2

Recently I installed some random softwares on my windows 8.1 PC from the internet and along with that some malware also got installed. I started getting " Your connection is not private " error in google chrome when I tried to open google.com .

When I checked the certificate, I found instead of Google's certificate I received "GoProxy untrusted MITM proxy Inc"certificate.

Then I checked my proxy setting. I found "Use a proxy server for your LAN" checkbox automatically checked and on clicking Advanced button, I saw my system was using 127.0.0.1 on port 8080 as proxy for both HTTP and Secure connection. When I opened http://127.0.0.2:8080 in my browser, I got the message "This is a proxy server. Does not respond to non-proxy requests"

Even if I uncheck the option to use the proxy, it automatically gets checked after closing the dialog.

My question is has the malware installed proxy server on my pc? How the malware has done this? How to resolve this issue?

Improve this question
1
  • My hunch would have been the same as yours: Sounds like malware. It's not difficult to install a proxy server. After all this is a normal application that is simply listening on port 8080 for connections and acts as a server. If the check box is automatically checked again, I would assume that the spyware/malware is still active and monitoring chrome's configuration for changes. Obtain anti-virus/anti-spyware tools and perform a safe boot. Then try to locate the problem and remove it. I am assuming you are using windows. You might want to add this info to your question.
    – Potaito
    Commented May 21, 2016 at 9:54

1 Answer 1

Reset to default
3

My question is has the malware installed proxy server on my pc?

Based on your description this is very likely.

How the malware has done this?

Use of proxy is only a registry setting or similar (i.e. browser profile) setting and can be changed by a process (no manual interaction required).

How to resolve this issue?

Unless you have instructions which are specific to your malware you should reinstall the system from scratch. You might also try a trusted antivirus (AV) product and see if this helps. But don't just download some random software claiming to be an AV - there are lots of fake AV out there which do even more harm.

Improve this answer
7
  • 1
    Are you sure that antivirus/malware/spyware programs aren't an option? I would certainly prefer to try running one of these to see what I get, before I spend days re-installing.
    – yo'
    Commented May 21, 2016 at 10:04
  • Is there any way to find the location of the proxy server?
    – roguesecurity
    Commented May 21, 2016 at 10:05
  • @yo: I'm not sure that they resolve the problem and that's why I have added these as "You might also try...". But given that the OP just downloaded some random software and installed it I'm not sure that he will not download some random software claiming to be an AV.
    – Steffen Ullrich
    Commented May 21, 2016 at 10:06
  • 1
    @PiyushSaurabh: the location of the proxy server is on your system (127.0.0.1). But given that your proxy settings gets reset the proxy itself is only one part of the malware and there is more. The least you should probably do is to backup any data as soon as possible but still treat them as infected. Malware often gets upgraded so chances are high that ransomware will be the next thing if you don't fix your problem fast.
    – Steffen Ullrich
    Commented May 21, 2016 at 10:09
  • 2
    @PiyushSaurabh You can, but it's a bit like being your own surgeon treating cancer. You really should get some proper AV solution, and as mentioned above, backup your data.
    – yo'
    Commented May 21, 2016 at 11:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .