Can’t Access The Internet After Removing A Rogue?

The latest generation of Rogue Anti-Virus changes your internet connection settings, specifically the proxy settings.  On an infected PC all traffic is routed through a local proxy on your pc (which is malware based).  Currently these settings are usually:

The is your PC and the 5555 is an open port on your pc listening for instructions (and possibly capturing traffic).  Why do the rogues do this?  To intercept ALL internet activity initiated by you (no matter if you’re using IE, FireFox or Chrome).

Once you remove the rogue the proxy settings stay in place and that means you can’t get to the internet.  Fixing this is really easy.

  1. Open Internet Explorer
  2. Click Tools
  3. Internet Options
  4. Connections
  5. Click Lan Settings
  6. Uncheck the first proxy server setting
  7. Click OK twice.

You should be able to get on the internet with any browser now.

, , , , , , , , ,

18 Responses to Can’t Access The Internet After Removing A Rogue?

  1. Usman May 19, 2010 at 4:15 pm #

    Nice Info

  2. JimBob May 20, 2010 at 12:57 am #

    In my experiences, I’ve found that Firefox has always remained unaffected by this since it’s proxy settings are independent. Any proxy settings changed in IE don’t affect Firefox. Usually it’s IE and Chrome (since Chrome shares proxy settings with IE) that are targeted.

  3. Tweak May 20, 2010 at 1:59 am #

    I often find that Firefox is indeed affected as well, many times people look for an alternative and with FF they end up transferring over the settings via the FF wizard and end up with the same issue as well. What might be worth adding, not for the techs but for the non informed is this simply allows net access again but does not solve the problem at all, so when a friend or uncle or whomever says they have a solution realize it is only a small portion of the solution and someone more capable should properly repair the PC, plus we/they can offer advice to keep from experiencing the same problems repeatedly. If you live near Matt then just take it to him…how’s that for a plug? 😉

  4. TigerRaptorFX May 20, 2010 at 3:34 am #

    What is the name of this new rogue?

  5. NormanSecuritySuite! May 20, 2010 at 6:24 pm #

    Yeh, whats the name so were aware of it? Thanks for the info anyway Matt. xx

  6. 927 May 20, 2010 at 7:25 pm #

    _one of them_ is called antivirus live 2010, i saw this a lot 3-6 months ago

  7. deepvoicedave May 25, 2010 at 2:50 am #

    Thanks, worked like a champ!

  8. John June 6, 2010 at 12:31 am #

    Excellent information and accurate. Worked like a charm after I spent most of the day using Microsoft applications.

    Thank you so much.

  9. feder0v July 16, 2010 at 12:50 am #

    This worked like a DREAM!!

    I used mbam to remove antimalware on my laptop, then couldn’t access the internet… until I found this. Thanks so much.

  10. bob August 23, 2010 at 6:30 pm #

    WORKED!! Thank you so very, very much.. Been working on this for three (3) days and you solved it in just a few minutes. Thanks again.

    • malwarekilla August 25, 2010 at 5:05 pm #

      @Bob – Sure, my pleasure, glad it worked for ya.

  11. @TheGirlPie October 19, 2010 at 7:16 pm #

    Great help site, glad to find you, but after following these “uncheck proxy” steps (and every other solution I read over 3 days of searching), I still have the problem.

    In case anyone else is still plagued, here’s my sitch and I hope you pros can tell me where to dig deeper (I’m fairly savvy, just in the crapper on this one.)

    WinXP, (current w/SP3, super Tuesday updates, etc.)
    MS Security Essentials & Windows Firewall (all relevant programs are “allowed access” in settings)
    Wireless connection to cable router in next room works great —
    but I can only access net via IE8 (barf) and Safari (ugh) since my beloved Firefox and back-up Chrome stopped accessing the net last week (after updating FF.)
    Oddly, I can access Twitter, Facebook, etc. But so much of my work is loaded into FF, I’m crippled.

    Have uninstalled both FF & Chrome (revoUninstaller, deep into registry), and cleaned out left over McAffee crap from an uninstall months ago just in case old settings were dicking with me.
    Ran MalwareBytes but it would NOT update the rules! It wouldn’t access the net.
    So I ran PCMatic’s scan — again — would not acess the net. I sense a troubling theme.
    I DL & run SuperAntispyware — can’t access the net for updates but THANKFULLY they let me manually update — I run it, it finds the scvhost.exe torjan, gets rid of it — fine.

    Reboots galore, check all the settings, no proxy, good — and still: can’t update any virus software.
    Run a third deep scan with newly updated SuperAntispyware — clean — and still can’t access the net, still your solutions that work for everyone else won’t work for me 🙁

    Do you think using OPEN DNS has anything to do with it? It’s been working fine, but I’m really dying here… everyone gets results with your solution but me — waaaahhhh!

    Any ideas guys? Thanks in advance~


    So I

    • malwarekilla October 20, 2010 at 3:25 pm #

      @TheGirlPi – sounds like a classic case of a rootkit. Download, burn and then scan with the Dr. Web Live CD. Make sure you boot your computer from the CD you just burned.

  12. @TheGirlPie October 20, 2010 at 3:42 pm #

    Many thanks, hadn’t heard/thought of/discovered that possibility yet — off to try my hundredth solution~! I apprecaite the advice & instructions (and will report back in case it can help anyone else.)

    Big props,

  13. nyc May 14, 2011 at 12:27 am #


    this rocked
    am heading out of town on biz and was sweating bullets but within 30 mins I was up and running again

    you roick

  14. Ben July 18, 2011 at 11:24 pm #

    Hey, I had a virus obtained from the internet and now my browser is SUPER SLOW and my searches are redirected? Anybody have an idea what this is and how to remove it? I tried sweeping my computer with many differnt programs, still no luck.


  1. Antispyware Soft Rogue | - June 1, 2010

    […] If you can’t load any websites then follow these instructions […]

  2. Removing AntiVir Solution Pro Fake Anti-virus - August 4, 2010

    […] Now that you're inside safemode with networking we need to turn off the proxy server settings.  Refer to this article on how to turn off proxy server settings. […]

Leave a Reply