Jump to content

Recommended Posts

For quite some time, after I restart my computer I can't log into the internet because my proxy settings are wrong. I don't use a proxy setting at all as I use BT Infinity.

 

BT Desktop help always corrected the problem and I have now learnt to correct it myself by going to Internet Options/connections and removing the tick in the "use proxy settings" field. Once I've done this, there is no problem.

 

I have now discovered (through Malwarebytes) that my computer has got something called PUM.Optional.ProxyHijecker on it. I gather that it's a Trojan of some kind. Although Malwarebytes detects it and deletes the quarantined file, it comes back next time I reboot and Malwarebytes detects it all over again.

 

I have researched how to get rid of this and unless I try to change the registry myself (I would never do this without very clear instructions) all roads seem to lead to something called Spyhunter which I gather is even worse as you have to buy the paid version and it is very difficult to remove.

 

Why doesn't Kaspersky pick up and remove this Trojan?

 

Is there a better way to remove it?

 

Many thanks

Share this post


Link to post

Sorry about the duplicate posts. I kept getting an error message so assumed it hadn't posted properly and kept trying again.

Share this post


Link to post

Kaspersky Settings > Additional > Threats and exclusions > Detection types > Settings > enable Detect Other Software.

and do a databases update > reboot, then do a scan.

 

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

 

After that, uninstall any recently installed junk > reboot.

 

After that, uninstall any and all junk toolbars > reboot.

 

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.

 

Remove the junk argument from the target field of the browser shortcut properties.

 

Remove any and all junk search providers in all of your browsers.

 

Then if need be, change your home page, in all of your browsers.

 

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319

 

If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot.

 

Any better after that?

 

If still no go, please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the fifth Important topic. There, you will find instructions for GSI and AVZ logs.

 

Please see the small print that is located at the bottom of this message.

Share this post


Link to post

Hasn't worked, I'm afraid.

 

The tick keeps coming back in "use proxy server" every time I reboot and Kaspersky still isn't picking up the problem

 

Kaspersky Settings > Additional > Threats and exclusions > Detection types > Settings > enable Detect Other Software.

and do a databases update > reboot, then do a scan.

 

Clear the contents of your Temp folder, instructions: http://support.kaspersky.com/1161 and then reboot.

 

After that, uninstall any recently installed junk > reboot.

 

After that, uninstall any and all junk toolbars > reboot.

 

Uninstall/disable any and all junk browser add-ons and extensions and plugins in all of your browsers.

 

Remove the junk argument from the target field of the browser shortcut properties.

 

Remove any and all junk search providers in all of your browsers.

 

Then if need be, change your home page, in all of your browsers.

 

How to clean up your browsers: http://support.kaspersky.com/us/viruses/solutions/10319

 

If you are using a router, reset the router, change the router password to a strong password, enter the correct information according to your internet providers instructions, then clear browser cache and cookies, reboot.

 

Any better after that?

 

If still no go, please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the fifth Important topic. There, you will find instructions for GSI and AVZ logs.

 

Please see the small print that is located at the bottom of this message.

 

Share this post


Link to post

My bad, i answered you in your other post in the virus related forum.

Edited by Helios_07

Share this post


Link to post

Sorry to be dim but I have followed the AVZ4 instructions to the letter. Everything seems to work but after the computer reboots, there is no "Log" folder in the AVZ4 folder.

I've done this twice. Am I doing something wrong, please?

 

Share this post


Link to post

Please try these instructions:

 

1) Windows Control panel and in Folder options, View tab, Show hidden files > ok, and:

 

2) Uncheck Hide extensions for known file types > ok.

 

3) To create the logfile, please firstly download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

 

4) Next, unpack the file (extract) to a new folder using the Compressed (zipped) folders wizard built into Windows, or a zip utility of your choice.

 

5) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.

If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

 

6) You should now see the main window of the AVZ utility.

 

7) Please navigate to File->System Analysis, check the option "Attach System Analysis log to ZIP"and start the scan from the same window. AVZ will then

take a few minutes to scan your computer and compile the logfile.

 

8) You will be prompted with a window asking you where to save the logfile.

 

9) Please save the logfile to your desktop or within the AVZ folder so you can easily retrieve it after scanning has completed.

 

10) Once scanning is finished, please attach the closed zipped logfile (KL_syscure.zip) to your post.

 

Also, If you have the closed zipped KL_syscure.zip file, then attach it to your post. How to attach it:

 

11) If you have the closed zipped KL_syscure.zip (or the avz_sysinfo.zip or virusinfo_syscure.zip or virusinfo_syscheck.zip) file, then attach it to your post. How to attach it:

 

When replying, click the browse button that is located below the lower right corner of the reply box. In the window that opens, navigate to the closed zipped KL_syscure.zip file.

Click it once to select it, then click Open, then click Upload button, located just to the right of the Browse button. Wait a few moments for it to upload, then Reply.

 

If it is too big to attach here, then please upload the closed zipped KL_syscure.zip or avz_sysinfo.zip or virusinfo_syscure.zip file to a filehost such as https://disk.yandex.com/

or to http://rghost.net/ and then post the Download link to the log.

Share this post


Link to post

Thanks so much for this. Your help ( and that of everyone on here is appreciated)

 

Just as reminder, my problem is that every time I reboot my computer, the proxy setting keep changing so that a tick appears in the "use proxy" box in internet options, connections.

 

I was told have I have picked up something called PUM.Optional.ProxyHijacker, which was detected (but not removed) by Malwarebytes but not detected by Kaspersky.

 

avz_sysinfo.zip

Share this post


Link to post

Merged. Please stay in one topic thread for same issue.

 

C:\Windows\winstart.bat located in Startup folder. Let's take a look.

 

Please download AdwCleaner (by Xplode) and save it on your Desktop.

 

Right click the file that you saved and Run as administrator, press the Scan button and wait for the scan to complete.

 

When the scan is complete, the report will be saved in the following location: C:\AdwCleaner\AdwCleaner[S1].Txt

 

Please attach AdwCleaner[S1].Txt to your next post.

Share this post


Link to post

You're welcome. Close all browsers, then re-run AdwCleaner by right click > Run as administrator, check all detected, then click Clean and wait until removal is complete > reboot.

The report will be saved in the following location: C:\AdwCleaner\AdwCleaner[C1].Txt.

Attach the report to your next post.

 

 

Scan with Malwarebytes' Anti-Malware Free: http://www.malwarebytes.org/products/malwarebytes_free/ Update it first, scan and attach its detection log, but Please Don't remove anything yet, until the log is reviewed.

Share this post


Link to post

Malwarebytes still detects the PUM registry key.

 

Please Remove all that Malwarebytes detects, then reboot.

 

Any better after that?

Share this post


Link to post

Hi.

 

The good news is that when I start/restart the computer I no longer have to keep changing the proxy settings by removing the tick in the box so whatever was causing the settings to change has gone or been fixed by Adware cleaner.

 

The bad news is that although I used Malwarebytes to remove the PUM registry key, next time I scanned using Malwarebytes, the key came up again so it seems that Malwarebytes can't remove it. There were similar findings on the Malwarebytes forum.

 

Interesting that Kaspersky doesn't detect it let alone remove it.

 

JJ

 

 

Share this post


Link to post

What, and why: It is not malware. It is not an illegal trojan, not an illegal virus, not an illegal rootkit.

 

It is Legal junkware. It is much easier to remove than it is to remove illegal malware. The user downloaded it and installed it. It is legal; it has a eula.

 

Kaspersky may possibly not detect legal junkware, for legal reasons.

 

Cause: Caused by someone downloading junk. Junk that is downloaded from download sites comes bundled with more junk. Or: Downloading ok stuff from a download site. Ok stuff that is downloaded from download sites is bundled with junk.

 

Prevention: Only download ok stuff, and only from the original source, not from a download site.

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.