cancel
Showing results for 
Search instead for 
Did you mean: 

Hijacked network settings (proxy)

SOLVED
Highlighted
New Contributor

Hijacked network settings (proxy)

I am running windows 7, and using Firefox 4.0b7.

Somehow I got a hold of the "backdoor:win32/cycbot.b". I ran "Dr.Web CureIt!" and then "MalwareBytes". It was found and removed, but now, whenever I open Firefox, the connection setting defaults to using http proxy of 127.0.0.1, with a port setting of 55030.

I have to go in, delete the proxy and reset every time I launch Firefox. IE, once backdoor was removed, is opening just fine and retains its settings.

I also noticed in the file named prefs.js, the following lines appear and can not be removed. When I do remove them, they reappear as soon as I launch FF.

user_pref("network.http.max-persistent-connections-per-server", 4); user_pref("network.proxy.http", "127.0.0.1"); user_pref("network.proxy.http_port", 55030); user_pref("network.proxy.type", 1);

1 ACCEPTED SOLUTION

Accepted Solutions
Support Forum Moderator

Re: Hijacked network settings (proxy)

See if that happens with a new Profile - just test it, don't add anything to the new Profile.
http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows

5 REPLIES
Support Forum Moderator

Re: Hijacked network settings (proxy)

See if you have a user.js file in your Profile folder and if those prefs are there.

If so, delete those prefs from there.

New Contributor

Re: Hijacked network settings (proxy)

I do have a user.js file, but the contents are:

user_pref("network.http.max-persistent-connections-per-server", 4); user_pref("nglayout.initialpaint.delay", 600);

Also in the internet settings, each time FF is launched, defaults to: "Manual Proxy Configuration" HTTP Proxy: 127.0.0.1 Port: 55030

Support Forum Moderator

Re: Hijacked network settings (proxy)

See if that happens with a new Profile - just test it, don't add anything to the new Profile.
http://kb.mozillazine.org/Creating_a_new_Firefox_profile_on_Windows

New Contributor

Re: Hijacked network settings (proxy)

PERFECT!!!! Thanks, this worked. Now, if I can only figure out "why" it acted like that in the first place.

New Contributor

Re: Hijacked network settings (proxy)

. . . I looked for files modified at the time I thought a similar Malware acted on my PC.



Found 3 lines added to the:




C:/users/xxxxxmyprofile/appdata/roaming/mozilla/firefox/profiles/xxxxx.default/extensionsfoxmarks@kei.com/default/preferences/prefs.js



I removed them, and I saved the prefs.js file again. They were like: user_pref("network.proxy.http", "127.0.0.1"); user_pref("network.proxy.http_port", 58505); user_pref("network.proxy.type", 1); More or less.




My suggestions: Check all *.js files in firefox/ subfolders, plugins included (in my case, as you can see, it was in foxmarks subfolder).



Took me a while, finally solved.