BrowserProxyWe had a system come in recently that had been heavily infected by the ZBot rootkit and a variety of Trojans. MS Security Essentials had cleaned some things off, but the system still had a lot of junk on it. The main problem, however, was the computer could not access the Internet. Many virus infections create proxy servers and then set Windows to route all web traffic through the virus proxy. When most anti-virus programs kill off a virus like this, they don’t clear the proxy setting. So you have no virus, but you also can’t access the Internet. This is understandable since messing with that proxy setting is dicey in a corporate environment where they get used heavily.

Easy enough – click Start -> Control Panel -> Internet Options -> Connections -> LAN Settings and uncheck the ‘Use proxy’ checkbox.

Still can’t access the Internet due to a Proxy error. What?

Go back to the Proxy setting and it’s checked. So I uncheck it and save. Open screen up? Still checked. I check for any rogue processes running that might be setting it as soon as I unset it. Nope. Now what?

Then I notice a yellow bar in Internet Options:

ProxySettingsThis user account had Admin rights, so that seemed strange. After some Google research, I came across some others who had the same issue and the techs at Bleeping Computer had given him some keys to remove – but none seemed to have any effect. Then I found this article dealing with the same problem:

With Internet Explorer 6.0 troubleshooting zones could be problematic if the administrator you are working with forgets to inform you that they have implemented “Security Zones: Use only machine settings” via GPO or a direct registry change.

Location: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
CurrentVersion\Internet Settings
Name: Security_HKLM_only
Type: REG_DWORD
Value: 1 <-Enabled 0 <-Disabled

By default the value is not present and thus is disabled by default. With Internet Explorer 7.0 the UI has been updated to reflect the presences of Security_HKLM_only and if the feature is ENABLED. The visual notification is a big win for IE7 troubleshooting. Note the yellow bar at the bottom of the dialog. “Some settings are managed by your system administrator”. This is your clue that you are dealing with Security_HKLM_only. The bonus is you can not make modifications to any of the zones, note the Custom level, Default level, and the Reset all zones to default level are grayed out.

Well, this computer I had was Windows 7 with IE 11, but I dove into the registry anyway. No luck. However, I did notice the following key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
CurrentVersion\Internet Settings -> ProxySettingsPerUser

And it was set to 0 (Disabled). I set it to 1 and the problem went away. The yellow warning bar disappeared and I could adjust the proxy setting and make it stick. Given how many viruses create proxy servers, I’m surprised I haven’t seen this before…

UPDATE: From the comments below – another trick that may work for some:

Vanessa – January 14th, 2015 at 3:45 am
I have the same issue but I did not have ProxySettingsPerUser in that location so I just created it and set it to 1……………….and it seems to have worked..cool thanks