found no proxy servers running which it kept finding before over and over.
 
Also be sure to check all of your Internet shortcuts on the desktop quicklaunch and in your start menu. Lately I have seen hijackers place a specific website into these shortcuts to auto launch their site instead of your homepage.

ADWCleaner and Malwarebytes are great tools to help remove them as well.
 
ProfessorCPU said:
Also be sure to check all of your Internet shortcuts on the desktop quicklaunch and in your start menu. Lately I have seen hijackers place a specific website into these shortcuts to auto launch their site instead of your homepage.
Click to expand...
Yup - my last infection was one of these. One main SvcHost.exe dropped into the start menu Startup folder (which played creepy audio ads in the background) and the rest were the taskbar and desktop shortcuts edited to autolaunch the sites. Hiding in plain sight.
 
Xander said:
Yup - my last infection was one of these. One main SvcHost.exe dropped into the start menu Startup folder (which played creepy audio ads in the background) and the rest were the taskbar and desktop shortcuts edited to autolaunch the sites. Hiding in plain sight.
Click to expand...

Yep and the sad thing is none of the programs the we used to scan the computer would detect the shortcuts. It was pretty sad that it took us all day to figure out that it was in the shortcuts. But as seasoned techs we didn't think to look in the simplest places.

A few times we actually thought we got rid of the problem. Then later we would see a task scheduler command window pop up and sure enough the proxy settings were changed again.

What made it difficult is we wouldn't see the command window as soon as we opened the internet. it used the task scheduler to delay it for a bit. So it seemed random when it would pop up.
 
This is part of the power of using tools like FRST and OTL in your virus removal process. They scan the scheduled tasks and have options for scanning and displaying shortcuts in a log. Food for thought...
 
FYI for anyone fighting a proxy like this, I just defeated it by enabling the group policy editor in Win 7 Home Premium as detailed here:
https://www.youtube.com/watch?v=zZMK1AetalA

then disabled the proxy lock out via:

For some security reasons maybe administrator need to prevent end users from change their proxy settings.

You can do it with group policy follow this steps:

Click Start – All programs – Administrative Tools – Group Policy Management.
Create or Edit Group Policy Objects.
Expand Computer Configuration – Administrative Templates – Windows Components - Internet Explorer – Internet Control Panel
In right Pane Disable the Connections page (Enabled) <-- Disabled for this fix!
Click to expand...

(except from http://social.technet.microsoft.com...to-force-proxy-settings-via-group-policy.aspx)

That did it! although it still say "some settings managed by your sys admin" I can now go in and disable the proxy and get online!

All other infections seem to be cleaned up. I have literally thrown the book at this thing, and it has been coming back clean for a few scans now, so I think this is just a PITA setting!

Hope this helps somebody in the future!
 
jbartlett323 said:
FYI for anyone fighting a proxy like this, I just defeated it by enabling the group policy editor in Win 7 Home Premium as detailed here:
https://www.youtube.com/watch?v=zZMK1AetalA

then disabled the proxy lock out via:



(except from http://social.technet.microsoft.com...to-force-proxy-settings-via-group-policy.aspx)

That did it! although it still say "some settings managed by your sys admin" I can now go in and disable the proxy and get online!

All other infections seem to be cleaned up. I have literally thrown the book at this thing, and it has been coming back clean for a few scans now, so I think this is just a PITA setting!

Hope this helps somebody in the future!
Click to expand...

Wondering if there's something like this for windows 8. I'm dealing with this same issue and I don't want to resort to formatting computers every time this proxy settings issue comes up.

*edit*
Found the windows 8 equivalent here: https://www.youtube.com/watch?v=oqk3vtTYfzY

Installed and it's working, will update if this does fix the proxy issue.

*edit #2*
Doesn't fix the issue. I'm not sure if it was random but the proxy setting did stay off the first time after doing all this. Now it's back to staying on/ticked. Sigh...
 
Last edited:
You must log in or register to reply here.

Similar threads

Metanis
Leftover proxy server problems from a malware issue
Replies
18
Views
2K
ComputerRepairTech
ComputerRepairTech
YeOldeStonecat
Got a difficult large network issue, wireless on new ProCurve setup
2
Replies
30
Views
5K
YeOldeStonecat
YeOldeStonecat
Back
Top