I can't restore proxy files because they are marked DOR (but I haven't rebooted yet)

[CatB]

Hello, please help me......

 

I just instaled Malwarebytes on my other laptop and ran it. It found about 20 files it said were malware. They are proxy files. It asked me what to do with them and I checked "Delete on Reboot". (DOR)

 

Immediately afterwards, I was not longer able to access the internet using Firefox or Chrome. I tried to "Restore" the files in Malwarebytes but it says it cannot restore the files as they are "DOR". I want to cry. Why have the option to restore (if one makes a mistake) but then say sorry, no can do.

 

I have not dared to reboot yet. What should I do? I am facing hours if not days correcting a split second bad decision. I barely even know what a proxy is. I just bought my laptop a month ago. It was not showing signs of infection. I was just being thorough.

 

Thanks in advance. Honestly I am ovewhelmed. Should I reboot? How can I restore? And what is a proxy file and how will I ever be able to reinstall new ones?

 

 

[Firefox]

Hello and Welcome!

You can not restore the files until you reboot. Once you reboot the files can be restored.

Can you post your scan log so we can see what was removed?

[CatB]

ok thank you here it is. I still have not rebooted.

ps, the laptop in question is running Windows 8.1

the actual internet connection is still working but browsers and email (Thunderbird) are not

 

Here is the log file. I will put the daily log in a separate post.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-08-16
Scan Time: 4:40 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: AnyCat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416586
Time Elapsed: 32 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Backdoor.Agent.WD, C:\Users\AnyCat\AppData\Local\Temp\587C.tmp.exe, 624, Delete-on-Reboot, [443f7198503b75c1d631bb943bc5af51]
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\privoxy.exe, 6596, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739]

Modules: 1
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\mgwz.dll, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],

Registry Keys: 2
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}, Quarantined, [c9ba42c74a41270fee6e9b84c73c38c8],
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],

Registry Values: 5
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|FaviconURL, http://homepage-web.com/favicon.ico, Quarantined, [c9ba42c74a41270fee6e9b84c73c38c8]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|FaviconURLFallback, http://homepage-web.com/favicon.ico, Quarantined, [ec97818874174bebf76555caac57d729]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|TopResultURL, http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms},Quarantined, [552ea564781386b0b0ac6bb425de7e82]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|URL, http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms},Quarantined, [8df68b7ee6a5fb3b9ebe39e60ff45ca4]
PUM.Bad.Proxy, HKU\S-1-5-21-3908149922-2040922632-2111111489-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [f68d7e8b2e5d59ddfe52f2aa030155ab]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect\SearchProtect, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [e89bd3363b50979f3b5b1bed7291bf41],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [e89bd3363b50979f3b5b1bed7291bf41],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],

Files: 22
Backdoor.Agent.WD, C:\Users\AnyCat\AppData\Local\Temp\587C.tmp.exe, Delete-on-Reboot, [443f7198503b75c1d631bb943bc5af51],
Trojan.Downloader, C:\Users\AnyCat\AppData\Local\Temp\5A05.tmp.exe, Quarantined, [493a28e1286393a394b4405351b015eb],
PUP.Optional.OpenCandy, C:\Users\AnyCat\AppData\Local\Temp\HYD948C.tmp.1439767105\HTA\install.1439767105.zip, Quarantined, [562d69a0414a2e0847b55423ae57ab55],
PUP.Optional.OpenCandy, C:\Users\AnyCat\AppData\Local\Temp\HYD948C.tmp.1439767105\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [13700009c8c3b680a755b4c357ae39c7],
PUP.Optional.OpenCandy, C:\Users\Catherine\AppData\Local\Temp\HYD32C0.tmp.1436335059\HTA\install.1436335059.zip, Quarantined, [443f06031d6e45f1d923eb8ce22352ae],
PUP.Optional.WebSearch.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\vyx7gcsd.default\searchplugins\Web Search.xml, Quarantined, [780b917892f939fd736180dc2cd72ad6],
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [e89bd3363b50979f3b5b1bed7291bf41],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\amjob.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\checkproxy.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\config.txt, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\default.action, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\default.filter, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\mgwz.dll, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\privoxy.exe, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\privoxy.log, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\sschromium.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\sschromium64.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssff.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssie.dll, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssnet.dll, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssnet64.dll, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],

Physical Sectors: 0
(No malicious items detected)


(end)

[CatB]

Here is the daily log. I just downloaded Malwarebytes about 30 minutes before running it and ran the check for updates.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Update, Bad md5 or size: akadomains, 11,
Error, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Update, Bad md5 or size: akaips, 11,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, AKA IP Database, 0.0.0.0, 2015.8.6.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, AKA Domain Database, 0.0.0.0, 2015.8.15.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Malware Database, 2015.6.3.3, 2015.8.16.3,
Scan, 2015-08-16 5:13 PM, SYSTEM, MYCAT, Manual, Start:2015-08-16 4:40 PM, Duration:32 min 56 sec, Threat Scan, Completed, 3 Malware Detections, 35 Non-Malware Detections,

(end)

[Firefox]

Thanks for the log.... those are not files that I would want to restore or have running on my computer. I suggest you follow the instructions below to get one on one help with cleaning your infected computer, including restoring your internet connection.

We are not permitted to work on possible malware-related issues here in this section of the forum.

Such work is conducted in a special forum area reserved for that purpose, or at the help desk.

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

[CatB]

Hmm ok thank you Sir (sorry I don't know your name).

[CatB]

I finally got the courage to reboot and everything is fine, my internet is working and the AFC Secure Net is gone. I won't restore those files. I am curious but I am moving on. Thank you anyway!

[Firefox]

Good to hear, up to you, but if you still want the expert to help you with your other topic, just wait until someone picks it up HERE.

 

Please do not reply to that topic any more, cause that will only look like someone is already helping you.  If you do not want any further help just post there and ask for the topic to be closed.