8 Oct
We had a system come in recently that had been heavily infected by the ZBot rootkit and a variety of Trojans. MS Security Essentials had cleaned some things off, but the system still had a lot of junk on it. The main problem, however, was the computer could not access the Internet. Many virus infections create proxy servers and then set Windows to route all web traffic through the virus proxy. When most anti-virus programs kill off a virus like this, they don’t clear the proxy setting. So you have no virus, but you also can’t access the Internet. This is understandable since messing with that proxy setting is dicey in a corporate environment where they get used heavily.
Easy enough – click Start -> Control Panel -> Internet Options -> Connections -> LAN Settings and uncheck the ‘Use proxy’ checkbox.
Still can’t access the Internet due to a Proxy error. What?
Go back to the Proxy setting and it’s checked. So I uncheck it and save. Open screen up? Still checked. I check for any rogue processes running that might be setting it as soon as I unset it. Nope. Now what?