Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Cannot remove rogue proxy server

Recently my late 2014 27-inch iMac running Catalina has been giving me problems: websites hanging or slow to load, irrationally me logging out of my user account, Keychain very unresponsive. EtreCheck threw up this:



This is definitely not something I've installed (at least, not knowingly). It's self propagating (i.e. every time I delete it, it returns). I want to get this off my Mac ASAP, but have little knowledge of Network settings. I have run ClamXav, but that throws up nothing.


Any ideas out there? <HELP!>

iMac

Posted on Aug 12, 2023 4:16 AM

Reply
15 replies

Aug 12, 2023 3:33 PM in response to BDAqua

Thanks. Just to give you the broader picture...


I've had three recurring problems in the last few weeks. My Mac would log out for no reason, and Keychain is so slow as to become unusable. I also noticed that my Macs (not iOS devices) were laggy at loading web pages on our LAN. They would thing linger for what felt like an eternity, then load. We have 200Mbps FTTP.


I run Nord VPN, Little Snitch and conscientiously avoid any Google services (hence my hesitation of using their DNS). I have no social media presence, I don't visit dodgy websites, and only I use this Mac. I ClamXav the HD once a week, and use Cookie to remove all Cookies each time the web browser quits, computer wakes from sleep or I log in.


Before EtreCheck threw up the proxy issue I had rebooted in safe mode, found nothing, so reinstalled the system software. No change.


I contacted NordVPN to see if they knew anything about the IP or port number; they didn’t. But I'm happy to try reinstalling if you think it has the slightest chance of remove this very worrying gremlin!


Part of urgency for this is I'm about to buy a new Mac, but dare not begin the migration processes (manually, not via Migration Assistant) until I have this issue cleared up.


Thanks for your interest and help. It’s 11.30pm my time so I‘ll attempt the VPN reinstall in the morning.


J.




Aug 14, 2023 10:55 AM in response to BDAqua

Hi BD


First, thanks again for your helpful suggestions.


I'm afraid I've given up. I have too much work on right now to undertake the clean up, so as part of the deal on purchasing my new Mac Studio my local Apple dealer has agreed to undertake the work for me. They had a keen idea of what is going on, and what needs to be done. I'll still have to reinstall passwords, etc, but they’re doing the heavy lifting.


I'm spending the evening cleaning everything old or needed out if the infected Mac, will clone it and drop off the clone drive tomorrow.


Thanks again for your interest and support.


Jack

Aug 20, 2023 6:14 AM in response to BDAqua

A quick update.


I took the clone and Time Machine drives to Western Computers, Cheltenham, UK. I showed the manager the Etrecheck report detailing the proxies and he said without hesitation ’Seen this loads of times. It’s because you’re running a VPN. It’s not malicious. Uninstall Nord and it won’t happen again.’ He was right (as indeed were you). I was so relieved I wanted to hug him. The threat of ransomware vanished and I left the store a happier, though considerably poorer, man.


Picking up my Mac Studio M2Max + Studio Display + peripherals tomorrow. Looking forward to installing my apps, etc. on the new machine, then clean installing Big Sur on the old iMac (though I'm not sure how well a late 2014 quad core i5 will handle it) from an external drive.


So – I hope – a happy ending.

Cannot remove rogue proxy server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.