We've seen an increase in virus removal calls, recently. Some, you can just remove and things are fine, but others leave behind some things to manually fix. A common effect is creating a proxy setting to manually reroute your web traffic through a malicious program or website to serve up ads, capture websites you visit, etc. Most of the time it's easy to fix by just disabling the proxy settings in internet options by going to Control Panel -> Internet Options -> Conections (tab) -> Lan Settings -> (uncheck) Use Proxy Settings.
Recently on appointments in both Escondido and Del Mar in San Diego, we've noticed a new trick that's made it a little more difficult to remove: You'll see a highlighted message at the bottom of Internet Properties stating, “Some settings are managed by your system administrator.” But, wait… this is a home computer, and the user is the system administrator.
Each time you try to change the proxy address, it changes back after restart or close. That's not nice!
Turns out, it's a setting for a corporate Group Policy that doesn't apply, but the virus author used a trick to keep the user from changing the settings back. With a little registry edit, you can undo these settings:
Open the Registry Editor by clicking start and typing, “regedit” and hitting enter. Choose: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoft WindowsCurrentVersionInternet Settings -> ProxySettingsPerUser
Change the value from 0 to 1, close the Registry Editor and restart. You're back in control!