Should I restore proxy files that Malwarebytes removed (if I can). I can't use internet w/o them.

[CatB]

Hello, the general Help forum sent me over here......

 

I just instaled Malwarebytes on my other laptop today and ran it. It found about 20 files it said were malware. Many are proxy files, I think?  It asked me what to do with them and I checked "Delete on Reboot". (DOR)

 

Immediately afterwards, I was no longer able to access the internet using Firefox or Chrome, with Firefox saying "Proxy Server is refusing connections" and Chrome saying "Unable to connect to the proxy server". My internet connection is still working though because it is still downloading stuff in another application.

 

I tried to "Restore" the files in Malwarebytes but it says it cannot restore the files as they are "DOR". Apparently if I reboot I will be able to restore them? I have not dared to reboot yet. What should I do?

 

I just bought my laptop a month ago. It was not showing signs of infection. I was just being thorough.

 

I don't know what a proxy server is really, except some sort of intermediary? Techically,  this is way over my head but I do follow instructions well.

 

I would appreciate your advice.

 

I have attached the log file, followed by the Daily log file. I downloaded farbar but have not installed or run it yet. Do I really need to?

 

Thank you!

 

Cat

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-08-16
Scan Time: 4:40 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: AnyCat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416586
Time Elapsed: 32 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Backdoor.Agent.WD, C:\Users\AnyCat\AppData\Local\Temp\587C.tmp.exe, 624, Delete-on-Reboot, [443f7198503b75c1d631bb943bc5af51]
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\privoxy.exe, 6596, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739]

Modules: 1
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\mgwz.dll, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],

Registry Keys: 2
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}, Quarantined, [c9ba42c74a41270fee6e9b84c73c38c8],
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],

Registry Values: 5
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|FaviconURL, http://homepage-web.com/favicon.ico, Quarantined, [c9ba42c74a41270fee6e9b84c73c38c8]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|FaviconURLFallback, http://homepage-web.com/favicon.ico, Quarantined, [ec97818874174bebf76555caac57d729]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|TopResultURL, http://search.homepa...={searchTerms},Quarantined, [552ea564781386b0b0ac6bb425de7e82]
PUP.Optional.HomePageHelper.A, HKU\S-1-5-21-3908149922-2040922632-2111111489-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{99E218B4-2431-11E5-8266-F8A9637379C6}|URL, http://search.homepa...={searchTerms},Quarantined, [8df68b7ee6a5fb3b9ebe39e60ff45ca4]
PUM.Bad.Proxy, HKU\S-1-5-21-3908149922-2040922632-2111111489-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [f68d7e8b2e5d59ddfe52f2aa030155ab]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect\SearchProtect, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [e89bd3363b50979f3b5b1bed7291bf41],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [e89bd3363b50979f3b5b1bed7291bf41],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],

Files: 22
Backdoor.Agent.WD, C:\Users\AnyCat\AppData\Local\Temp\587C.tmp.exe, Delete-on-Reboot, [443f7198503b75c1d631bb943bc5af51],
Trojan.Downloader, C:\Users\AnyCat\AppData\Local\Temp\5A05.tmp.exe, Quarantined, [493a28e1286393a394b4405351b015eb],
PUP.Optional.OpenCandy, C:\Users\AnyCat\AppData\Local\Temp\HYD948C.tmp.1439767105\HTA\install.1439767105.zip, Quarantined, [562d69a0414a2e0847b55423ae57ab55],
PUP.Optional.OpenCandy, C:\Users\AnyCat\AppData\Local\Temp\HYD948C.tmp.1439767105\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [13700009c8c3b680a755b4c357ae39c7],
PUP.Optional.OpenCandy, C:\Users\Catherine\AppData\Local\Temp\HYD32C0.tmp.1436335059\HTA\install.1436335059.zip, Quarantined, [443f06031d6e45f1d923eb8ce22352ae],
PUP.Optional.WebSearch.A, C:\Users\Catherine\AppData\Roaming\Mozilla\Firefox\Profiles\vyx7gcsd.default\searchplugins\Web Search.xml, Quarantined, [780b917892f939fd736180dc2cd72ad6],
PUP.Optional.SearchProtect.A, C:\Users\AnyCat\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [354e20e96b209b9bdc586b89a161926e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [e89bd3363b50979f3b5b1bed7291bf41],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\amjob.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\checkproxy.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\config.txt, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\default.action, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\default.filter, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\mgwz.dll, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\privoxy.exe, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\privoxy.log, Delete-on-Reboot, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\sschromium.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\sschromium64.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssff.exe, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssie.dll, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssnet.dll, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],
PUP.Optional.PrxySvrRST, C:\Program Files (x86)\AFC Secure Net\ssnet64.dll, Quarantined, [98ebfa0f8ffcc1753f9853bfbc47c739],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Update, Bad md5 or size: akadomains, 11,
Error, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Update, Bad md5 or size: akaips, 11,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, AKA IP Database, 0.0.0.0, 2015.8.6.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, AKA Domain Database, 0.0.0.0, 2015.8.15.1,
Update, 2015-08-16 4:36 PM, SYSTEM, MYCAT, Manual, Malware Database, 2015.6.3.3, 2015.8.16.3,
Scan, 2015-08-16 5:13 PM, SYSTEM, MYCAT, Manual, Start:2015-08-16 4:40 PM, Duration:32 min 56 sec, Threat Scan, Completed, 3 Malware Detections, 35 Non-Malware Detections,

(end)

 

 

 

[CatB]

I see on my laptop that AFC Secure Net was installed only today at 4:14pm. I have no idea what this was installed with. I think the only other thing I installed this afternoon was Malwarebytes. I don't know if the AFC Secure Net is the problem? This is the contents of its log file, privoxy.log at 5:13pm:

 

"2015-08-16 17:13:59.858 000018b4 Fatal error: can't check configuration file 'config.txt':  (error number 2)"

 

That was the same time the Malwarebytes scan ended.

 

 

 

[CatB]

I got the courage to reboot and everything is fine, my internet is working and the AFC Secure Net is gone. I won't restore those files. I am curious but I am moving on. Thank you anyway!

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.