This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows 10 - Proxy set to http://ɴ.net/server.pac Can not change

Hi,

At my Windows 10, Proxy is set to http://ɴ.net/server.pac through a malware. I can not change it. I have deleted the entries in Windows registry but it comes back. Sophos home does not detect it.



This thread was automatically locked due to age.
Parents Reply Children
  • Problem resolved with help of information found at the following page: 

    https://answers.avira.com/ru/question/hxxp-netserverpc-54387

    The program that is launching nslookup AND creating the registry key is what appears to be a compromised/hijacked version of Install Shield at C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe. That also happens to be one of my Scheduled Tasks.


    I removed ISUSPM.exe & ISUSPM.ini from C:\Program Files (x86)\Common Files\InstallShield\updateservice\

    and I managed to trace an unusual task that was scheduled. The program:

    C:\Program Files (x86)\Common Files\InstallShield\updateservices\ISUSPM.exe ___  was being called at 18:00.

    I removed this task, and now my internet settings are not being overwritten.This program is not being picked up by any of the antivirus programs I've tried, or malware programs.

    Can I send the infected ISUSPM.exe file to SOPHOS to investigate?

  • Glad to hear you have resolved this.

    Please send those files to samples@sophos.com 

    Thanks.

  • Regardless of license, you can always submit samples to Sophos using this form:
    https://secure2.sophos.com/en-us/support/contact-support.aspx

    I often use it to submit zero day files that get caught in our email security gateway.

    -Gary