Hi Emisoft, esp. Kevin Zoll,
I'm a PC user with a potential malware Q, which shares a
loopback address mentioned in one of your malware-fixes online, this past week. http://support.emsisoft.com/topic/17265-high-ram-usage/ Could I briefly ask about best steps / tactics?
>> My story: Windows 7, Lenovo Thinkpad.
I was recently running Lenovo update, which said "unable to connect to the proxy server". Looking at my Internet settings (IE), >> LAN settings, under 'Automatic Configuration': + Automatically detect settings. (was Checked, as usual for Earthlink / Time-Warner). + 'Use automatic configuration' script, was checked, with this localhost loopback: http://127.0.0.1:8445/okf.pac >> I just saw, you advised a fix for removing this same address, on your post cited above.
So yesterday, I removed this loopback, unchecked 'Use automatic configuration', & closed Internet settings. When I reopened IE settings, 'automatic config. script' was still unchecked, but the loopback address was still there, greyed out. I searched my registry for this address, found the loopback in three entries at these keys: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NlaSvc\Parameters\Internet\ManualProxies HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies I backed up registry & deleted all 3. However, that loopback remains in my IE settings, albeit greyed-out, as long as 'automatic config. script' is unchecked.
>> So far as I know, it loops back to a proxy port on my LAN server. I almost never use IE, prefer Firefox, so no idea how long its been this way. I infrequently use, & still have installed two VPN's: OkayFreedom & Cyberghost.
These VPN seem fairly mainstream, & I found no complaints they do this kinda thing.
So I feared malware. As per yr recommends, I ran these anti-malwares, tho nothing came up,
except some IE 'ProxyEnable' Registry items (I can likely change those): 1) CCleaner, (excluding windows logs).
2) M$ Malicious software removal, reports nothing.
3) Malwarebytes' Anti-Malware, reports nothing... see log, (AMWB.txt).
4) OTL, see logs (2).
5) Emisoft EEK, smart-scan, see log (a2scan_150515-143323.txt)
6) FRST64, see logs (2). I attach six (6) logs here.
Finally, I had purchased this laptop last fall from a (reputable) refurbisher, who said he reconstituted Windows from the 'Lenovo Recovery' partition. Well, maybe this is a standard in Lenovo's special sauce. Can I briefly ask 4 you suggestion ? ~ Regards, Gadzoox