Cannot remove rogue proxy server

Thanks. Just to give you the broader picture...

I've had three recurring problems in the last few weeks. My Mac would log out for no reason, and Keychain is so slow as to become unusable. I also noticed that my Macs (not iOS devices) were laggy at loading web pages on our LAN. They would thing linger for what felt like an eternity, then load. We have 200Mbps FTTP.

I run Nord VPN, Little Snitch and conscientiously avoid any Google services (hence my hesitation of using their DNS). I have no social media presence, I don't visit dodgy websites, and only I use this Mac. I ClamXav the HD once a week, and use Cookie to remove all Cookies each time the web browser quits, computer wakes from sleep or I log in.

Before EtreCheck threw up the proxy issue I had rebooted in safe mode, found nothing, so reinstalled the system software. No change.

I contacted NordVPN to see if they knew anything about the IP or port number; they didn’t. But I'm happy to try reinstalling if you think it has the slightest chance of remove this very worrying gremlin!

Part of urgency for this is I'm about to buy a new Mac, but dare not begin the migration processes (manually, not via Migration Assistant) until I have this issue cleared up.

Thanks for your interest and help. It’s 11.30pm my time so I‘ll attempt the VPN reinstall in the morning.

J.

Hi BD

First, thanks again for your helpful suggestions.

I'm afraid I've given up. I have too much work on right now to undertake the clean up, so as part of the deal on purchasing my new Mac Studio my local Apple dealer has agreed to undertake the work for me. They had a keen idea of what is going on, and what needs to be done. I'll still have to reinstall passwords, etc, but they’re doing the heavy lifting.

I'm spending the evening cleaning everything old or needed out if the infected Mac, will clone it and drop off the clone drive tomorrow.

Thanks again for your interest and support.

Jack

A quick update.

I took the clone and Time Machine drives to Western Computers, Cheltenham, UK. I showed the manager the Etrecheck report detailing the proxies and he said without hesitation ’Seen this loads of times. It’s because you’re running a VPN. It’s not malicious. Uninstall Nord and it won’t happen again.’ He was right (as indeed were you). I was so relieved I wanted to hug him. The threat of ransomware vanished and I left the store a happier, though considerably poorer, man.

Picking up my Mac Studio M2Max + Studio Display + peripherals tomorrow. Looking forward to installing my apps, etc. on the new machine, then clean installing Big Sur on the old iMac (though I'm not sure how well a late 2014 quad core i5 will handle it) from an external drive.

So – I hope – a happy ending.

Thanks. Fair enough, will do. If you’re interested, please see my other thread, which has wandered in to this topic.

Catalina logging out when idle for no rea… - Apple Community

I forgot!

With pleasure. Here are the major issues. Would the full report be useful?

Thanks, but why would switching to Google’s DNS help?

Cheers! If it all goes pear shaped you may be hearing from me again...

All best

J.