Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Saturday, December 13, 2014

Remove Proxy Settings Hijack Virus (Uninstall Guide)

Tell your friends:
If you've just found that you have a Trojan Horse installed on your computer that creates a proxy server and changes proxy settings to or, there is one thing that we can probably agree on and that is that you are desperate to remove it from your device as quickly as possible. It's a rather persistent infection that reverts back hijacked proxy server settings in case you want to remove a proxy server entirely or modify settings. In other words, it's a browser hijacker. Left unchecked, it can do real damage to your computer but there's no need to panic as we have an easy to follow step by step guide to removing proxy settings hijack virus. Read on and you should be able to return your computer to its normal, functioning self.

This proxy settings hijack Trojan comes bundled with other malware and adware. Even if a program doesn't look like it could modify Windows registry and install malicious files on your computer it doesn't mean it won't. I've seen numerous adware and potentially unwanted programs not just malware that create a proxy server and modify Windows registry so that it can not be removed using Control Panel and LAN settings. Remember, it's called a proxy settings hijack virus for a good reason. The good news is that most adware and PUPs uninstall proxy servers once you remove them from your computer. But if you get the feeling, or can see that there is still something not quite right with your computer, you may still have traces of the malware left. A large proportion of Trojan Horses leave components on your machine, even after deletion.

If your machine is still exhibiting problems and worrying proxy settings behavior however, you may want to scan your computer with anti-malware software and follow the steps in the removal guide below. Once your computer is clean, the next thing you'll want to do is to make sure you don't get re-infected. To lower the chances of this there are a few things that you need to do. First of all do not run .exe file extensions in Windows unless you're really sure they are safe. Do not open emails from unknown senders - and definitely don't click on links or open attachments in emails if you're not sure where they lead to or what they are. Finally install a good anti-malware program on your computer, run it manually on a regular basis and also ensure you have the latest version of it. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur,

Proxy Settings Hijack Removal Guide:

1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.

2. Restart your computer. Then hit the F8 key to place your computer in Safe Mode.

3. Open Windows registry editor and navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Internet Settings.

4. Look for Windows registry keys ProxyEnable and ProxyServer.

5. Now, you need to double-click ProxyEnable and change Value Data from 1 to 0. Click OK to save changes.

6. Last step, select ProxyServer and delete it. That's it! Restart your computer back to Normal Mode.


Anonymous said...

Have completed all these steps (multiple times) and it still keeps returning. Malwarebytes says I'm clean. Registry edits made as instructed. Restart and it's back. GO back into safe mode and into the registry and low an behold the changes to the registry have been "undone". This thing is friggin' persistent!

Anonymous said...

I'm just going down this rabbit hole myself. Happy friggin New Year! Has anyone figured out what to do to fix it yet?

Oligod said...

Me too. Winblows 8 on a laptop.

Anonymous said...

Same done it all reset laptop and its all back again

Anonymous said...

Spent hours trying to fix this problem. Great FIX!!!!! Thank you.

Anonymous said...

It came back for me so I went back in to safe mode and while there opened internet options (open ie, tools, internet options, connections tab, LAN settings, uncheck proxy server) you can only do it in safe mode. It's greyed out in regular mode. so do it after you do the regedit. plus you'll want to check the start up items. run: msconfig click startup tab disable unfamiliar startup items. this could be the virus. like a toolbar called shopathome you can do it in regedit too under currentversion/run/then deleted what is wierd

Anonymous said...

I have taken all the advice under this post, and carefully completed everything as instructed but still it keeps reverting back to having the proxy server box checked. What I have carefully notice is that it reverts as soon as any form of connection takes place. For example connecting to the network directly or trying to connect through a program. Any help on this would be appreciated I am at my wits end and my daughter needs the computer for UNI next week. Thanks in advance. Lea

Melquisedeque D Oliveira said...

Folks don't forget to uncheck the proxy on IE while you still on safe mode.

Anonymous said...

In my pc thereis proxy http 1.1 below proxy enabe and under that there is the value which is to be deleted.......I think that's why my page no longer says proxy server not responding butit does say "This page can't bedisplayed"........plz help!!!!

Stephen Head said...

Also go into msconfig startup and disable anything that shouldn't be there!

Anonymous said...

My problem was solved by going into the HKEY_LOCAL_MAchine instead of current user

Carol Thomson said...

I've had this problem too and nothing seems to get rid of it apart for a system restore to the last point you know your computer was clean. However having done this successfully yesterday and worked all morning on the internet the last thing Inoticed before I logged off was that it was back. The system restore does work but I guess you need to run a virus check immediately so that any trace of the virus has gone before you reconnect. Very annoying!!!

Bluesky 101 said...

Like many folks, I've been scouring the internet and have tried virtually every suggested solution only to be frustrated by this annoying Proxy Server hijacker. I also kept searching my Registry in the hopes of finding not just but rather anything in there that suggested it was installing

As it turns out the culprit wasn't in the registry but rather a program called ITViewer which I stumbled across in my Program Files (x86) folder. I couldn't recall installing this program and upon digging deeper realized that it was installed on the 1st of May which is about the time that this problem showed up.

I decided to uninstall it using Revo uninstaller and to my great surprise found that Revo didn't even see ITViewer. Long story short, I finally managed to delete everything associated with ITViewer and bingo bango, my proxy hijack problem is gone.

Hopefully this will prove helpful to some of you reading this. Cheers! :-}

Admin said...

Bluesky 101, thanks for sharing this!