PDA

View Full Version : Proxies



phil.b
20-06-2004, 06:14 PM
Like a complete idiot I installed a program called ZillerPopupKiller. It was supposed to be a registry cleaner & pop up killer in one. I read up a bit about it before installing & it appeared to do what it was supposed to. There was no mention of any spurios software that went with it.

Then I ran Spybot & afterwards Adaware. They cleaned out heaps of spyware created by this program. I tried to uninstall it. It didn't appear on the uninstall list. So I deleted the folder, searched through "C" drive & deleted anything to do with it. Searched the registry & deleted again. Ran Windoctor & cleared out some more junk & re-started windows. It appears to have gone, well almost.

I use Windows xp pro & Mozilla as my browser with an ethernet router. Under edit/preferences/advanced/proxies in Mozilla, Zillapopupkiller has entered itself a manual proxy configuration under HTTP as ZillaPopupKiller on port 8100. If I select direct internet connection & click ok, I can access the internet. When I close Mozilla & re-open it, the proxy setting has reset itself to manual & I have to re-configure to direct again.

Does anyone know how to rid me of this evil

Thanks

Phil

mark c
20-06-2004, 07:08 PM
ZillerpopupKiller or ZillapopupKiller? I guess you've had a look already but I will too. :D

phil.b
20-06-2004, 07:31 PM
ZillaPopupKiller

mark c
20-06-2004, 07:35 PM
Here (http://www.computercops.biz/postt18681.html) is the only ref I can find, and that was in altavista. Mind you it's all about logfile stuff from Hijackthis with which I am unfamiliar but reading this will be start.

Haven't tried every SE on the net either. :^O

phil.b
20-06-2004, 08:05 PM
Thanks Mark. I had already seen that one but couldn't find anything in my registry that related to it. Probably because I'd already manually deleted lots of entries.
I'll keep looking

Phil

Greg S
20-06-2004, 08:09 PM
You might want to re-scan with Adaware and Spybot, but with altered settings. Reference [url=http://www.computercops.biz/postt18681.html]here[/url. It's not the exact same problem, but may shed some light.

Another thought is you may find reference to it in one of the "proxy" type folders within Mozilla. Do a search for "proxy" on your drive and have a nosy at the results. You should find one called nsProxyAutoConfig.js. If you can find it it may be possible to manually edit the file using a text editor.

Alternatively search for Zillapopupkiller on your drive - use the feature to search within text in folders

mark c
20-06-2004, 08:21 PM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=ZillaPopupKiller:8100

Did you see that registry line in the logfile? :D

johnboy
20-06-2004, 08:34 PM
you don't say if you have hijackthis
Here (http://www.spywareinfo.com/~merijn/downloads.html)
that will help finding it

phil.b
21-06-2004, 12:27 AM
Thanks for the replies. But no joy. It doesn't show up with Hijackthis or Startuplist. I've searched the hard drive as well as the registry to no avail. It must be in numeric form rather than the written word.

I'll keep trying

Phil

mark c
21-06-2004, 11:41 AM
Have you tried a System Restore? See if you can back to before you intalled this prog?

phil.b
21-06-2004, 11:56 PM
I tried system restore (don't know why i didn't think of it) it seems to have been disabled. It runs through it's routine but reports it can't restore, even for a month ago which is two weeks before I installed zillapopupkiller. I cant run a disc check either as it can't get direct disc access.

mark c
22-06-2004, 01:26 AM
I suggest you try Pestpatrol (http://www.pestscan.com/ ).

It's something else to try after all, just keep badgering away at it.

I've had numerous items of crudware on various comps I've used and *touches head* touch wood never had to take the machine to a shop.

Fire-and-Ice
22-06-2004, 11:17 AM
Would there be any chance that it has entered itself in your Hosts file? Some spyware/adware programs and viruses/trojans are notorius for fiddling with that one. ;-)

phil.b
22-06-2004, 09:50 PM
I got Pestpatrol & wow it got another 98 spyware/adware files. It makes you wonder if Adaware or Spybot do anything. I'll just have to use all three. Sadly ZillapopupKiller is still altering the Mozilla proxy.

Fire & Ice, I did a search for a host file & it came up with lots of them. Could you be more specific as to where it's likely to be please.

Phil

Jester
22-06-2004, 10:19 PM
I tried that Pestpatrol too - it found 15 files...

Doesn't run in Mozilla though, sat there waiting for a few mins before trying with IE lol.

Anyway, it seems to think that the Google Search Bar is part of the CoolWeb variants. This concerned me until I found this link (http://www.webuser.co.uk/cgi-bin/forums/showflat.pl?Cat=&Board=security&Number=70853&page=0&view=collapsed&sb=5&o=93&part=), which basically says that PestPatrol brings up false positives.

Probably to convince you to buy the program from them, as, although they give you detailed instructions on how to manually remove problems, they are so long-winded and written to make the automatic removal by the paid-for version of PestPatrol the only way to remove the 'nasties'.

Just beware that not everything out there is bad. Even if Pestpatrol says it is!

J
:D

phil.b
22-06-2004, 10:31 PM
Thats true Jester. BTW I didn't pay for it. Nods as good as a wink to a blind horse. Know what I mean.

Phil

Fire-and-Ice
22-06-2004, 11:16 PM
Its probably a bit irrelevant to your problem but the Hosts file is just that - Hosts with no extension. In Win XP the one you are after is likely to be in C:\WINDOWS\system32\drivers\etc. Open it with Notepad.

Note: you need to have view hidden and system files enabled in order to see it.

phil.b
23-06-2004, 12:21 AM
Hi People, I've sussed it.

Go to documents & settings/your username/application data/mozilla/ profiles/default/875p5psz.slt

Right click user.js & edit it by deleting everything in it.

In the URL bar type about:config & press enter.

Scroll down to Network proxy.http, right click & reset it.
Right click Network proxy.http_port, right click & reset it.
Right click Network proxy.no_proxies_on, right click & reset it.

Go to edit/preferences/advanced/proxies. Click direct connection to the internet.

Log off & back on. Hey presto

Thanks for all your help & suggestions

Phil