Proxy Virus - Cant change Proxy from setting (automatically put again the proxy when I close the window) - Can't change it from terminal (adminright but no adminrights?)

Question

Level 1

4 points

Proxy Virus - Cant change Proxy from setting (automatically put again the proxy when I close the window) - Can't change it from terminal (adminright but no adminrights?)

Dear Communities,

I have a proxy in my settings. When I erase it and untick, at the moment that I close the window, the proxy is set up again.

I have tried to delete it from the terminal, I have checked if I had the admin rights ( that I have) and when I run

networksetup -setwebproxystate Wi-fi off

I got the message

** Error: Command requires admin privileges.

No idea what to do?????

I pasted the messages from my terminal thereafter.

And a copy of my terminal:

alexandredelode@mbpdealexandre ~ %

[Restored 23 Oct 2021 at 01:18:10]

Last login: Sat Oct 23 01:17:59 on console

Restored session: Sat Oct 23 01:01:48 EEST 2021

alexandredelode@mbpdealexandre ~ % echo "no_proxy"

no_proxy

alexandredelode@mbpdealexandre ~ % echo no_proxy

no_proxy

alexandredelode@mbpdealexandre ~ % su alexandre delode

Password:

su: Sorry

alexandredelode@mbpdealexandre ~ % su alexandredelode

Password:

alexandredelode@mbpdealexandre ~ % networksetup -getwebproxy "Wi-Fi"

Enabled: Yes

Server: 51.77.159.133

Port: 80

Authenticated Proxy Enabled: 0

alexandredelode@mbpdealexandre ~ % networksetup -setwebproxystate "Wi-fi" off

** Error: Command requires admin privileges.

alexandredelode@mbpdealexandre ~ % #!/bin/sh

zsh: event not found: /bin/sh

alexandredelode@mbpdealexandre ~ % bash

The default interactive shell is now zsh.

To update your account to use zsh, please run `chsh -s /bin/zsh`.

For more details, please visit https://support.apple.com/kb/HT208050.

bash-3.2$ #!/bin/sh

bash-3.2$ dscl . -read /Groups/admin GroupMembership

GroupMembership: root alexandredelode

bash-3.2$ networksetup -setwebproxystate Wi-fi off

** Error: Command requires admin privileges.

bash-3.2$ who am I

alexandredelode ttys000 Oct 23 01:18

bash-3.2$ dscl . read /groups/admin GroupMembership

GroupMembership: root alexandredelode

bash-3.2$ networksetup -setwebproxystate Wi-fi off

** Error: Command requires admin privileges.

bash-3.2$

MacBook Pro 13″, macOS 11.6

Posted on Oct 22, 2021 5:02 PM

Reply

Answer 1

Top-ranking reply

ProxyVirusO Author

Level 1

4 points

Oct 23, 2021 5:23 AM in response to Barney-15E

I ran EtreCheck and other antimalware software.

I managed to change my proxy :

I created a root account

dsenableroot

I logget out, logged in with the root account, and I was abled to change the parameters of my proxy.

I am still curious how it managed to get there first ( a malware creating a root account and then deleting it?).

Reply

Answer 2

Barney-15E

Level 10

116,302 points

Oct 23, 2021 5:49 AM in response to ProxyVirusO

I am still curious how it managed to get there first ( a malware creating a root account and then deleting it?).

It didn't create a "root" account at all.

Here is how you installed Adware:

How to install adware - Apple Community

And, this is a more thorough discussion across the broad spectrum:

Effective defenses against malware and ot… - Apple Community

Reply

Answer 3

ProxyVirusO Author

Level 1

4 points

Oct 22, 2021 5:54 PM in response to MrHoffman

I have done

netstat -rn |grep default

I got

default 192.168.10.254 UGScg en0

default fe80::%utun0 UGcIg utun0

default fe80::%utun1 UGcIg utun1

And when I try to connect to 192.168.10.254, I have

192.168.10.254 took too long to respond.

It is what I get with many websites, not all, that is why I have checked my proxy and found this bug (that smells virus).

Reply

Answer 4

Oct 22, 2021 6:26 PM in response to ProxyVirusO

Confirm the router settings for WPAD and DNS.

Why you’re issuing netstat commands is unclear ro me.

If you have an add-on VPN client app around, or add-on anti-malware or other security apps, remove it, and try again.

Reply

Answer 5

Oct 22, 2021 5:12 PM in response to ProxyVirusO

Check your network router, as proxies can be introduced from your DHCP server, a d from local DNS.

https://en.wikipedia.org/wiki/Web_Proxy_Auto-Discovery_Protocol

Reply

Answer 6

ProxyVirusO Author

Level 1

4 points

Oct 22, 2021 6:01 PM in response to ProxyVirusO

And the proxy is in a different country from mine.

Reply

Answer 7

ProxyVirusO Author

Level 1

4 points

Oct 22, 2021 6:09 PM in response to ProxyVirusO

I have managed to connect to the router from another computer with an ethernet cable, the router works well.

Reply

Answer 8

ProxyVirusO Author

Level 1

4 points

Oct 22, 2021 6:24 PM in response to ProxyVirusO

And in cmd ( it is windows 10), I run netsh winhttp show proxy

and i get

Current WinHTTP proxy settings:

Direct access (no proxy server).

So it does not seem to come from the router.

Reply

Answer 9

etresoft

Level 9

50,740 points

Oct 22, 2021 7:50 PM in response to ProxyVirusO

You will need to remove the malware first. Then you can delete the proxies.

Reply

Answer 10

Barney-15E

Level 10

116,302 points

Oct 23, 2021 4:50 AM in response to ProxyVirusO

You will need to remove the malware first. Then you can delete the proxies.

Etresoft provides great advice, and you should be able to remove it using his software, EtreCheck.

Reply

Answer 11

ProxyVirusO Author

Level 1

4 points

Oct 23, 2021 5:31 AM in response to ProxyVirusO

Thanks Barney-15E , etresoft and MrHoffman :-)

Reply

Answer 12

ProxyVirusO Author

Level 1

4 points

Oct 23, 2021 6:49 AM in response to Barney-15E

Thanks for the links.

Reply

Proxy Virus - Cant change Proxy from setting (automatically put again the proxy when I close the window) - Can't change it from terminal (adminright but no adminrights?)

Similar questions