cancel
Showing results for 
Search instead for 
Did you mean: 

My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

SOLVED
Highlighted
New User

My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

I had the cycbot trojan and have removed it. However my browser will not connect to the Internet unless I manually select no proxy in the connection settings. then on restart of firefox the settings change back to a manual proxy.

1 ACCEPTED SOLUTION

Accepted Solutions
Master

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

I think what you can do here is to go to about:config and then in the filter at the top, enter each of those entries one at a time, then right click them and choose Reset. This should restore their default values.

So network.proxy.http_port should revert to '0' when you do that instead of its current value of 64586.

41 REPLIES
Master

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

According to Symantec, it listens on TCP port 50730. See Backdoor.Cycbot

So the first thing to do is to block that port with your firewall if you haven't done so already.

Then click the Firefox button, go to Options | Options | Advanced and in the Network tab, click the Settings button. In there, checkmark the option called "Use system proxy settings". This affords you some degree of protection since Firefox connects to itself on localhost (port 127.0.0.1).

If you think prefs.js is corrupted, rename it to prefs.jsOLD and Firefox will create a new one the next time you restart.

New User

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

Hi, Thanks for the suggestions. I tried renaming the prefs.js file and when I started firefox I got the same result. I looked at the proxy settings and it still says 127.0.0.1 with an odd port number. Checking the new prefs it has created it still contains the wrong info so it must be pulling it from somewhere else.

This is what I cannot get rid of.

user_pref("network.cookie.prefsMigrated", true); user_pref("network.http.max-connections", 48); user_pref("network.http.max-connections-per-server", 16); user_pref("network.http.max-persistent-connections-per-proxy", 16); user_pref("network.http.max-persistent-connections-per-server", 8); user_pref("network.proxy.http", "127.0.0.1"); user_pref("network.proxy.http_port", 64586); user_pref("network.proxy.type", 1);

Incidently it has allowed me to create a new profile which if I choose that then the network is good. However I then do not have the other contents of my old profile like passwords and bookmarks.

Thoughts?

Master

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

If a new Profile fixes the problem, then you can move your data from the old one quite easily actually. See Use the Profile Manager to create and remove Firefox profiles

New User

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

that may well be the route I take thank you. However I am puzzled by the automatic writing of those network settings into the pref.js file. Where are they coming from?

Master

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

I think you still have this piece of malware on your system. See this report: http://www.threatexpert.com/report.aspx?md5=c5270e75e811141e97fa754bd1d534f7

The TCP port mentioned in your prefs.js file can be seen in there.

Have a look at the registry settings mentioned there.

Any files which won't 'delete' can be erased with this utility: http://www.heidi.ie/eraser/

New User

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

That is certainly what I had. Although I cannot find thosee files now since the AV cleared them away. The registry appears clean of that IP and Port after I just searched. All that keeps happening is the persistant re-entry of those settings back into the pref.js. it's the one in my default profile. I only had the one at the time. I created a new one and as I said thats clean. But I am still worried by the persistance of the settings. I know that they are not coming by magic... but from where?

I did just find that the profiles are under a roaming directory not sure if that is normal as I have never dived this deep into firefox.

Master

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

I think what you can do here is to go to about:config and then in the filter at the top, enter each of those entries one at a time, then right click them and choose Reset. This should restore their default values.

So network.proxy.http_port should revert to '0' when you do that instead of its current value of 64586.

Support Forum Moderator

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

Is there a user.js file in that old Profile? If so, open that user.js file see if those prefs are in there.

Unless you are using that user.js file for some other prefs, just delete it.

user.js is "read" after the prefs.js file abd the prefs in it are written to the prefs,js file.

New User

Re: My problem is a hijack of the proxy settings and I cannot remove it even by editing pref.js file. It just keeps restoring the use manual proxy settings.

I tried about:config and reset everything to default. Closed firefox and still no joy. I stillget connection denied proxy error. Then I looked at the user.js and there are no network settings in their to speak of. removing it made no difference.

Hmmm..